Skip to content

Update TLS certificates and use new certificates submodule #8374

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 7, 2023
Merged

Update TLS certificates and use new certificates submodule #8374

merged 2 commits into from
Sep 7, 2023

Conversation

dhalbert
Copy link
Collaborator

@dhalbert dhalbert commented Sep 6, 2023

Use the new repo https://github.com/adafruit/certificates as a submodule instead of https://github.com/adafruit/nina-fw. This new repo provides a revised roots.pem that fixes the problems introduced in 8.2.2 when the nina-fw cert bundle was updated.

  • The new cert repo has a manual test for a large number of URLs, as does https://github.com/arduino/nina-fw. The URL list includes a number of URLs used by Adafruit code, including from the Learn Guide repo.
  • https://github.com is now accessible. The "Basic Internet Test" in many guides now works. Tested on Pico W and MatrixPortal S3.
  • The NASA site test code in updating cert nina-fw#41 also works.
  • The new roots.pem includes roots from Entrust and GoDaddy that were not there before Several sites needed these. But the new file is for some reason about 800 bytes smaller than the older nina-fw one: perhaps some obsolete certs are now gone.

@dhalbert dhalbert changed the base branch from main to 8.2.x September 6, 2023 20:53
@dhalbert dhalbert force-pushed the new-certificates-submodule branch from 688ae2a to 58a2132 Compare September 6, 2023 23:37
@RetiredWizard
Copy link

RetiredWizard commented Sep 7, 2023
edited
Loading

I loaded this up on an ESP32-S3-devkit-n8r8 and it worked great. It seemed like the WiFi connection was faster and more reliable than I normally see. I'm not sure if that's a possible benefit of this PR or if I just had a really good session for some reason.

@dhalbert dhalbert requested review from tannewt and jepler September 7, 2023 03:03
@dhalbert dhalbert added this to the 8.2.x milestone Sep 7, 2023
jepler
jepler approved these changes Sep 7, 2023
View reviewed changes
Copy link

@jepler jepler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Motivation is clear, execution seems fine but didn't test.

@dhalbert dhalbert merged commit 4dd45b6 into adafruit:8.2.x Sep 7, 2023
@dhalbert dhalbert deleted the new-certificates-submodule branch September 7, 2023 14:19
@dhalbert
Copy link
Collaborator Author

dhalbert commented Sep 7, 2023

It seemed like the WiFi connection was faster and more reliable than I normally see. I'm not sure if that's a possible benefit of this PR or if I just had a really good session for some reason.

It's just cert updates, and there are no previous PR's that should improve things. But glad it worked -- thanks for testing!

@dhalbert dhalbert mentioned this pull request Sep 11, 2023
Merged
@dhalbert dhalbert mentioned this pull request Dec 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jepler jepler jepler approved these changes

@tannewt tannewt Awaiting requested review from tannewt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
8.2.x
Development

Successfully merging this pull request may close these issues.

SSL error with 8.2.2 or later when talking to github
3 participants
@dhalbert @RetiredWizard @jepler