Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

certificate and public keys automatic updater #8218

Merged
merged 11 commits into from
Jul 17, 2021
Merged

certificate and public keys automatic updater #8218

merged 11 commits into from
Jul 17, 2021

Conversation

d-a-v
Copy link
Collaborator

@d-a-v d-a-v commented Jul 16, 2021

Release process is updated to use a new python script (tools/cert.py via tools/certsUpdater) which updates certificates, public keys and fingerprints used in examples.

@d-a-v
Copy link
Collaborator Author

d-a-v commented Jul 16, 2021
edited
Loading

It should pass but it doesn't (edited)

The server certificate can be completely ignored and its public key
hardcoded in your application. This should be secure as the public key
needs to be paired with the private key of the site, which is obviously
private and not shared.  A MITM without the private key would not be
able to establish communications.
Trying: api.github.com:443...[hostByName] request IP for: api.github.com
[hostByName] Host: api.github.com IP: 140.82.114.5
BSSL:_connectSSL: start connection
BSSL:_wait_for_handshake: failed
BSSL:Couldn't connect. Error = 'Invalid signature in ServerKeyExchange or CertificateVerify message.'
*** Can't connect. ***

Should the host test fail when this happens ?

@d-a-v d-a-v added this to the 3.0.2 milestone Jul 17, 2021
earlephilhower
earlephilhower approved these changes Jul 17, 2021
View reviewed changes
Copy link
Collaborator

@earlephilhower earlephilhower left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and solves a constant niggle with the releases and stale certs.

@earlephilhower earlephilhower merged commit 69f8cd6 into esp8266:master Jul 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@earlephilhower earlephilhower earlephilhower approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0.2
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@d-a-v @earlephilhower