summaryrefslogtreecommitdiffstats
path: root/recipes-connectivity/kuksa-val/kuksa-certificates-agl
AgeCommit message (Collapse)AuthorFilesLines
2023-07-31Update certificates to include localhost and 127.0.0.1Jan-Simon Moeller6-131/+177
This updates the certificates to have subjectAltName defined as subjectAltName=DNS:$1,DNS:localhost,IP:127.0.0.1 It allows clients from the localhost to connect. We're debating if we need the IP:127.0.0.1 going forward, so this might change in the future. Bug-AGL: SPEC-4868 Change-Id: Ic6bbf5fd55b9f6a14a84512ae8748b3f48dbc3c1 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2023-04-27kuksa-certificates-agl: Update certificatesScott Murray4-94/+94
Update the server and client certificates with ones with a 2 year validity period, per the discussion on last week's developer call. Bug-AGL: SPEC-4763 Change-Id: Ib326631243cd267cc6542fdfc769cc5a3d6b67fe Signed-off-by: Scott Murray <scott.murray@konsulko.com>
2023-04-27kuksa-val: Rework to support updated SSL certificatesScott Murray5-0/+137
Changes: - Tweak the kuksa-val recipe to remove installing a newer server certificate (since it will be done elsewhere), and to split the certificates up into finer grained packages to ease installing them piecemeal and replacing them with other packages. - Remove the unused genCerts.sh certificate script patch form the kuksa-val recipe, an updated patch will be added in the near future. - Added a patch in the kuksa-viss-client recipe that enables the library to use certificates installed in /etc/kuksa-certificates or /etc/kuksa-val instead of the default ones that are shipped. - Add kuksa-certificates-agl recipe that installs AGL specific CA, server, and client certificates plus the required server and client keys to act as a replacement for the default ones shipped with KUKSA.val. The kuksa-certificates-agl name is used to avoid needing a rename with a future switch to kuksa-databroker. Note that the RPROVIDES variable is used for the various certificate packages to make them installable alternatives to the kuksa-val-certificates-* ones. The certificates installed are valid for 1 year and have AGL as the providing organization, longer validity ones will be added in follow up commits for Octopus and Pike. - Update the existing users of kuksa-val-*-certificates with the new kuksa-val-certificates-* package names. - Add PREFERRED_RPROVIDER definitions for the kuksa-val-certificates-* packages to quiet the BitBake warnings coming from having multiple providers. Bug-AGL: SPEC-4763 Change-Id: Ic6f1ca8b54f637674cd5ae42df0bed6ca4e729aa Signed-off-by: Scott Murray <scott.murray@konsulko.com>