ArduinoBearSSL
ArduinoBearSSL copied to clipboard
arduino-libraries
added trusted anchors creatting script
I was using src/BearSSLTrustAnchors.h as example for my Single Unity Bearssl https://github.com/OUIsolutions/BearSslSingle-Unit , but I think the certification its expired,you can check the usage in https://github.com/OUIsolutions/BearSslSingle-Unit/tree/main/micro_client. So I needed to make a way of autmatize these process, for these ,jus run: sh create_trustAnchors.sh and it will create the src/BearSSLTrustAnchors.h based on https://curl.se/docs/caextract.html file , located at https://curl.se/ca/cacert.pem
Memory usage change @ 135cc881529c3ccb5cf0f3352676266add0415d5
| Board | flash | % | RAM for global variables | % |
|---|---|---|---|---|
arduino:mbed_giga:giga |
0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
arduino:mbed_nano:nanorp2040connect |
0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
arduino:mbed_opta:opta |
0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
arduino:mbed_portenta:envie_m7 |
N/A | N/A | N/A | N/A |
arduino:megaavr:uno2018 |
0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
arduino:samd:mkr1000 |
:small_red_triangle: 0 - +61120 | 0.0 - +23.32 | 0 - 0 | 0.0 - 0.0 |
arduino:samd:mkrgsm1400 |
:small_red_triangle: 0 - +61120 | 0.0 - +23.32 | 0 - 0 | 0.0 - 0.0 |
arduino:samd:mkrnb1500 |
0 - 0 | 0.0 - 0.0 | 0 - 0 | 0.0 - 0.0 |
Click for full report table
| Board | examples/SHA1flash |
% | examples/SHA1RAM for global variables |
% | examples/SHA256flash |
% | examples/SHA256RAM for global variables |
% | examples/WiFiSSLClientflash |
% | examples/WiFiSSLClientRAM for global variables |
% | examples/MKRGSMSSLClientflash |
% | examples/MKRGSMSSLClientRAM for global variables |
% |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
arduino:mbed_giga:giga |
0 | 0.0 | 0 | 0.0 | 0 | 0.0 | 0 | 0.0 | ||||||||
arduino:mbed_nano:nanorp2040connect |
0 | 0.0 | 0 | 0.0 | 0 | 0.0 | 0 | 0.0 | ||||||||
arduino:mbed_opta:opta |
0 | 0.0 | 0 | 0.0 | 0 | 0.0 | 0 | 0.0 | ||||||||
arduino:mbed_portenta:envie_m7 |
N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A | ||||||||
arduino:megaavr:uno2018 |
0 | 0.0 | 0 | 0.0 | 0 | 0.0 | 0 | 0.0 | ||||||||
arduino:samd:mkr1000 |
0 | 0.0 | 0 | 0.0 | 0 | 0.0 | 0 | 0.0 | 61120 | 23.32 | 0 | 0.0 | ||||
arduino:samd:mkrgsm1400 |
0 | 0.0 | 0 | 0.0 | 0 | 0.0 | 0 | 0.0 | 61120 | 23.32 | 0 | 0.0 | ||||
arduino:samd:mkrnb1500 |
0 | 0.0 | 0 | 0.0 | 0 | 0.0 | 0 | 0.0 |
Click for full report CSV
Board,examples/SHA1<br>flash,%,examples/SHA1<br>RAM for global variables,%,examples/SHA256<br>flash,%,examples/SHA256<br>RAM for global variables,%,examples/WiFiSSLClient<br>flash,%,examples/WiFiSSLClient<br>RAM for global variables,%,examples/MKRGSMSSLClient<br>flash,%,examples/MKRGSMSSLClient<br>RAM for global variables,%
arduino:mbed_giga:giga,0,0.0,0,0.0,0,0.0,0,0.0
arduino:mbed_nano:nanorp2040connect,0,0.0,0,0.0,0,0.0,0,0.0
arduino:mbed_opta:opta,0,0.0,0,0.0,0,0.0,0,0.0
arduino:mbed_portenta:envie_m7,N/A,N/A,N/A,N/A,N/A,N/A,N/A,N/A
arduino:megaavr:uno2018,0,0.0,0,0.0,0,0.0,0,0.0
arduino:samd:mkr1000,0,0.0,0,0.0,0,0.0,0,0.0,61120,23.32,0,0.0
arduino:samd:mkrgsm1400,0,0.0,0,0.0,0,0.0,0,0.0,,,,,61120,23.32,0,0.0
arduino:samd:mkrnb1500,0,0.0,0,0.0,0,0.0,0,0.0,,,,,,,,
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I think that certificate updates should not be accepted via pull request, but rather via github actions, an automation that periodically creates PRs with new certificates, so we have the provenance of where the trusted origin is.
I think in this case, the authors can simply accept my commit, including deleting BearSSLTrustAnchors.h if they want, and regenerating it with: sh create_trustAnchors.sh , since it regenerates all the certificates (and can be automated with githb actions)