docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon tasmota

Suggest changes to Self-signed-Mosquitto.md

Open aweatherguy opened this issue 3 years ago • 0 comments

By way of introduction, I'm proposing what may be a lot of changes here. This is sort of a shotgun approach, as I'm not sure what you might or might not be interested in. So, give these changes a look and don't be afraid to take your shots -- I won't be offended. Keep anything you like and throw away the rest.

There are three main goals in proposing these changes:

  1. To enhance the information already there, and make some steps easier.

After going through the process of making a self-signed configuration, I kept some notes about where I had trouble and have updated this document to cover those points.

  1. Add instructions specific to performing these tasks on Windows.

In the Windows environment, there were several steps I found difficult or impossible to accomplish in native Windows, even though some of the tools seem to be setup to support that. In the end, I resorted to doing most of the work in Cygwin and have added some ideas along those lines to the document. Other comments about differences between Linux and Windows are also added.

  1. Suggest a method for embedding the root certificate that does not require modification of files in the distribution, including changes to tasmota_ca.ino.

Embedding a local root certificate in the firmware requires modifying one of the distribution files (tasmota_ca.ino). Source updates will either delete those changes, or manual merging in git will be required, and this is less than optimal.

I am suggesting some changes to the tasmota_ca.ino file which will conditionally include two header files containing definitions and data for the root certificate. The default would be NOT to include these headers, and folks would have to define a macro in their user_config_override.h file to enable that.

Additionally, the process of creating the two header files is automated with simple sed scripts as shown in the changes to this document. This produces output in the correct format, and no additional manual editing is required.

I have an updated copy of tasmota_ca.ino ready to go, but am not sure how to coordinated that change request, as the source is in a different repository. I have not made that change request yet. Suggestions?

This document uses the technique of using Linux cat to generate files such as scripts. That's a technique for distributing code without having a package distributed. Is there any desire to have a separate package of tools to help with this task? Would the maintenance efforts be too much? Thoughts?

And, oh yeah, thanks to all who have contributed before me. I really do appreciate all the effort.

aweatherguy avatar Apr 07 '22 17:04 aweatherguy