[Ovmsdev] SSL Support

Mark Webb-Johnson mark at webb-johnson.net
Mon Feb 10 11:24:44 HKT 2020

Given that we use the mongoose library for most of our stuff, adding SSL support should not be hard. This would finally bring strong encryption and server side authentication. Given the number of attacks now on IoT devices that would not be a bad thing.

I think what we need is:

A set of helper functions to make it easier for components to use SSL. Build on top of mongoose.

A way to manage a list of trusted Certificate Authorities, including adding to the trusted list via:
Components providing Certificate Authorities in firmware.
Certificate Authorities in configuration.

Extensions to ovms_server_v2 to support an SSL connection option.

Extensions to ovms_server_v3 to support an SSL connection option.

Extensions to the Ovms Server v2 code to support an SSL connection listener.

Extensions to the iOS App to support an SSL connection option.

Extensions to the Android App to support an SSL connection option.

Migration of any components already supporting SSL to this new standardised approach.

Then we can open up the discussion of the whole thing of passwords. We have far too many of these at the moment (user account+password, vehicle ID, server password, module password, hologram account+password, etc). Once we have an encrypted connection, we don’t need to use the password for encryption, but merely for authentication. That simplifies things, as we can perhaps just use the user account+password for most things (giving access to all vehicles registered under that user account - in a similar way to MQTT does it already for ovms_server_v3).

I will take on the majority of this project. I can do #1, #2, #3, #4, #5, and #6).

If anyone has any feedback on requirements, please let me know.

Regards, Mark.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20200210/4a1964a9/attachment-0001.html>

More information about the OvmsDev mailing list