[Ovmsdev] mongoose-wolfssl

Michael Balzer dexter at expeedo.de
Sun Mar 21 21:31:54 HKT 2021 

Am 20.03.21 um 21:53 schrieb Stephen Casner:
> On Sat, 20 Mar 2021, Craig Leres wrote:
>> On 3/20/21 9:09 AM, Michael Balzer wrote:
>>> Assuming no objections from other developers, I would first merge
>>> mongoose-wolfssl into master, then master into for-v3.3.
>> As a developer I'd like to be the first to say, "yes, please."
> Motion and second is good enough for me.
>
> I have completed the following merge steps:
>
>    - merge from mongoose-wolfssl branch to master branch in the
>      mongoose submodule
>
>    - cherry-pick from mongoose-wolfssl branch to master branch in the
>      main ovms tree
>
>    - merge from master branch to for-v3.3 branch in the main ovms tree
>
> Build and run of the master branch works for me with TLS server v2
> connection and ssh connection, so I hope that is a sufficient merge
> validation test.

It seems you actually cherry-picked all commits? If so, a standard merge 
would have had the same effect (except tree-wise).

Cherry-picking is useful if you want to port some selected patch(es) 
from a branch to another. If you take the whole branch, that's the 
classic merge.

>> And a question: Does this bring us closer to being able to use https with the
>> gui? Even a self generated, self signed cert would allow an encrypted session
>> and protection of credentials. And I can imagine adding code to implement the
>> Let's Encrypt DNS-01 challenge type.
> The next step is to see what linkages to MBEDTLS remain.  I think
> https may be part of that.
>
>                                                          -- Steve

I know of no public CA that allows private hosts or IP addresses in a 
certificate, and I always thought it's impossible to support the LE DNS 
challenge on an mDNS service, but would love to learn otherwise in both 
cases.

However, supporting https/wss on the module's webserver has been 
possible since we enabled SSL in mongoose.

I have now added that as a standard feature and included an info on how 
to create a cert + key in the webserver configuration.

Regards,
Michael

-- 
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20210321/160c09d3/attachment.sig>

More information about the OvmsDev mailing list