Am 20.03.21 um 21:53 schrieb Stephen Casner:
On Sat, 20 Mar 2021, Craig Leres wrote:
On 3/20/21 9:09 AM, Michael Balzer wrote:
Assuming no objections from other developers, I would first merge mongoose-wolfssl into master, then master into for-v3.3. As a developer I'd like to be the first to say, "yes, please." Motion and second is good enough for me.
I have completed the following merge steps:
- merge from mongoose-wolfssl branch to master branch in the mongoose submodule
- cherry-pick from mongoose-wolfssl branch to master branch in the main ovms tree
- merge from master branch to for-v3.3 branch in the main ovms tree
Build and run of the master branch works for me with TLS server v2 connection and ssh connection, so I hope that is a sufficient merge validation test.
It seems you actually cherry-picked all commits? If so, a standard merge would have had the same effect (except tree-wise). Cherry-picking is useful if you want to port some selected patch(es) from a branch to another. If you take the whole branch, that's the classic merge.
And a question: Does this bring us closer to being able to use https with the gui? Even a self generated, self signed cert would allow an encrypted session and protection of credentials. And I can imagine adding code to implement the Let's Encrypt DNS-01 challenge type. The next step is to see what linkages to MBEDTLS remain. I think https may be part of that.
-- Steve
I know of no public CA that allows private hosts or IP addresses in a certificate, and I always thought it's impossible to support the LE DNS challenge on an mDNS service, but would love to learn otherwise in both cases. However, supporting https/wss on the module's webserver has been possible since we enabled SSL in mongoose. I have now added that as a standard feature and included an info on how to create a cert + key in the webserver configuration. Regards, Michael -- Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal Fon 02333 / 833 5735 * Handy 0176 / 206 989 26