brentru
commented
3 years ago This is implemented in the examples instead since the library is not Adafruit IO specific.
Closed patrickmoffitt closed 3 years ago
brentru
commented
3 years ago This is implemented in the examples instead since the library is not Adafruit IO specific.
The proposed change to Adafruit_MQTT_Client.h adds the DigiCert Global Root G2 CA Certificate required to validate the io.adafruit.com TLS certificate. This is the CA Cert itself and the length of that cert. These data are required by WiFiClientSecure.verifyCertChain(). I know of no platform limitations.
The proposed change to ./examples/adafruitio_secure_esp8266/adafruitio_secure_esp8266.ino serves as both a test that CA Cert validation works with the data added to Adafruit_MQTT_Client.h an as an implementation example for library users and students. The scope of changes in this file include:
Setting the System Time. This includes defining two macros; GMT_OFFSET and DST_OFFSET_SECS. Both are required inputs to Arduino.configTime(). Calling this function sets the time. CA Cert validation can not work without setting an accurate system time.
Adding a new function verifyCaCert() to implement CA Cert validation. This function loads the CA Cert and attempts validation of the host cert. Warnings are issued if the cert fails to load or if validation fails. Validation failure is a fatal error and results in WDT being triggered just as with a failure in verifyFingerprint().
These changes should not present a problem for any current users.