improve http_get_bearssl example documentation
Add text explaining how to build the 'brssl' tool, how to use it and how to obtain the server certificate for an exiting https host.
This commit is contained in:
parent
59cb689a45
commit
8bec6e0e81
1 changed files with 14 additions and 1 deletions
|
@ -88,13 +88,26 @@ sock_write(void *ctx, const unsigned char *buf, size_t len)
|
||||||
* cert-root-ec.pem.
|
* cert-root-ec.pem.
|
||||||
*
|
*
|
||||||
* C code for hardcoded trust anchors can be generated with the "brssl"
|
* C code for hardcoded trust anchors can be generated with the "brssl"
|
||||||
* command-line tool (with the "ta" command).
|
* command-line tool (with the "ta" command). To build that tool run:
|
||||||
|
*
|
||||||
|
* $ cd /path/to/esp-open-rtos/extras/bearssl/BearSSL
|
||||||
|
* $ make build/brssl
|
||||||
*
|
*
|
||||||
* Below is the imported "Let's Encrypt" root certificate, as howsmyssl
|
* Below is the imported "Let's Encrypt" root certificate, as howsmyssl
|
||||||
* is depending on it:
|
* is depending on it:
|
||||||
*
|
*
|
||||||
* https://letsencrypt.org/certs/letsencryptauthorityx3.pem
|
* https://letsencrypt.org/certs/letsencryptauthorityx3.pem
|
||||||
*
|
*
|
||||||
|
* The generate the trust anchor code below, run:
|
||||||
|
*
|
||||||
|
* $ /path/to/esp-open-rtos/extras/bearssl/BearSSL/build/brssl \
|
||||||
|
* ta letsencryptauthorityx3.pem
|
||||||
|
*
|
||||||
|
* To get the server certificate for a given https host:
|
||||||
|
*
|
||||||
|
* $ openssl s_client -showcerts -servername www.howsmyssl.com \
|
||||||
|
* -connect www.howsmyssl.com:443 < /dev/null | \
|
||||||
|
* openssl x509 -outform pem > server.pem
|
||||||
*/
|
*/
|
||||||
|
|
||||||
static const unsigned char TA0_DN[] = {
|
static const unsigned char TA0_DN[] = {
|
||||||
|
|
Loading…
Reference in a new issue