|
2 | 2 | // |
3 | 3 | // Before running, you must download the set of certs using |
4 | 4 | // the script "certs-from-mozilla.py" (no parameters) |
5 | | -// and then uploading the generated data directory to |
6 | | -// SPIFFS. |
| 5 | +// and then uploading the generated .AR file to SPIFFS or SD. |
| 6 | +// |
| 7 | +// You do not need to generate the ".IDX" file listed below, |
| 8 | +// it is generated automatically when the CertStore object |
| 9 | +// is created and written to SD or SPIFFS by the ESP8266. |
7 | 10 | // |
8 | 11 | // Why would you need a CertStore? |
9 | 12 | // |
|
19 | 22 | // 10s or 100s of CAs against which you can check the |
20 | 23 | // target's X.509, without taking any more RAM than a single |
21 | 24 | // certificate. This is the same way that standard browsers |
22 | | -// and operating systems use to verify SSL connections. |
| 25 | +// and operating systems verify SSL connections. |
23 | 26 | // |
24 | 27 | // About the chosen certs: |
25 | 28 | // The certificates are scraped from the Mozilla.org current |
@@ -82,8 +85,8 @@ class SDCertStoreFile : public BearSSL::CertStoreFile { |
82 | 85 | const char *_name; |
83 | 86 | }; |
84 | 87 |
|
85 | | -SDCertStoreFile certs_idx("/certs.idx"); |
86 | | -SDCertStoreFile certs_ar("/certs.ar"); |
| 88 | +SDCertStoreFile certs_idx("/certs.idx"); // Generated by the ESP8266 |
| 89 | +SDCertStoreFile certs_ar("/certs.ar"); // Uploaded by the user |
87 | 90 |
|
88 | 91 | #else |
89 | 92 |
|
@@ -118,8 +121,9 @@ class SPIFFSCertStoreFile : public BearSSL::CertStoreFile { |
118 | 121 | const char *_name; |
119 | 122 | }; |
120 | 123 |
|
121 | | -SPIFFSCertStoreFile certs_idx("/certs.idx"); |
122 | | -SPIFFSCertStoreFile certs_ar("/certs.ar"); |
| 124 | +SPIFFSCertStoreFile certs_idx("/certs.idx"); // Generated by the ESP8266 |
| 125 | +SPIFFSCertStoreFile certs_ar("/certs.ar"); // Uploaded by the user |
| 126 | + |
123 | 127 | #endif |
124 | 128 |
|
125 | 129 | // Set time via NTP, as required for x.509 validation |
|
0 commit comments