Hi Ilias,
On 2/28/25 22:24, Ilias Apalodimas wrote:
> Hi Jerome
>
>>
>> +config WGET_CACERT
>> + bool "wget cacert"
>> + depends on CMD_WGET
>> + depends on WGET_HTTPS
>> + help
>> + Adds the "cacert" sub-command to wget to provide root certificates
>> + to the HTTPS engine.
>> +
>> +config MBEDTLS_LIB_X509_PEM
>> + depends on WGET_CACERT
>> + bool "Support for PEM-encoded X509 certificates"
>> + help
>> + This option enables MbedTLS to parse PEM-encoded X509 certificates.
>> + When disabled, only DER format is accepted.
>> +
>> endif # if CMD_NET
>
> I guess that's needed because most of the RootCAs you can download are in PEM?
Yes, but thinking about it I'll just drop the PEM support for now as it makes
things a bit more complex (the `\0` issue) for no good reason.
>
> [...]
>
>> }
>>
>> +#if defined CONFIG_WGET_HTTPS
>
> you can do #if IS_ENABLED() here
Better yet: #if CONFIG_IS_ENABLED(WGET_HTTPS) I suppose.
>> +static char *cacert;
>> +size_t cacert_size;
>> +#endif
>> +
>> +#if defined CONFIG_WGET_CACERT
>> +static int set_cacert(char * const saddr, char * const ssz)
>> +{
>> + mbedtls_x509_crt crt;
>> + ulong addr, sz;
>> + int ret;
>> +
>> + if (cacert)
>> + free(cacert);
>> +
>> + addr = hextoul(saddr, NULL);
>> + sz = hextoul(ssz, NULL);
>> + sz++; /* For the trailing '\0' in case of a text (PEM) file */
>> +
>> + if (!addr) {
>> + cacert = NULL;
>
> cacert is already allocated. Can't we just free it here if it's
> supposed to be removed and reuse the memory otherwise, instead of
> doing free/alloc on every command?
The size of the certificates may change so it's easier to free/malloc
every time.
Thanks,
--
Jerome
