Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: lib: tls_credentials: Rename TLS_CREDENTIAL_SERVER_CERTIFICATE #87341

Merged
merged 1 commit into from
Mar 21, 2025
Merged

net: lib: tls_credentials: Rename TLS_CREDENTIAL_SERVER_CERTIFICATE #87341

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion doc/connectivity/networking/api/sockets.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ socket options.
The following TLS credential types can be registered in the system:

- ``TLS_CREDENTIAL_CA_CERTIFICATE``
- ``TLS_CREDENTIAL_SERVER_CERTIFICATE``
- ``TLS_CREDENTIAL_PUBLIC_CERTIFICATE``
- ``TLS_CREDENTIAL_PRIVATE_KEY``
- ``TLS_CREDENTIAL_PSK``
- ``TLS_CREDENTIAL_PSK_ID``
Expand Down
4 changes: 4 additions & 0 deletions doc/releases/migration-guide-4.2.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,10 @@ Networking
(because the addr is not a pointer) and must be changed to ``if (lladdr->len == 0)``
if the code wants to check that the link address is not set.

* TLS credential type ``TLS_CREDENTIAL_SERVER_CERTIFICATE`` was renamed to
more generic :c:enumerator:`TLS_CREDENTIAL_PUBLIC_CERTIFICATE` to better
reflect the purpose of this credential type.

SPI
===

Expand Down
3 changes: 3 additions & 0 deletions doc/releases/release-notes-4.2.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@ Deprecated APIs and options
renamed and deprecated. Use :kconfig:option:`CONFIG_SCHED_SIMPLE` and
:kconfig:option:`CONFIG_WAITQ_SIMPLE` instead.

* TLS credential type ``TLS_CREDENTIAL_SERVER_CERTIFICATE`` was renamed and
deprecated, use :c:enumerator:`TLS_CREDENTIAL_PUBLIC_CERTIFICATE` instead.

===========================

* ``arduino_uno_r4_minima`` and ``arduino_uno_r4_wifi`` board targets have been deprecated in favor
Expand Down
2 changes: 1 addition & 1 deletion drivers/wifi/eswifi/eswifi_socket_offload.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ static int map_credentials(int sd, const void *optval, socklen_t optlen)
case TLS_CREDENTIAL_CA_CERTIFICATE:
id = 0;
break;
case TLS_CREDENTIAL_SERVER_CERTIFICATE:
case TLS_CREDENTIAL_PUBLIC_CERTIFICATE:
id = 1;
break;
case TLS_CREDENTIAL_PRIVATE_KEY:
Expand Down
2 changes: 1 addition & 1 deletion drivers/wifi/simplelink/simplelink_sockets.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -674,7 +674,7 @@ static int map_credentials(int sd, const void *optval, socklen_t optlen)
case TLS_CREDENTIAL_CA_CERTIFICATE:
opt = SL_SO_SECURE_FILES_CA_FILE_NAME;
break;
case TLS_CREDENTIAL_SERVER_CERTIFICATE:
case TLS_CREDENTIAL_PUBLIC_CERTIFICATE:
opt = SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME;
break;
case TLS_CREDENTIAL_PRIVATE_KEY:
Expand Down
10 changes: 7 additions & 3 deletions include/zephyr/net/tls_credentials.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,15 @@ enum tls_credential_type {
*/
TLS_CREDENTIAL_CA_CERTIFICATE,

/** A public server certificate. Use this to register your own server
/** A public client or server certificate. Use this to register your own
* certificate. Should be registered together with a corresponding
* private key. Used with certificate-based ciphersuites.
*/
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PUBLIC_CERTIFICATE,

/** @deprecated Use TLS_CREDENTIAL_PUBLIC_CERTIFICATE instead.
*/
TLS_CREDENTIAL_SERVER_CERTIFICATE = TLS_CREDENTIAL_PUBLIC_CERTIFICATE,

/** Private key. Should be registered together with a corresponding
* public certificate. Used with certificate-based ciphersuites.
Expand All @@ -64,7 +68,7 @@ enum tls_credential_type {
* in the system.
*
* @note Some TLS credentials come in pairs:
* - TLS_CREDENTIAL_SERVER_CERTIFICATE with TLS_CREDENTIAL_PRIVATE_KEY,
* - TLS_CREDENTIAL_PUBLIC_CERTIFICATE with TLS_CREDENTIAL_PRIVATE_KEY,
* - TLS_CREDENTIAL_PSK with TLS_CREDENTIAL_PSK_ID.
* Such pairs of credentials must be assigned the same secure tag to be
* correctly handled in the system.
Expand Down
2 changes: 1 addition & 1 deletion modules/thrift/src/thrift/transport/TSSLSocket.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -450,7 +450,7 @@ void TSSLSocketFactory::loadCertificateFromBuffer(const char *aCertificate, cons

if (strcmp(format, "PEM") == 0) {
const int status = tls_credential_add(Thrift_TLS_SERVER_CERT_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
aCertificate, strlen(aCertificate) + 1);

if (status != 0) {
Expand Down
2 changes: 1 addition & 1 deletion samples/net/prometheus/src/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ static void setup_tls(void)
}
#endif /* defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC) */

err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG, TLS_CREDENTIAL_SERVER_CERTIFICATE,
err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG, TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
server_certificate, sizeof(server_certificate));
if (err < 0) {
LOG_ERR("Failed to register public certificate: %d", err);
Expand Down
2 changes: 1 addition & 1 deletion samples/net/sockets/dumb_http_server_mt/src/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -413,7 +413,7 @@ int main(void)
{
#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
int err = tls_credential_add(SERVER_CERTIFICATE_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
server_certificate,
sizeof(server_certificate));
if (err < 0) {
Expand Down
2 changes: 1 addition & 1 deletion samples/net/sockets/echo_server/src/echo-server.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ static void init_app(void)
#endif /* defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC) */

err = tls_credential_add(SERVER_CERTIFICATE_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
server_certificate,
sizeof(server_certificate));
if (err < 0) {
Expand Down
2 changes: 1 addition & 1 deletion samples/net/sockets/http_server/src/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,7 @@ static void setup_tls(void)
int err;

err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
server_certificate,
sizeof(server_certificate));
if (err < 0) {
Expand Down
2 changes: 1 addition & 1 deletion samples/subsys/mgmt/updatehub/src/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ int main(void)

#if defined(CONFIG_UPDATEHUB_DTLS)
if (tls_credential_add(CA_CERTIFICATE_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
server_certificate,
sizeof(server_certificate)) < 0) {
LOG_ERR("Failed to register server certificate");
Expand Down
4 changes: 2 additions & 2 deletions subsys/net/lib/lwm2m/lwm2m_engine.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -922,7 +922,7 @@ static void delete_tls_credentials(sec_tag_t tag)
{
tls_credential_delete(tag, TLS_CREDENTIAL_PSK_ID);
tls_credential_delete(tag, TLS_CREDENTIAL_PSK);
tls_credential_delete(tag, TLS_CREDENTIAL_SERVER_CERTIFICATE);
tls_credential_delete(tag, TLS_CREDENTIAL_PUBLIC_CERTIFICATE);
tls_credential_delete(tag, TLS_CREDENTIAL_PRIVATE_KEY);
tls_credential_delete(tag, TLS_CREDENTIAL_CA_CERTIFICATE);
}
Expand Down Expand Up @@ -1003,7 +1003,7 @@ static int lwm2m_load_x509_credentials(struct lwm2m_ctx *ctx)

delete_tls_credentials(ctx->tls_tag);

ret = load_tls_type(ctx, 3, TLS_CREDENTIAL_SERVER_CERTIFICATE);
ret = load_tls_type(ctx, 3, TLS_CREDENTIAL_PUBLIC_CERTIFICATE);
if (ret < 0) {
return ret;
}
Expand Down
4 changes: 2 additions & 2 deletions subsys/net/lib/sockets/sockets_tls.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1078,7 +1078,7 @@ static int tls_set_credential(struct tls_context *tls,
case TLS_CREDENTIAL_CA_CERTIFICATE:
return tls_add_ca_certificate(tls, cred);

case TLS_CREDENTIAL_SERVER_CERTIFICATE:
case TLS_CREDENTIAL_PUBLIC_CERTIFICATE:
return tls_add_own_cert(tls, cred);

case TLS_CREDENTIAL_PRIVATE_KEY:
Expand Down Expand Up @@ -1133,7 +1133,7 @@ static int tls_mbedtls_set_credentials(struct tls_context *tls)

if (cred->type == TLS_CREDENTIAL_CA_CERTIFICATE) {
ca_cert_present = true;
} else if (cred->type == TLS_CREDENTIAL_SERVER_CERTIFICATE) {
} else if (cred->type == TLS_CREDENTIAL_PUBLIC_CERTIFICATE) {
own_cert_present = true;
}
}
Expand Down
12 changes: 6 additions & 6 deletions subsys/net/lib/tls_credentials/tls_credentials_shell.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,12 @@ static const struct cred_type_string type_strings[] = {
{"CA_CERT", TLS_CREDENTIAL_CA_CERTIFICATE},
{"CA", TLS_CREDENTIAL_CA_CERTIFICATE},

{"SERVER_CERT", TLS_CREDENTIAL_SERVER_CERTIFICATE},
{"CLIENT_CERT", TLS_CREDENTIAL_SERVER_CERTIFICATE},
{"SELF_CERT", TLS_CREDENTIAL_SERVER_CERTIFICATE},
{"SELF", TLS_CREDENTIAL_SERVER_CERTIFICATE},
{"CLIENT", TLS_CREDENTIAL_SERVER_CERTIFICATE},
{"SERV", TLS_CREDENTIAL_SERVER_CERTIFICATE},
{"SERVER_CERT", TLS_CREDENTIAL_PUBLIC_CERTIFICATE},
{"CLIENT_CERT", TLS_CREDENTIAL_PUBLIC_CERTIFICATE},
{"SELF_CERT", TLS_CREDENTIAL_PUBLIC_CERTIFICATE},
{"SELF", TLS_CREDENTIAL_PUBLIC_CERTIFICATE},
{"CLIENT", TLS_CREDENTIAL_PUBLIC_CERTIFICATE},
{"SERV", TLS_CREDENTIAL_PUBLIC_CERTIFICATE},

{"PRIVATE_KEY", TLS_CREDENTIAL_PRIVATE_KEY},
{"PK", TLS_CREDENTIAL_PRIVATE_KEY},
Expand Down
4 changes: 2 additions & 2 deletions tests/net/lib/http_server/tls/src/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ static void *setup(void)
zassert_equal(ret, 0, "failed to add CA Certificate (%d)", ret);

ret = tls_credential_add(SERVER_CERTIFICATE_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
server, sizeof(server));
zassert_equal(ret, 0, "failed to add Server Certificate (%d)", ret);

Expand All @@ -249,7 +249,7 @@ static void *setup(void)
zassert_equal(ret, 0, "failed to add Server Private Key (%d)", ret);

ret = tls_credential_add(CLIENT_CERTIFICATE_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
client, sizeof(client));
zassert_equal(ret, 0, "failed to add Client Certificate (%d)", ret);

Expand Down
2 changes: 1 addition & 1 deletion tests/net/lib/lwm2m/lwm2m_engine/src/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -467,7 +467,7 @@ ZTEST(lwm2m_engine, test_security)
zassert_equal(z_impl_zsock_setsockopt_fake.arg2_history[1], TLS_PEER_VERIFY);
zassert_equal(z_impl_zsock_setsockopt_fake.arg2_history[2], TLS_CIPHERSUITE_LIST);
zassert_true(tls_credential_add_fake.call_count == 3);
zassert_equal(tls_credential_add_fake.arg1_history[0], TLS_CREDENTIAL_SERVER_CERTIFICATE);
zassert_equal(tls_credential_add_fake.arg1_history[0], TLS_CREDENTIAL_PUBLIC_CERTIFICATE);
zassert_equal(tls_credential_add_fake.arg1_history[1], TLS_CREDENTIAL_PRIVATE_KEY);
zassert_equal(tls_credential_add_fake.arg1_history[2], TLS_CREDENTIAL_CA_CERTIFICATE);
zassert_equal(lwm2m_engine_stop(&ctx), 0);
Expand Down
8 changes: 4 additions & 4 deletions tests/net/lib/tls_credentials/src/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,10 @@ static void test_credential_add(void)
/* Function should allow to add credentials of different types
* with the same tag
*/
ret = tls_credential_add(common_tag, TLS_CREDENTIAL_SERVER_CERTIFICATE,
ret = tls_credential_add(common_tag, TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
test_server_cert, sizeof(test_server_cert));
zassert_equal(ret, 0, "Failed to add credential %d %d",
common_tag, TLS_CREDENTIAL_SERVER_CERTIFICATE);
common_tag, TLS_CREDENTIAL_PUBLIC_CERTIFICATE);

ret = tls_credential_add(common_tag, TLS_CREDENTIAL_PRIVATE_KEY,
test_server_key, sizeof(test_server_key));
Expand Down Expand Up @@ -87,7 +87,7 @@ static void test_credential_get(void)

/* Try to read with too small buffer */
credlen = sizeof(test_server_cert) - 1;
ret = tls_credential_get(common_tag, TLS_CREDENTIAL_SERVER_CERTIFICATE,
ret = tls_credential_get(common_tag, TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
cred, &credlen);
zassert_equal(ret, -EFBIG, "Should have failed with EFBIG");
}
Expand Down Expand Up @@ -121,7 +121,7 @@ static void test_credential_internal_iterate(void)
cert = temp;
}

zassert_equal(cert->type, TLS_CREDENTIAL_SERVER_CERTIFICATE,
zassert_equal(cert->type, TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
"Invalid type for cert");
zassert_equal(cert->tag, common_tag, "Invalid tag for cert");
zassert_equal(cert->len, sizeof(test_server_cert),
Expand Down
4 changes: 2 additions & 2 deletions tests/net/socket/tls_ext/src/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -449,7 +449,7 @@ static void *setup(void)
zassert_equal(r, 0, "failed to add CA Certificate (%d)", r);

r = tls_credential_add(SERVER_CERTIFICATE_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
server, sizeof(server));
zassert_equal(r, 0, "failed to add Server Certificate (%d)", r);

Expand All @@ -459,7 +459,7 @@ static void *setup(void)
zassert_equal(r, 0, "failed to add Server Private Key (%d)", r);

r = tls_credential_add(CLIENT_CERTIFICATE_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
client, sizeof(client));
zassert_equal(r, 0, "failed to add Client Certificate (%d)", r);

Expand Down
Loading