Initial draft for certificate generation #399
Conversation
Signed-off-by: aw <[email protected]>
| @@ -32,7 +32,6 @@ list(INSERT CMAKE_MODULE_PATH 0 "${CMAKE_CURRENT_SOURCE_DIR}/cmake") | |||
| option(CREATE_SYMLINKS "Create symlinks to javascript modules and auxillary files - for development purposes" OFF) | |||
| option(CMAKE_RUN_CLANG_TIDY "Run clang-tidy" OFF) | |||
| option(BUILD_TESTING "Run unit tests" OFF) | |||
| option(ISO15118_2_GENERATE_AND_INSTALL_CERTIFICATES "Automatically generate and install certificates for development purposes" ON) | |||
There was a problem hiding this comment.
It looks like there is no way to turn off certificate generation, but I think one should still be able to provide their own certificates if they so choose
There was a problem hiding this comment.
Correct, this needs to be discussed - therefor I didn't at it yet
There was a problem hiding this comment.
I agree certificate generation should be an option
There was a problem hiding this comment.
Removing this directory structure does make it a bit harder to provide your own certificates in the required structure
There was a problem hiding this comment.
Good point, but I think it would be a bad idea to put your certificates as an external user into the source tree of everest-core. This should be done differently and will be the responsibility of the external user
There was a problem hiding this comment.
With the libevse-security and the EvseSecurity module we now have more flexibility configuring certificate paths and directories and we dont rely on a fixed structure like we did before. We need to have some documentation in everest-core / EvseSecurity module that explains how custom certificates can be configured
| @@ -76,11 +75,6 @@ include(ev-project-bootstrap) | |||
|
|
|||
| ev_add_project() | |||
|
|
|||
| # create MF_ROOT_CA if not available | |||
| if (ISO15118_2_GENERATE_AND_INSTALL_CERTIFICATES) | |||
| file(TOUCH config/certs/ca/mf/MF_ROOT_CA.pem) | |||
There was a problem hiding this comment.
I think this file is not generated in the generate_certificates.py but its absence breaks OCPP
There was a problem hiding this comment.
Yes, thanks! I need to check this, haven't tested yet, if the generated files are sufficient for running sil stuff. But here I would rather at the generation of these necessary files into the generator script
There was a problem hiding this comment.
This should be mitigated with https://github.com/EVerest/libevse-security/tree/workaround/missing_certificates , which attempts to create the files that are configured but do not yet exist within the libevse-security. @AssemblyJohn
|
What is the status of this one? Do we still need it? |
yes, ill try to pick this up together with @a-w50 |
No description provided.