Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial draft for certificate generation #399

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

a-w50
Copy link
Contributor

@a-w50 a-w50 commented Oct 25, 2023

No description provided.

@@ -32,7 +32,6 @@ list(INSERT CMAKE_MODULE_PATH 0 "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
option(CREATE_SYMLINKS "Create symlinks to javascript modules and auxillary files - for development purposes" OFF)
option(CMAKE_RUN_CLANG_TIDY "Run clang-tidy" OFF)
option(BUILD_TESTING "Run unit tests" OFF)
option(ISO15118_2_GENERATE_AND_INSTALL_CERTIFICATES "Automatically generate and install certificates for development purposes" ON)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like there is no way to turn off certificate generation, but I think one should still be able to provide their own certificates if they so choose

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, this needs to be discussed - therefor I didn't at it yet

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree certificate generation should be an option

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing this directory structure does make it a bit harder to provide your own certificates in the required structure

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, but I think it would be a bad idea to put your certificates as an external user into the source tree of everest-core. This should be done differently and will be the responsibility of the external user

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the libevse-security and the EvseSecurity module we now have more flexibility configuring certificate paths and directories and we dont rely on a fixed structure like we did before. We need to have some documentation in everest-core / EvseSecurity module that explains how custom certificates can be configured

@@ -76,11 +75,6 @@ include(ev-project-bootstrap)

ev_add_project()

# create MF_ROOT_CA if not available
if (ISO15118_2_GENERATE_AND_INSTALL_CERTIFICATES)
file(TOUCH config/certs/ca/mf/MF_ROOT_CA.pem)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this file is not generated in the generate_certificates.py but its absence breaks OCPP

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, thanks! I need to check this, haven't tested yet, if the generated files are sufficient for running sil stuff. But here I would rather at the generation of these necessary files into the generator script

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be mitigated with https://github.com/EVerest/libevse-security/tree/workaround/missing_certificates , which attempts to create the files that are configured but do not yet exist within the libevse-security. @AssemblyJohn

@hikinggrass hikinggrass marked this pull request as draft January 25, 2024 14:34
@corneliusclaussen
Copy link
Contributor

What is the status of this one? Do we still need it?

@Pietfried
Copy link
Contributor

What is the status of this one? Do we still need it?

yes, ill try to pick this up together with @a-w50

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants