Merge pull request #8374 from dhalbert/new-certificates-submodule

Update TLS certificates and use new certificates submodule

.gitmodules

@@ -144,9 +144,6 @@
 	path = ports/espressif/esp-idf
 	url = https://github.com/adafruit/esp-idf.git
 	branch = release/v4.4-circuitpython
-[submodule "ports/espressif/certificates/nina-fw"]
-	path = lib/certificates/nina-fw
-	url = https://github.com/adafruit/nina-fw.git
 [submodule "frozen/Adafruit_CircuitPython_ST7789"]
 	path = frozen/Adafruit_CircuitPython_ST7789
 	url = https://github.com/adafruit/Adafruit_CircuitPython_ST7789
@@ -341,3 +338,6 @@
 [submodule "frozen/Adafruit_CircuitPython_Wave"]
 	path = frozen/Adafruit_CircuitPython_Wave
 	url = https://github.com/adafruit/Adafruit_CircuitPython_Wave.git
+[submodule "lib/certificates"]
+	path = lib/certificates
+	url = https://github.com/adafruit/certificates

lib/certificates

@@ -0,0 +1 @@
+Subproject commit 5c85c604a0d77a08df93435e4afad5f541c38923

lib/certificates/README.md

@@ -1,3 +0,0 @@
-We share root certificates with the nina-fw to ensure they both use the same roots.
-
-https://github.com/adafruit/nina-fw

lib/certificates/nina-fw

@@ -1 +0,0 @@
-Subproject commit 21205e400515a698266abaaea902bd1ea897bb5d

ports/espressif/esp-idf-config/sdkconfig-esp32.defaults

@@ -776,7 +776,7 @@ CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y
 # CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN is not set
 CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE=y
 CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y
-CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="../../lib/certificates/nina-fw/data/roots.pem"
+CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="../../lib/certificates/data/roots.pem"
 # end of Certificate Bundle
 
 CONFIG_MBEDTLS_ECP_RESTARTABLE=y

ports/espressif/esp-idf-config/sdkconfig.defaults

@@ -572,7 +572,7 @@ CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y
 # CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN is not set
 CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE=y
 CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y
-CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="../../lib/certificates/nina-fw/data/roots.pem"
+CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="../../lib/certificates/data/roots.pem"
 # end of Certificate Bundle
 
 CONFIG_MBEDTLS_ECP_RESTARTABLE=y

ports/raspberrypi/Makefile

@@ -345,7 +345,7 @@ CFLAGS += \
 	  -isystem $(TOP)/lib/mbedtls/include \
 	  -DMBEDTLS_CONFIG_FILE='"mbedtls/mbedtls_config.h"' \
 
-$(BUILD)/x509_crt_bundle.S: $(TOP)/lib/certificates/nina-fw/data/roots.pem $(TOP)/tools/gen_crt_bundle.py
+$(BUILD)/x509_crt_bundle.S: $(TOP)/lib/certificates/data/roots.pem $(TOP)/tools/gen_crt_bundle.py
 	$(Q)$(PYTHON) $(TOP)/tools/gen_crt_bundle.py -i $< -o $@ --asm
 OBJ_MBEDTLS := $(BUILD)/x509_crt_bundle.o
 $(patsubst %.c,$(BUILD)/%.o,$(SRC_MBEDTLS))): CFLAGS += -Wno-suggest-attribute=format

tools/ci_fetch_deps.py

@@ -24,7 +24,7 @@ PORT_DEPS = {
     "cxd56": ["extmod/ulab/", "lib/tinyusb/"],
     "espressif": [
         "extmod/ulab/",
-        "lib/certificates/nina-fw/",
+        "lib/certificates/",
         "lib/protomatter/",
         "lib/quirc/",
         "lib/tinyusb/",
@@ -37,7 +37,7 @@ PORT_DEPS = {
         "lib/adafruit_floppy/",
         "lib/mbedtls/",
         "lib/mp3/",
-        "lib/certificates/nina-fw/",
+        "lib/certificates/",
         "lib/protomatter/",
         "lib/quirc/",
         "lib/tinyusb/",