Add code comments on the different requirements for credential constants between evaluation and production systems. (#386)

Only comments have changed.  No code changes.

Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Co-authored-by: Gary Wicker <14828980+gkwicker@users.noreply.github.com>
pull/384/head^2
RichardBarry 4 years ago committed by GitHub
parent 72e6c2ca92
commit 596b466300
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -60,7 +60,12 @@
* must be unique; so edit as required to ensure that no two clients connecting to
* the same broker use the same client identifier.
*
* #define democonfigCLIENT_IDENTIFIER "...insert here..."
*!!! Please note a #defined constant is used for convenience of demonstration
*!!! only. Production devices can use something unique to the device that can
*!!! be read by software, such as a production serial number, instead of a
*!!! hard coded constant.
*
* #define democonfigCLIENT_IDENTIFIER "insert here."
*/

@ -58,6 +58,11 @@
* must be unique so edit as required to ensure no two clients connecting to the
* same broker use the same client identifier.
*
*!!! Please note a #defined constant is used for convenience of demonstration
*!!! only. Production devices can use something unique to the device that can
*!!! be read by software, such as a production serial number, instead of a
*!!! hard coded constant.
*
* #define democonfigCLIENT_IDENTIFIER "insert here."
*/

@ -111,6 +111,13 @@
/* If no username is defined, then a client certificate/key is required. */
#ifndef democonfigCLIENT_USERNAME
/*
*!!! Please note democonfigCLIENT_PRIVATE_KEY_PEM in used for
*!!! convenience of demonstration only. Production devices should
*!!! store keys securely, such as within a secure element.
*/
#ifndef democonfigCLIENT_CERTIFICATE_PEM
#error "Please define client certificate(democonfigCLIENT_CERTIFICATE_PEM) in demo_config.h."
#endif

@ -57,6 +57,11 @@
* must be unique so edit as required to ensure no two clients connecting to the
* same broker use the same client identifier.
*
*!!! Please note a #defined constant is used for convenience of demonstration
*!!! only. Production devices can use something unique to the device that can
*!!! be read by software, such as a production serial number, instead of a
*!!! hard coded constant.
*
* #define democonfigCLIENT_IDENTIFIER "insert here."
*/
@ -133,6 +138,14 @@
/**
* @brief Client's private key.
*
*!!! Please note pasting a key into the header file in this manner is for
*!!! convenience of demonstration only and should not be done in production.
*!!! Never paste a production private key here!. Production devices should
*!!! store keys securely, such as within a secure element. Additionally,
*!!! we provide the corePKCS library that further enhances security by
*!!! enabling securely stored keys to be used without exposing them to
*!!! software.
*
* For AWS IoT MQTT broker, refer to the AWS documentation below for details
* regarding clientauthentication.
* https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html

@ -63,14 +63,19 @@ TLS mutual authentication for use with this MQTT demo.
"-----BEGIN CERTIFICATE-----\n" \
"...base64 data...\n" \
"-----END CERTIFICATE-----\n"
11. In the certs folder of your Documents, you will find a file called `client.key`.
12. In the certs folder of your Documents, you will find a file called `client.key`.
Copy its contents to `#define democonfigCLIENT_PRIVATE_KEY_PEM`. Keep in mind
that it must include the PEM header and footer and be formatted in this manner:
#define democonfigCLIENT_PRIVATE_KEY_PEM \
"-----BEGIN RSA PRIVATE KEY-----\n" \
"...base64 data...\n" \
"-----END RSA PRIVATE KEY-----\n"
12. Update the config `democonfigdisableSNI` to `( pdTRUE )`. It needs to be
*!!! Please note democonfigCLIENT_PRIVATE_KEY_PEM in used for convenience
*!!! of demonstration only. Production devices should store keys securely,
*!!! such as within a secure element.
13. Update the config `democonfigdisableSNI` to `( pdTRUE )`. It needs to be
configured this way because the local MQTT broker will only have an IP
address but not a hostname. However, SNI (Server name indication) should
be enabled whenever possible.

@ -72,6 +72,13 @@
/* If no username is defined, then a client certificate/key is required. */
#ifndef democonfigCLIENT_USERNAME
/*
*!!! Please note democonfigCLIENT_PRIVATE_KEY_PEM in used for
*!!! convenience of demonstration only. Production devices should
*!!! store keys securely, such as within a secure element.
*/
#ifndef democonfigCLIENT_CERTIFICATE_PEM
#error "Please define client certificate(democonfigCLIENT_CERTIFICATE_PEM) in demo_config.h."
#endif

@ -60,7 +60,12 @@
* must be unique; so edit as required to ensure that no two clients connecting to
* the same broker use the same client identifier.
*
* #define democonfigCLIENT_IDENTIFIER "insert here."
*!!! Please note a #defined constant is used for convenience of demonstration
*!!! only. Production devices can use something unique to the device that can
*!!! be read by software, such as a production serial number, instead of a
*!!! hard coded constant.
*
* #define democonfigCLIENT_IDENTIFIER "insert here."
*/
/**
@ -132,6 +137,14 @@
/**
* @brief Client's private key.
*
*!!! Please note pasting a key into the header file in this manner is for
*!!! convenience of demonstration only and should not be done in production.
*!!! Never paste a production private key here!. Production devices should
*!!! store keys securely, such as within a secure element. Additionally,
*!!! we provide the corePKCS library that further enhances security by
*!!! enabling securely stored keys to be used without exposing them to
*!!! software.
*
* For AWS IoT MQTT broker, refer to the AWS documentation below for details
* regarding clientauthentication.
* https://docs.aws.amazon.com/iot/latest/developerguide/client-authentication.html

@ -63,14 +63,19 @@ TLS mutual authentication for use with this MQTT demo.
"-----BEGIN CERTIFICATE-----\n" \
"...base64 data...\n" \
"-----END CERTIFICATE-----\n"
11. In the certs folder of your Documents, you will find a file called `client.key`.
12. In the certs folder of your Documents, you will find a file called `client.key`.
Copy its contents to `#define democonfigCLIENT_PRIVATE_KEY_PEM`. Keep in mind
that it must include the PEM header and footer and be formatted in this manner:
#define democonfigCLIENT_PRIVATE_KEY_PEM \
"-----BEGIN RSA PRIVATE KEY-----\n" \
"...base64 data...\n" \
"-----END RSA PRIVATE KEY-----\n"
12. Update the config `democonfigdisableSNI` to `( pdTRUE )`. It needs to be
*!!! Please note democonfigCLIENT_PRIVATE_KEY_PEM in used for convenience
*!!! of demonstration only. Production devices should store keys securely,
*!!! such as within a secure element.
13. Update the config `democonfigdisableSNI` to `( pdTRUE )`. It needs to be
configured this way because the local MQTT broker will only have an IP
address but not a hostname. However, SNI (Server name indication) should
be enabled whenever possible.

@ -58,6 +58,11 @@
* must be unique so edit as required to ensure no two clients connecting to the
* same broker use the same client identifier.
*
*!!! Please note a #defined constant is used for convenience of demonstration
*!!! only. Production devices can use something unique to the device that can
*!!! be read by software, such as a production serial number, instead of a
*!!! hard coded constant.
*
* #define democonfigCLIENT_IDENTIFIER "insert here."
*/

@ -58,6 +58,11 @@
* must be unique so edit as required to ensure no two clients connecting to the
* same broker use the same client identifier.
*
*!!! Please note a #defined constant is used for convenience of demonstration
*!!! only. Production devices can use something unique to the device that can
*!!! be read by software, such as a production serial number, instead of a
*!!! hard coded constant.
*
* #define democonfigCLIENT_IDENTIFIER "insert here."
*/

Loading…
Cancel
Save