Merge pull request #1381 from shadowguardian507-irl/AWS_CA_add

TLS(ca trust): Add Amazon Root CA 1 certificate to TLS component

Author: dexterbg

vehicle/OVMS.V3/components/ovms_tls/component.mk

@@ -11,5 +11,5 @@ ifdef CONFIG_MG_ENABLE_SSL
 COMPONENT_SRCDIRS := src
 COMPONENT_ADD_INCLUDEDIRS := src
 COMPONENT_ADD_LDFLAGS = -Wl,--whole-archive -l$(COMPONENT_NAME) -Wl,--no-whole-archive
-COMPONENT_EMBED_FILES := trustedca/usertrust.crt trustedca/digicert_global.crt trustedca/digicert_g2.crt trustedca/starfield_class2.crt trustedca/baltimore_cybertrust.crt trustedca/isrg_x1.crt
+COMPONENT_EMBED_FILES := trustedca/usertrust.crt trustedca/digicert_global.crt trustedca/digicert_g2.crt trustedca/starfield_class2.crt trustedca/baltimore_cybertrust.crt trustedca/isrg_x1.crt trustedca/amazon_root_ca1.crt
 endif

vehicle/OVMS.V3/components/ovms_tls/src/ovms_tls.cpp

@@ -168,6 +168,10 @@ void OvmsTLS::Reload()
   extern const unsigned char isrg_x1_end[] asm("_binary_isrg_x1_crt_end");
   m_trustlist["ISRG X1 CA"] = new OvmsTrustedCert(isrg_x1, isrg_x1_end - isrg_x1);
 
+  extern const unsigned char amazon_root_ca1[] asm("_binary_amazon_root_ca1_crt_start");
+  extern const unsigned char amazon_root_ca1_end[] asm("_binary_amazon_root_ca1_crt_end");
+  m_trustlist["Amazon Root CA 1"] = new OvmsTrustedCert(amazon_root_ca1, amazon_root_ca1_end - amazon_root_ca1);
+
   // Add trusted certs on disk (/store/trustedca)
   DIR *dir;
   struct dirent *dp;