wifi/ssl: automatically set time from ntp; verify certificate validity

[jepler]

If the following change relative to #6999 is added, and board time is set with adafruit_ntp, then certificate date validity works:

-#undef MBEDTLS_HAVE_TIME_DATE
+#define MBEDTLS_HAVE_TIME_DATE

however, requiring use of adafruit_ntp 'manually' would be a new requirement, and there's no way I spotted to runtime disable checking if the pico's RTC has never been set since boot, just the compile time check

It appears that what I propose is what esp32 does implicitly. No, our espressif port doesn't check time validity either

We can study mbedtls's "sntp app" for C implementation ideas; it should probably run <200 lines of code.

Note that this should use 0.adafruit.pool.ntp.org as the server name.

After implementing this, ensure that expired.badssl.com correctly fails to load.

[anecdata]

Seems like we would want the NTP server to be runtime-configurable. Particularly in a case of LAN-only operation, so that a local NTP server could be used.

(BTW, NINA does get the time automatically for Airlift configs, assuming there's an internet connection.)

[jepler]

Agreed; I have some NTP servers on my LAN and I'd prefer to use them if possible. Finding a way to make certificate time validity checks optional in mbedtls would be nice, so that users who can't/won't use ntp can still use secure sockets, but on the other hand if you have a private, non-internet network then you may not need SSL to provide your security level...

[anecdata]

Defense-in-depth ;-) But seriously, I wouldn't want to run my router without SSL on the LAN side, and it's an NTP server.

[bablokb]

I don't think ntp is useful without a complete and current timezone-database. Translation to the correct local time is complicated. A better approach is to query an api that directly returns the correct local time.

[justmobilize]

Curious, why does it need to be timezone aware?

[bablokb]

NTP returns time in UTC (i.e. UK-time). But most of us don't live in UK, and we want our devices to run with local time. So you need two things: the device must know it's timezone and it must have all the logic and data available to convert UK-time to local time. So it must know the offset, the exact dates for DST-switch and so on.

You can hard-code all of this for your specific location, but as soon as you share your code other users will have problems.

So it is much simpler to query the local time directly instead of UTC/UK time. E.g. from http://worldtimeapi.org/. This also saves you from the hassle of implementing the ntp-protocol.

[justmobilize]

So requiring this, would set the RTC time, and thus if you used local time in your project it would cause issues?

I always set my RTC to UTC and when I want to display it translate it. This way I don't need to adjust the RTC for things like daylight savings (summer time) or when it changes timezones.

[bablokb]

That is what you usually do on PCs/laptops. But how will you do this on a MCU with limited amount of memory? And I am talking about programs you can put on Github that others can download and just use, without tinkering with the adjustment logic. With CircuitPython, we don't have a complete datetime.datetime module or any of the datetime.tz* modules. Unless you use adafruit_datetime as an addon-package. But that library has a large memory footprint as stated in the Readme.

From the two alternatives

1. setting the RTC to UTC from NTP and then do the translation manually to localtime as a second step
2. setting the RTC directly to localtime from worldtimeapi.org
   the second will be more efficient, has a lower footprint and works globally without any additional logic and data about timezones, DST and so on.

I btw. don't require anything. This issue is titled "automatically set time from ntp" and I just want to argue against implementing this in any way because it won't work (or won't be efficient) for the given reasons. I would also not want that the core CircuitPython would automatically set time from any other source. This should be left to the application program if needed. Memory is tight on many systems, e.g. on a Pico-W when you use wifi you loose a large part of it and this should be under control by the application programmer.

[justmobilize]

I hear your points, and not arguing for or against. It would be nice if you could turn it on or off, or pick a build that had it enabled. I'll have to do some footprint comparisons in my own time.

I understand the goal of copy/paste code. I use the following for simple apps, which I find works fine on MCUs

import time

OFFSET = -60 * 60 * 5 # currently in CDT

def get_local_time(offset=None):
  if offset is None:
    offset = OFFSET
  return time.localtime(time.mktime(time.localtime()) + offset)

I also have a method that will set OFFSET from worldtimeapi.org and even use it to know when to change it.