get roots.pem from adafruit/certificates repo

[dhalbert]

Fixes #55.

• Gets roots.pem from https://github.com/adafruit/certificates, which is a submodule.
• Removes any non-certificate lines (e.g. comments) from roots.pem to save space.
• Reformatted combine.py with black.
• Version bumped to 1.7.7. 1.7.6 was never released, but it was used, so let's bump again.

Awaiting testing by @crhuber from #55.

[hathach]

@dhalbert just resolved a conflict with #61 and also add push update for checkout submodule to get ci passed. Please pull before making more changes to this PR

[dhalbert]

👍

[hathach]

@dhalbert I didn't do any rebase/merge with upstream yet, though building with this PR got it running with my pyportal m4 using your sketch WiFiSSLClient_AirLift_metro_m4.zip, server: valid-isrgrootx2.letsencrypt.org tested with both local build and ci artifacts. So it is probably rootpem issue ?

IP Address: 192.168.31.151
signal strength (RSSI):-50 dBm

Starting connection to server: valid-isrgrootx2.letsencrypt.org, on port 443
connected to server
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 13 Dec 2023 04:57:55 GMT
Content-Type: text/html
Content-Length: 4067
Last-Modified: Fri, 04 Aug 2023 20:58:47 GMT
Connection: close
Vary: Accept-Encoding
ETag: "64cd6687-fe3"
Strict-Transport-Security: max-age=604800
X-XSS-Protection: 1; mode=block
Accept-Ranges: bytes

<!DOCTYPE html>
<html>

<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width initial-scale=1" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">

<title>valid-isrgrootx2.letsencrypt.org</title>

<style>
removed style for readibility
</style>
</head>


<body>

<header>
  <img class="lock" src="./images/LE_badge_color.svg">
</header>


<div class="banner">
  <div>
    <h1><strong>valid-isrgrootx2.letsencrypt.org</strong></h1>
  </div>
</div>

<!-- HTTP Content -->
<div class="content">
  <div>
    <p><a href="https://letsencrypt.org/">Let's Encrypt</a> is a certificate authority. We created this page to demonstrate a valid certificate that chains to our ISRG Root X2 certificate.</p>
    <div id="http">
      <h2 class="through-line">Get involved</h2>
      <p>Let's Encrypt is a community-driven project.  We would love for you to get involved.</p>
      <ul>
        <li>Help us build the <a href="https://github.com/letsencrypt/boulder/">CA</a></li>
        <li>Participate in the <a href="https://community.letsencrypt.org/">community support forums</a></li>
        <li>Sign up to be a <a href="https://letsencrypt.org/become-a-sponsor/">sponsor</a></li>
      </ul>

    </div>
  </div>
</div>


</body>
</html>

disconnecting from server.

[hathach]

I couldn't test with api.intra.io/api/v1/healthz since my desktop browser get blocked by that site (probalby IP related blocked).

[dhalbert]

I didn't do any rebase/merge with upstream yet, though building with this PR got it running with my pyportal m4 using your sketch WiFiSSLClient_AirLift_metro_m4.zip, server: valid-isrgrootx2.letsencrypt.org tested with both local build and ci artifacts. So it is probably rootpem issue ?

That is very odd, because the exact same thing with adafruit/nina-fw didn't work with the new roots.pem when I did it here. It does work with arduino/nina-fw. I will re-test, but could you send me the .bin you built?

I wonder if it is something geographical, though I'm not sure why that would happen.

[hathach]

@dhalbert you can use the artifact one in this commit, I have teseted it (as well as my local bin). https://github.com/adafruit/nina-fw/actions/runs/7190435237

[dhalbert]

CI build artifact tested on Metro M4 AirLift Lite. Works fine with https://github.com/adafruit/nina-fw/files/13656309/WiFiSSLClient_AirLift_metro_m4.zip above with host valid-isrgrootx2.letsencrypt.org. As expected, still does not work with valid-isrgrootx2.letsencrypt.org with a CircuitPython test program. That problem remains to be debugged.

I plan to release it as 1.7.7 when it's merged.

[brentru]

Read over changes to combine.py, LGTM!

[hathach]

@dhalbert great, we should merge and release this first. Though I will just merge so that we could move on with syncing nina-fw with upstream and also try to upgrade IDF to v5. Will let you decide when to make an release (just in case you want to have any pending/more changes)