platform: net: zephyr: add support for secondary root ca certificate

platform/net/zephyr/src/mender-net.c

@@ -138,8 +138,10 @@ mender_net_connect(const char *host, const char *port, int *sock) {
 #ifdef CONFIG_NET_SOCKETS_SOCKOPT_TLS
 
     /* Set TLS_SEC_TAG_LIST option */
-    sec_tag_t sec_tag[] = {
-        CONFIG_MENDER_NET_CA_CERTIFICATE_TAG,
+    sec_tag_t sec_tag[] = { CONFIG_MENDER_NET_CA_CERTIFICATE_TAG_PRIMARY,
+#if (0 != CONFIG_MENDER_NET_CA_CERTIFICATE_TAG_SECONDARY)
+                            CONFIG_MENDER_NET_CA_CERTIFICATE_TAG_SECONDARY
+#endif /* (0 != CONFIG_MENDER_NET_CA_CERTIFICATE_TAG_SECONDARY) */
     };
     if ((result = zsock_setsockopt(*sock, SOL_TLS, TLS_SEC_TAG_LIST, sec_tag, sizeof(sec_tag))) < 0) {
         mender_log_error("Unable to set TLS_SEC_TAG_LIST option, result = %d, errno = %d", result, errno);

zephyr/Kconfig

@@ -286,12 +286,19 @@ if MENDER_MCU_CLIENT
 
         menu "Network options (ADVANCED)"
 
-            config MENDER_NET_CA_CERTIFICATE_TAG
-                int "CA certificate tag"
+            config MENDER_NET_CA_CERTIFICATE_TAG_PRIMARY
+                int "Primary CA certificate tag"
                 default 1
                 help
                     A security tag that ROOT CA server credential will be referenced with, see tls_credential_add.
 
+            config MENDER_NET_CA_CERTIFICATE_TAG_SECONDARY
+                int "Secondary CA certificate tag"
+                default 0
+                help
+                    A secondary security tag that ROOT CA server credential will be referenced with, see tls_credential_add.
+                    Setting this value to 0 permits to disable the secondary CA certificate tag.
+
             config MENDER_NET_TLS_PEER_VERIFY
                 int "TLS_PEER_VERIFY option"
                 range 0 2