It gets an error and ipxe.org error, it does not hang, then fails to access the https://webserver url. There is no network access to the internet, and I had even tried to disable that by adding:
set crosscert x-invalid:// && goto crosscert_ok || echo Setting crosscert failed sync ; exit 1 :crosscert_ok Not sure where I found the above example to disable crosscert check, but I gave it a try anyway. > grep HTTP config/general.h #define DOWNLOAD_PROTO_HTTP /* Hypertext Transfer Protocol */ #define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */ From: Christian Nilsson [mailto:nik...@gmail.com] Sent: Tuesday, November 22, 2016 5:47 PM To: Blatt, Andrew C Cc: ipxe-devel@lists.ipxe.org Subject: Re: [ipxe-devel] trying to leverage https address but not with certificates. Do you get a error and a ipxe.org<http://ipxe.org> error URL or does it just hang? Does the network have access to the internet (for possible download of the certificate chain) the proper way to enable functions is to add the just needed ones to the proper config/local file, in this case adding #define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */ into src/config/local/general.h note the #define instead of $define (which should cause compilation error i hope) /Christian On Tue, Nov 22, 2016 at 5:59 PM, Blatt, Andrew C <andrew.bl...@bankofamerica.com<mailto:andrew.bl...@bankofamerica.com>> wrote: Hi, I’m trying to access a pxelinux.cfg file over HTTPS instead of HTTP: #!ipxe # Disable automated download of certificates since it is done against # unauthenticated host which may lead to exploits ifstat net0 imgfetch -n kernel https://WEBSERVER/pxelinux.cfg/01-${net0/mac:hexhyp}<https://WEBSERVER/pxelinux.cfg/01-$%7Bnet0/mac:hexhyp%7D> && goto image_ok || goto discovery_image :discovery_image ifstat net0 imgfetch -n kernel https://WEBSERVER/pxelinux.cfg/default || echo ${net0/mac}:${ip} - Boot Failed :image_ok imgload kernel boot kernel I’ve tried compiling ipxe-fd95c78 and updated config/general.h to include $define DOWNLOAD_PROTO_HTTPS but it still fails to access the URL, if I change it back to http://WEBSERVER, it works. Any advice? Thank you. Andrew ________________________________ This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. _______________________________________________ ipxe-devel mailing list ipxe-devel@lists.ipxe.org<mailto:ipxe-devel@lists.ipxe.org> https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel ---------------------------------------------------------------------- This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
_______________________________________________ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
