On Tuesday 13 Mar 2012 17:51:55 Terry Burton wrote: > On 13 March 2012 13:22, Michael Brown <[email protected]> wrote: > > On Monday 12 Mar 2012 15:25:54 Terry Burton wrote: > >> Is validation of HTTPs certificates (akin to this earlier patch [1]) a > >> feature that is on the roadmap? > > > > Yes.
Done, with the exception of time and date checking (which will be implemented soon; at the moment even expired certificates will be accepted). Some basic instructions are in place at http://ipxe.org/crypto iPXE embeds only the SHA-256 fingerprints of the trusted root certificates, not the whole certificate. A consequence of this is that the server must currently provide the full certificate chain, including the root certificate and any cross-signing certificates. This limitation will eventually be lifted, by enabling iPXE to automatically download the relevant cross-signing certificates when needed. Michael _______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo/ipxe-devel
