On 19 March 2012 04:25, Michael Brown <[email protected]> wrote: > On Tuesday 13 Mar 2012 17:51:55 Terry Burton wrote: >> On 13 March 2012 13:22, Michael Brown <[email protected]> wrote: >> > On Monday 12 Mar 2012 15:25:54 Terry Burton wrote: >> >> Is validation of HTTPs certificates (akin to this earlier patch [1]) a >> >> feature that is on the roadmap? >> > >> > Yes. > > Done, with the exception of time and date checking (which will be implemented > soon; at the moment even expired certificates will be accepted). > > Some basic instructions are in place at > > http://ipxe.org/crypto > > iPXE embeds only the SHA-256 fingerprints of the trusted root certificates, > not > the whole certificate. A consequence of this is that the server must > currently > provide the full certificate chain, including the root certificate and any > cross-signing certificates. This limitation will eventually be lifted, by > enabling iPXE to automatically download the relevant cross-signing > certificates > when needed.
Thanks for this! It's working perfectly well for my purposes using an embedded self-signed certificate but I will report on success with CA-signed (and cross-signed) certificates if we go that way. All the best, Terry _______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo/ipxe-devel
