iPXE currently does not support TLS connections with large certificate chains because it can not handle TLS handshake record fragmentation. So i think there should be an option to disable the request for fragmentation. Hence i would add a `confg/tls.h` to make changes to the behaviour of the tls implementation. By default the request for fragmentation is enabled, so nothing changes here, but if desired it can be turned of by undefining `TLS_FRAGMENTATION_ENABLED` I also added the option `TLS_REQUESTED_MAX_FRAGMENT_LENGTH` for defining, if fragmentation is enabled, the requested maximum fragment length.
I appreciate your comments and feedback. You can view, comment on, or merge this pull request online at: https://github.com/ipxe/ipxe/pull/112 -- Commit Summary -- * Add a configuration header for tls and an option to disable tls fragmentation -- File Changes -- A src/config/tls.h (26) M src/net/tls.c (7) -- Patch Links -- https://github.com/ipxe/ipxe/pull/112.patch https://github.com/ipxe/ipxe/pull/112.diff -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/ipxe/ipxe/pull/112
_______________________________________________ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
