[ipxe-devel] Proposed patch: support for SSL subjectAlternativeName certificates, two other useful features

Alex Chernyakhovsky achernya at google.com
Tue Oct 15 20:44:26 UTC 2013


Hi Jarrod,

What is the 'xcat' vendor repository? My goal is for these patches to be
part of iPXE main upstream; I have no objections to them being included in
other iPXE versions earlier.

Sincerely,
-Alex



On Sat, Oct 5, 2013 at 9:41 AM, Jarrod Johnson
<jarrod.b.johnson at gmail.com>wrote:

> I'll probably be testing at least the first patch on Monday (I recently
> found myself in need of this precise function).  If it pans out, would you
> mind me adding it to at least my 'xcat' vendor repository of ipxe?
>
> I don't yet find myself in need of the other two patches, so I don't have
> much to comment on them.
>
>
>
> On Wed, Oct 2, 2013 at 5:24 PM, Alex Chernyakhovsky <achernya at google.com>wrote:
>
>> Hi iPXE devel,
>>
>> Please find attached 3 patches that I think are extremely useful. They
>> implement the following:
>>
>> 1. subjectAlternativeName support (and wildcard support) for SSL
>> certificates. This allows iPXE to validate certificates that have more than
>> one name, as many certs issued these days have sAN fields.
>> 2. Allow setting/reading variables in base64.
>> 3. Implement a "tokset" command that allows tokenizing and setting
>> variables.
>>
>> Of these, the tokset patch is still rough, so I'd appreciate comments on
>> how to improve it.
>>
>> Sincerely,
>> -Alex
>>
>>
>> _______________________________________________
>> ipxe-devel mailing list
>> ipxe-devel at lists.ipxe.org
>> https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20131015/a50c9e62/attachment.htm>


More information about the ipxe-devel mailing list