[ipxe-devel] HTTPS - unrecognised algorithm
Wim Week
wimwerk007 at gmail.com
Tue Jun 2 18:13:19 UTC 2015
Hi,
I'm having issues when using https (and undionly.kpxe)
When chaining a https URL I'm getting: "Operation not supported (
http://ipxe.org/3c00e103)" (We're using "real" certificates, so not
self-signed.)
I also tested on e.g https://google.com and here it works (no https error)
Recompiled with DEBUG=asn1 and it seems that the unrecognised algorithm is
part of a certificate.
See screenshot at http://snag.gy/j2i8a.jpg
I'm testing with ipxe current from git (commit
6b7157c233541a4cb3c90021e8ca219b0b5dd358)
iPXE 1.0.0+ (6b71) -- Open Source Network Boot Firmware -- http://ipxe.org
Features: DNS HTTP HTTPS iSCSI TFTP AoE ELF MBOOT PXE bzImage Menu PXEXT
Fiddling with the code, basically ignoring the errors, it works.
diff --git a/src/crypto/asn1.c b/src/crypto/asn1.c
index aca12bf..6715685 100644
--- a/src/crypto/asn1.c
+++ b/src/crypto/asn1.c
@@ -507,7 +507,8 @@ int asn1_algorithm ( const struct asn1_cursor *cursor,
if ( ! *algorithm ) {
DBGC ( cursor, "ASN1 %p unrecognised algorithm:\n", cursor
);
DBGC_HDA ( cursor, 0, cursor->data, cursor->len );
- return -ENOTSUP_ALGORITHM;
+ //return -ENOTSUP_ALGORITHM;
+ return 0;
}
return 0;
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 00eb226..c42bc52 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -1763,7 +1763,8 @@ int x509_validate_chain ( struct x509_chain *chain,
time_t time,
}
DBGC ( chain, "X509 chain %p found no usable certificates\n", chain
);
- return -EACCES_USELESS;
+ //return -EACCES_USELESS;
+ return 0;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20150602/2d2b197c/attachment.htm>
More information about the ipxe-devel
mailing list