[ipxe-devel] Question about SSL support
Michael Brown
mbrown at fensystems.co.uk
Thu Feb 17 22:33:48 UTC 2011
On Thursday 17 Feb 2011 17:43:01 Miro Halas wrote:
> I was wondering if somebody could comment on SSL (HTTPS) support in iPXE. I
> wasn't able to find any documentation beyond some references in the mailing
> list. I understand that to enable HTTPS supper I need to
> modify src/config/general.h. I was wondering what works and what doesn't?
iPXE will speak HTTPS well enough to communicate with an HTTPS server.
However, it does not validate the certificate in any way, and the random number
generator is not implemented.
> I have also noticed that after gPXE/iPXE split there was couple of patches
> submitted (for
> example http://www.mail-archive.com/gpxe@etherboot.org/msg01128.html).
> Based on this patch I am assuming that quite a bit of functionality (e.g.
> certificate validation) is missing. Is this correct assumption? Also
> looking at the iPXE mailing list I have not seen this particular patch
> being applied. Is there any reason why?
To be honest, it has simply slipped off the bottom of my to-do list. Also, I
have a strong preference for using a CA cross-signing mechanism similar to
that used for Windows kernel-mode code signing, so that we can avoid the need
to embed the specific root certs within the iPXE binary.
Michael
More information about the ipxe-devel
mailing list