[ipxe-devel] Validation of SSL certificates for HTTPS
Michael Brown
mbrown at fensystems.co.uk
Mon Mar 19 04:25:41 UTC 2012
On Tuesday 13 Mar 2012 17:51:55 Terry Burton wrote:
> On 13 March 2012 13:22, Michael Brown <mbrown at fensystems.co.uk> wrote:
> > On Monday 12 Mar 2012 15:25:54 Terry Burton wrote:
> >> Is validation of HTTPs certificates (akin to this earlier patch [1]) a
> >> feature that is on the roadmap?
> >
> > Yes.
Done, with the exception of time and date checking (which will be implemented
soon; at the moment even expired certificates will be accepted).
Some basic instructions are in place at
http://ipxe.org/crypto
iPXE embeds only the SHA-256 fingerprints of the trusted root certificates, not
the whole certificate. A consequence of this is that the server must currently
provide the full certificate chain, including the root certificate and any
cross-signing certificates. This limitation will eventually be lifted, by
enabling iPXE to automatically download the relevant cross-signing certificates
when needed.
Michael
More information about the ipxe-devel
mailing list