[ipxe-devel] SSL certificate validation and NTP

[Phil Martin]

Hi,

I've been experimenting with the HTTPS functions in iPXE over the last
day or so. Since you've enabled the checking of the certificate
validity period, will you be including some sort of NTP functionality
to set the system clock before checking the certificate? Currently, if
for some reason a machine has lost time (or doesn't have a CMOS clock
at all), it will fail to boot over HTTPS as the certificate won't yet
be valid, according to the machine's clock at least. Perhaps it could
use the NTP servers at pool.ntp.org by default, but be overridden if
option 42 was specified in DHCP?

Regards,

Phil