[ipxe-devel] iPXE fails to fetch files via https - invalid argument and error 1c0dee02

Michael Brown mbrown at fensystems.co.uk
Wed Jan 30 17:04:15 GMT 2013


On Wednesday 30 Jan 2013 16:15:40 Nicola Volpini wrote:
> I just finished setting up iPXE in our infrastructure and it's great! I'm
> using it to install Debian via pxeboot and preseed and it works fine with
> a nice selection menu. We're fetching the images and the needed files from
> a directory served by Apache via http protocol. I'm trying to use https
> instead, so I compiled iPXE with https support and provided our self
> signed root chain via the "TRUST=<cert>,<cert>,..." parameter as suggested
> in the "crypto" section of the guide. HTTPS shows in the list of features.
> 
> IPXE starts, gets chainloaded and then tries to fetch the bootstrap.ipxe
> file as instructed by DHCP. At this point it fails with an "invalid
> argument" error (1c0dee02).

iPXE doesn't currently handle records (other than data records) which end up 
being split across multiple 4kB receive buffers. My guess is that your 
certificate chain is longer than 4kB in total.

Please try the attached (untested) patch, which will try to work around this 
problem.  If the certificate chain is very large then you may still hit an out-
of-memory error, which should have the new error number 310de806.

Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipxe-tls-concat.patch
Type: text/x-patch
Size: 4227 bytes
Desc: not available
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20130130/33d415a0/attachment.bin>


More information about the ipxe-devel mailing list