[ipxe-devel] How to edit the documentation?

Guillaume LUCAS glucas+ipxe at glucas.fr
Sun Jul 11 11:45:44 UTC 2021


Hello,

I want to contribute to the documentation on ipxe.org but the 
registration is disabled ("Action disabled: register").
Can I have an account or I write my speech on this list and you will 
copy+paste on ipxe.org?

On <https://ipxe.org/err/0f0a60>, in "Additional notes", I want to write 
that this error also occurs when booting on HTTPS chain on a network 
without Internet access because OCSP check (against IPXE root CA 
certificate) *and* because of the download of IPXE cross-signed 
Mozilla's list of CA certificates.
To solve this issue, we need to disable OCSP check 
(<https://github.com/ipxe/ipxe/commit/9759860ec>) and add our x509 full 
chain in the "CERT" variable (or have a local mirror of IPXE 
cross-signed Mozilla's CA certificates).

On <https://ipxe.org/err/1c0de8>, I want to write that this error can 
occur when the certificate or the certificate chain is too large (> 4k). 
In this case, "DEBUG=TLS" displays "Received overlenght Handshake".

On <https://ipxe.org/crypto>, I want to write about OCSP. Presence. How 
to disable OCSP check at compilation time 
(<https://github.com/ipxe/ipxe/commit/9759860ec>). I also want to say 
that an Internet access is required to boot on HTTPS chain unless OCSP 
check is disabled *and* we don't use x509 chain provided by IPXE.
I also want to complete the sentence "Note that embedded certificates 
are generally quite large, and you should embed a certificate only if it 
is not feasible to obtain the certificate from another source (e.g. by 
configuring a crosscert server)." by "With large certificate or large 
certificate chain, the error "Invalid argument (1c0de8)" can occur." 
(with link to <https://ipxe.org/err/1c0de8>)

On <https://ipxe.org/buildcfg>, I want to add the "OCSP_CHECK" and 
"CROSSCERT" variables (they are defined in crypto.h).

Bye.



More information about the ipxe-devel mailing list