imgload from https://developer.mozilla.org causes 'Permission denied' error
|
2012-10-19, 17:18
Post: #1
|
|||
|
|||
imgload from https://developer.mozilla.org causes 'Permission denied' error
imgload from https://developer.mozilla.org causes 'Permission denied' error
I compile iPXE with HTTPS protocol enabled and TRUST=/etc/ssl/certs/GeoTrust_Global_CA.pem but have 'Permission denied' (http://ipxe.org/0216e63c) error here. Steps for reproduce: (all of this steps are implemented into the attached 'makeimage.sh' POSIX shell script). Just get it, chmod +x and run (tested on Ubuntu 12.04). 1. $ git clone git://git.ipxe.org/ipxe.git $ cd ipxe/src 2. define DOWNLOAD_PROTO_HTTPS in config/general.h 3. $ make bin/ipxe.lkrn TRUST=/etc/ssl/certs/GeoTrust_Global_CA.pem 4. wget http://boot.ipxe.org/ipxe.iso 5. Remaster iso: * to isolinux.cfg add line: INITRD script.txt * create script.txt: Code: #!ipxe 6. Boot from it (under VirtualBox for example). Actual result: Error message in console: Permission denied (http://ipxe.org/0216e63c) Expected result: * Successfull file transfer over https (and then fail on attempt to execute .ico file content). * TRUST will works even for my own CA and existing one. Additional details: If I make with $ make bin/ipxe.lkrn \ TRUST=/etc/ssl/certs/GeoTrust_Global_CA.pem \ DEBUG=x509,httpcore,https,rootcert The following I get into console: (entire console output into attached file com1_raw_dump_https_error_with_debug.bin, you can see it pretty colored with 'less -R <file> command) Quote:ROOTCERT using 1 built-in certificate(s): This is exactly matches with SHA256 fingerprint of GeoTrustGlobalCA certificate- it is all right. Quote:https://developer.mozilla.org/media/img/favicon.ico..."GeoTrust Global CA" should be valid, isn't it? Quote:.HTTP 0xdb244 response "HTTP/1.1 200 OK"What is the "<NULL>" certificate into the chain? Is it all right? Also, file com1_raw_dump_https_error_with_debug_7.bin contains console log for build $ make bin/ipxe.lkrn \ TRUST=/etc/ssl/certs/GeoTrust_Global_CA.pem \ DEBUG=x509:7,httpcore:7,https:7,rootcert:7 |
|||
2012-10-26, 15:43
Post: #2
|
|||
|
|||
RE: imgload from https://developer.mozilla.org causes 'Permission denied' error
If you need to set your own CA cert then you'll need to do the cross-signing yourself (which the built-in cert already is set up for using http://ca.ipxe.org/). You should be able to set up everything by following the guide at http://ipxe.org/crypto.
About the <NULL> certificate, I'm not entirely sure. You might have more luck if you ask on the developer mailing-list. |
|||
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 3 Guest(s)