iPXE discussion forum / iPXE user forums / General v / iPXE TLS requiring trusting the intermediate certificate

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
iPXE TLS requiring trusting the intermediate certificate
2020-01-22, 05:56
Post: #2
CMCDragonkai Offline
iPXE User
**
 		Posts: 6
Joined: 2019-Nov
Reputation: 0
RE: iPXE TLS requiring trusting the intermediate certificate
Ok I've tested now with just server authentication, not client authentication. The same issue occurs. This time without trusting the intermediate certificate, the TLS download fails. But by trusting the intermediate certificate (and you don't even need to trust the root certificate), the TLS download succeeds.

This is a bug. No other TLS tools (including curl and browsers) require trusting the intermediate certificate. They only require trusting the root certificate, the intermediate path validation should go up to the root. I've tried this on the latest ipxe 1.20.1.

Certificate path validation logic in iPXE is quite different from other tools then.
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
RE: iPXE TLS requiring trusting the intermediate certificate - CMCDragonkai - 2020-01-22 05:56



User(s) browsing this thread: 1 Guest(s)

Contact Us | iPXE home page | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication