[gPXE] List of trusted root CAs
Neil Smith
n5eil.neil at gmail.com
Wed Jan 27 08:06:16 EST 2010
Sven,
Hi and welcome to the list. Feel free to join us in the the IRC channel #etherboot on freenode.
As for the https, it currently doesn't do any form of verifications against the CA. (I'm actually working on a patch for this, but it isn't a simple road ahead). But if you're looking to have a fun afternoon, look in http://www.etherboot.org/share/sha0/gpxe/src/bin/doc/html/files.html for https.c and tls.h ... The difficulty with creating a truly secure https session, is the lack of random number generation on boot.
If you're looking to do some form of authentication, I'd insert RSA keys that verify the md5 check, kinda like SSH-RSA token exchanges. Or look into using a boot.php file that checks versus a login...
I'm sure as the day progresses, more will be adding to this thread.
Regards,
Neil
On Jan 27, 2010, at 6:30 AM, SDreyer at gmx.de wrote:
> Hi list,
>
> after reading a website concerning gPXE, I downloaded version 0.9.7 and was absolutely impressed how smooth it works. I'm always using the latest version since then and did already flash it to a couple of 3c905c-txm cards. :-)
>
> What I would like to try is https booting from my home server, which has a certificate issued by my own CA. In other words, it is no "official" CA.
>
> So I would like to patch the sourcecode to add my own CA to the list of trusted root CAs. Unfortunately, I could not find out in which part of the source code the trusted root CAs are listed.
>
> Could you please give me a hint?
>
> Thanks in advance,
> Sven
>
> --
> GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
> Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
> _______________________________________________
> gPXE mailing list
> gPXE at etherboot.org
> http://etherboot.org/mailman/listinfo/gpxe
More information about the gPXE
mailing list