Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 6987eb1575374bf4a3857f2b1a68fa572f693b22
commit6987eb1575374bf4a3857f2b1a68fa572f693b22[log] [tgz]
authorJerome Forissier <jerome.forissier@linaro.org>Wed Mar 05 15:26:43 2025 +0100
committerJerome Forissier <jerome.forissier@linaro.org>Tue Mar 11 14:16:03 2025 +0100
treeb2bccc2502144a8c94c606332d71dbffce48c6d1
parent8fa383dac4f0d93b0d7f4f68c38a00b1e4f14e19 [diff]
lwip: tls: enforce checking of server certificates based on CA availability

Instead of relying on some build time configuration to determine if
server certificates need to be checked against CA certificates, do it
based on the availability of such certificates. If no CA is configured
then no check can succeed; on the other hand if we have CA certs then
we should not ignore them. It is always possible to remove the CA certs
(via 'wget cacert 0 0') to force an HTTPS download that would fail
certificate validation.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2 files changed
tree: b2bccc2502144a8c94c606332d71dbffce48c6d1
  1. .github/
  2. api/
  3. arch/
  4. board/
  5. boot/
  6. cmd/
  7. common/
  8. configs/
  9. disk/
  10. doc/
  11. drivers/
  12. dts/
  13. env/
  14. examples/
  15. fs/
  16. include/
  17. lib/
  18. Licenses/
  19. net/
  20. post/
  21. scripts/
  22. test/
  23. tools/
  24. .azure-pipelines.yml
  25. .checkpatch.conf
  26. .get_maintainer.conf
  27. .get_maintainer.ignore
  28. .gitattributes
  29. .gitignore
  30. .gitlab-ci.yml
  31. .mailmap
  32. .readthedocs.yml
  33. config.mk
  34. Kbuild
  35. Kconfig
  36. MAINTAINERS
  37. Makefile
  38. README