| Message ID | 20250617113333.2546767-1-jerome.forissier@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | doc: cmd: wget: remove erroneous note | expand |
On 17.06.25 13:33, Jerome Forissier wrote: > The note about U-Boot not being able to verify server certificates is > false now that WGET_CACERT and WGET_CACERT_BUILTIN have been added. > Remove it. Thank you for the patch. I can't find the string WGET_CACERT_BUILTIN in origin/next. Do you mean CONFIG_WGET_BUILTIN_CACERT? Otherwise Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> > > Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> > --- > > doc/usage/cmd/wget.rst | 7 ------- > 1 file changed, 7 deletions(-) > > diff --git a/doc/usage/cmd/wget.rst b/doc/usage/cmd/wget.rst > index 44033aaff39..06df2842549 100644 > --- a/doc/usage/cmd/wget.rst > +++ b/doc/usage/cmd/wget.rst > @@ -185,13 +185,6 @@ TCP Selective Acknowledgments in the legacy network stack can be enabled via > CONFIG_PROT_TCP_SACK=y. This will improve the download speed. Selective > Acknowledgments are enabled by default with lwIP. > > -.. note:: > - > - U-Boot currently has no way to verify certificates for HTTPS. > - A place to store the root CA certificates is needed, and then MBed TLS would > - need to walk the entire chain. Therefore, man-in-the middle attacks are > - possible and HTTPS should not be relied upon for payload authentication. > - > Return value > ------------ >
Hi Heinrich, On 6/17/25 14:03, Heinrich Schuchardt wrote: > On 17.06.25 13:33, Jerome Forissier wrote: >> The note about U-Boot not being able to verify server certificates is >> false now that WGET_CACERT and WGET_CACERT_BUILTIN have been added. >> Remove it. > > Thank you for the patch. > > I can't find the string WGET_CACERT_BUILTIN in origin/next. Do you mean CONFIG_WGET_BUILTIN_CACERT? Oops, yes. Fixed in v2. > > Otherwise > > Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Thanks,
diff --git a/doc/usage/cmd/wget.rst b/doc/usage/cmd/wget.rst index 44033aaff39..06df2842549 100644 --- a/doc/usage/cmd/wget.rst +++ b/doc/usage/cmd/wget.rst @@ -185,13 +185,6 @@ TCP Selective Acknowledgments in the legacy network stack can be enabled via CONFIG_PROT_TCP_SACK=y. This will improve the download speed. Selective Acknowledgments are enabled by default with lwIP. -.. note:: - - U-Boot currently has no way to verify certificates for HTTPS. - A place to store the root CA certificates is needed, and then MBed TLS would - need to walk the entire chain. Therefore, man-in-the middle attacks are - possible and HTTPS should not be relied upon for payload authentication. - Return value ------------
The note about U-Boot not being able to verify server certificates is false now that WGET_CACERT and WGET_CACERT_BUILTIN have been added. Remove it. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> --- doc/usage/cmd/wget.rst | 7 ------- 1 file changed, 7 deletions(-)