[coreboot] wget fails to fetch from acpica.org
Raymond Danks
ray at se-eng.com
Sat May 12 00:18:58 CEST 2012
I ran into an issue yesterday with wget fetching the source packages for
the iasl build from the acpica.org website. It seems that they have
changed their SSL implementation. Specifically, this site, as of
yesterday, uses TLS-SNI on the backend. Wget versions that I have
tried, 1.12 and the latest 1.13.4, fail with:
ERROR: cannot verify www.acpica.org's certificate, issued by
`/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure
Certification Authority/serialNumber=07969287':
Issued certificate has expired.
ERROR: certificate common name `ofono.org' doesn't match requested host
name `www.acpica.org'.
To connect to www.acpica.org insecurely, use `--no-check-certificate'.
The suggestion back from acpica.org is to use curl, which can properly
handle TLS-SNI. It appears that there may be patches around for
TLS-SNI implementation within wget. So, as an alternative, we can build
our own wget in coreboot. Or, we could simply pass in
--no-check-certificate.
In any case, it seems that a change needs to be made to the buildgcc
script to get iasl to build. Does anyone have a preference on direction
for this change?
Thanks,
Ray
More information about the coreboot
mailing list