[coreboot] wget fails to fetch from acpica.org

Raymond Danks ray at se-eng.com
Sat May 12 00:18:58 CEST 2012


I ran into an issue yesterday with wget fetching the source packages for 
the iasl build from the acpica.org website.  It seems that they have 
changed their SSL implementation.  Specifically, this site, as of 
yesterday, uses TLS-SNI on the backend.  Wget versions that I have 
tried, 1.12 and the latest 1.13.4, fail with:

ERROR: cannot verify www.acpica.org's certificate, issued by 
`/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, 
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure 
Certification Authority/serialNumber=07969287':
   Issued certificate has expired.
ERROR: certificate common name `ofono.org' doesn't match requested host 
name `www.acpica.org'.
To connect to www.acpica.org insecurely, use `--no-check-certificate'.

The suggestion back from acpica.org is to use curl, which can properly 
handle TLS-SNI.   It appears that there may be patches around for 
TLS-SNI implementation within wget.  So, as an alternative, we can build 
our own wget in coreboot.  Or, we could simply pass in 
--no-check-certificate.

In any case, it seems that a change needs to be made to the buildgcc 
script to get iasl to build.  Does anyone have a preference on direction 
for this change?

Thanks,
Ray




More information about the coreboot mailing list