On 17.06.25 13:33, Jerome Forissier wrote:
The note about U-Boot not being able to verify server certificates is
false now that WGET_CACERT and WGET_CACERT_BUILTIN have been added.
Remove it.
Thank you for the patch.
I can't find the string WGET_CACERT_BUILTIN in origin/next. Do you mean
CONFIG_WGET_BUILTIN_CACERT?
Otherwise
Reviewed-by: Heinrich Schuchardt <[email protected]>
Signed-off-by: Jerome Forissier <[email protected]>
---
doc/usage/cmd/wget.rst | 7 -------
1 file changed, 7 deletions(-)
diff --git a/doc/usage/cmd/wget.rst b/doc/usage/cmd/wget.rst
index 44033aaff39..06df2842549 100644
--- a/doc/usage/cmd/wget.rst
+++ b/doc/usage/cmd/wget.rst
@@ -185,13 +185,6 @@ TCP Selective Acknowledgments in the legacy network stack
can be enabled via
CONFIG_PROT_TCP_SACK=y. This will improve the download speed. Selective
Acknowledgments are enabled by default with lwIP.
-.. note::
-
- U-Boot currently has no way to verify certificates for HTTPS.
- A place to store the root CA certificates is needed, and then MBed TLS
would
- need to walk the entire chain. Therefore, man-in-the middle attacks are
- possible and HTTPS should not be relied upon for payload authentication.
-
Return value
------------
