Hi Heinrich, On 6/17/25 14:03, Heinrich Schuchardt wrote: > On 17.06.25 13:33, Jerome Forissier wrote: >> The note about U-Boot not being able to verify server certificates is >> false now that WGET_CACERT and WGET_CACERT_BUILTIN have been added. >> Remove it. > > Thank you for the patch. > > I can't find the string WGET_CACERT_BUILTIN in origin/next. Do you mean > CONFIG_WGET_BUILTIN_CACERT?
Oops, yes. Fixed in v2. > > Otherwise > > Reviewed-by: Heinrich Schuchardt <[email protected]> Thanks, -- Jerome > >> >> Signed-off-by: Jerome Forissier <[email protected]> >> --- >> >> doc/usage/cmd/wget.rst | 7 ------- >> 1 file changed, 7 deletions(-) >> >> diff --git a/doc/usage/cmd/wget.rst b/doc/usage/cmd/wget.rst >> index 44033aaff39..06df2842549 100644 >> --- a/doc/usage/cmd/wget.rst >> +++ b/doc/usage/cmd/wget.rst >> @@ -185,13 +185,6 @@ TCP Selective Acknowledgments in the legacy network >> stack can be enabled via >> CONFIG_PROT_TCP_SACK=y. This will improve the download speed. Selective >> Acknowledgments are enabled by default with lwIP. >> -.. note:: >> - >> - U-Boot currently has no way to verify certificates for HTTPS. >> - A place to store the root CA certificates is needed, and then MBed TLS >> would >> - need to walk the entire chain. Therefore, man-in-the middle attacks are >> - possible and HTTPS should not be relied upon for payload authentication. >> - >> Return value >> ------------ >> >
