Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2055650/?format=api
{ "id": 2055650, "url": "http://patchwork.ozlabs.org/api/patches/2055650/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20250305142650.2966738-4-jerome.forissier@linaro.org/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20250305142650.2966738-4-jerome.forissier@linaro.org>", "list_archive_url": null, "date": "2025-03-05T14:26:44", "name": "[v2,3/6] lwip: tls: warn when no CA exists amd log certificate validation errors", "commit_ref": "7a15ccb66217b927410ccb1083f7c9f8c88a3ab8", "pull_url": null, "state": "accepted", "archived": false, "hash": "d3e2ae05c62ff9f9a20626675bd61833358dfb99", "submitter": { "id": 69192, "url": "http://patchwork.ozlabs.org/api/people/69192/?format=api", "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org" }, "delegate": { "id": 157425, "url": "http://patchwork.ozlabs.org/api/users/157425/?format=api", "username": "jforissier", "first_name": "Jerome", "last_name": "Forissier", "email": "jerome.forissier@linaro.org" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20250305142650.2966738-4-jerome.forissier@linaro.org/mbox/", "series": [ { "id": 447137, "url": "http://patchwork.ozlabs.org/api/series/447137/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=447137", "date": "2025-03-05T14:26:41", "name": "net: lwip: root certificates", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/447137/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2055650/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2055650/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256\n header.s=google header.b=mdssnb0b;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=linaro.org", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=linaro.org header.i=@linaro.org header.b=\"mdssnb0b\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=linaro.org", "phobos.denx.de;\n spf=pass smtp.mailfrom=jerome.forissier@linaro.org" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature ECDSA (secp384r1))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4Z7FJV5NRGz1yVg\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 6 Mar 2025 01:27:54 +1100 (AEDT)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 016478141D;\n\tWed, 5 Mar 2025 15:27:21 +0100 (CET)", "by phobos.denx.de (Postfix, from userid 109)\n id 27D6881417; Wed, 5 Mar 2025 15:27:20 +0100 (CET)", "from mail-wr1-x431.google.com (mail-wr1-x431.google.com\n [IPv6:2a00:1450:4864:20::431])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 6344E811C1\n for <u-boot@lists.denx.de>; Wed, 5 Mar 2025 15:27:17 +0100 (CET)", "by mail-wr1-x431.google.com with SMTP id\n ffacd0b85a97d-38f403edb4eso4147077f8f.3\n for <u-boot@lists.denx.de>; Wed, 05 Mar 2025 06:27:17 -0800 (PST)", "from builder.. ([2a01:e0a:3cb:7bb0:369c:9bd8:7c87:9a39])\n by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-391188029e0sm5442456f8f.52.2025.03.05.06.27.16\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 05 Mar 2025 06:27:16 -0800 (PST)" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=linaro.org; s=google; t=1741184837; x=1741789637; darn=lists.denx.de;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=tqKYtD3GqjUkCBmF0aRwBJEerlGo6a56Ic88y4V845c=;\n b=mdssnb0bWACfl8l4JRXNe0IEYvclXfP5eHVM+NylP6Te+5Dx9g60g7Dn6/zRzMKzPZ\n tDAuBUgrToKbB391yMa4CVfEBZbOKpjVBzCGqDLFHESICAT6cFHGKMRlxNYeXzApgkXf\n 0S5WFo/j9OPULvvurs2Wl2VKf0WBU4IC902UEa8Nx9YJdZ+ugiP2kDZkQraEOygjGKyv\n ZS4DPufjNigoqiL5EeEqwezsMMXMSKEaDYB+P/wnnBE5TCr5zu4gCQu5sEwEMGES/+10\n +19WatQnkbdZ2Z8OcfDBRQRPueYUAI75ZXva4T1/z8dDUWe/1slklqZvtpwZY856WXDT\n DrKA==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1741184837; x=1741789637;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc\n :subject:date:message-id:reply-to;\n bh=tqKYtD3GqjUkCBmF0aRwBJEerlGo6a56Ic88y4V845c=;\n b=O+xqMXklKpGWqRBb1G1+J5Ukk2KMz68uj1nHNQ6PMCrYIGyBx/dChtD8zy7Vtc3Yjl\n KsCl94grZ+bPRExY+CpghU0NxgoWHA9OqKGv4t59VIceHd5jGO8pddV13elU9EUXnbed\n Z5TFYeyBz2zdzExnfqisT4XIc1Bc1PgGJsa5dWt0vGfaOFjO+dpbdGy7qbcZ4+x/r4rb\n x9Nnv3YF6ZCVU9ReggaX28JPcj72Vd8Vt+WuNF2wepBA3NLwaoEMKXk+jyEm0WhQ04sX\n vzCCSNCaaMt6PRhZSm8PdTVash++7jeKdYuTsgV8SMlUTBarAGKsZy8YtTQgVxHBoG7P\n 6qPg==", "X-Gm-Message-State": "AOJu0YyJugvdx45P0ubagnWYwaDmRM2q+X84uAWXzmoWG7ks/TjtTpOR\n mtz3viqOgtIvwNkjL/CqB2fj1ySna8eiCUAPAefEb2Fl+BdqMX8PnPchWNJko0dLcNWi3XZB7p1\n D", "X-Gm-Gg": "ASbGncsWdAgkCZG8FxUwf5Ztyq6ohULAW9dFQPV39b+Jopyov8LifxSegHj1hoXJIfH\n B2ySrdK25W8MSOi6mI2IOpips0g3NAtuDMOBKXh3Deg31gRDNZNf8+D+nMuD/BziBEXL9cm14DG\n rE0kQBvw9455/tD/1H0svI9HfmbfIs2vVuUULNXlQtdqsn+bRfm81Rq91JituWcdomF7KvNHpAe\n 2T9/pHOcvmVRMMWikrOnguTqNuAADi6NAqRhyYSITjxIiIBtOKNOQ3GMN71Q2VDSiHrKXmY7/e6\n DBbEYZezF0Zg5TkHFRAHqCHilzdmLS7O3EwOKLAEfkVQRi3G9ddrmg==", "X-Google-Smtp-Source": "\n AGHT+IFldCcwlwKD7wUVSWB2/FsnVVY5XEmmYuxB6VNxkr4driC+SpsUhWx99turbC4erblTEjsagw==", "X-Received": "by 2002:a05:6000:1f8f:b0:391:253b:4046 with SMTP id\n ffacd0b85a97d-391253b4203mr2335945f8f.16.1741184836737;\n Wed, 05 Mar 2025 06:27:16 -0800 (PST)", "From": "Jerome Forissier <jerome.forissier@linaro.org>", "To": "u-boot@lists.denx.de", "Cc": "Ilias Apalodimas <ilias.apalodimas@linaro.org>,\n Jerome Forissier <jerome.forissier@linaro.org>,\n Tom Rini <trini@konsulko.com>, Javier Tia <javier.tia@linaro.org>,\n Heinrich Schuchardt <xypron.glpk@gmx.de>", "Subject": "[PATCH v2 3/6] lwip: tls: warn when no CA exists amd log certificate\n validation errors", "Date": "Wed, 5 Mar 2025 15:26:44 +0100", "Message-ID": "<20250305142650.2966738-4-jerome.forissier@linaro.org>", "X-Mailer": "git-send-email 2.43.0", "In-Reply-To": "<20250305142650.2966738-1-jerome.forissier@linaro.org>", "References": "<20250305142650.2966738-1-jerome.forissier@linaro.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "Using HTTPS without root (CA) certificates is a security issue. Print a\nwarning in this case. Also, when certificate verification fail, print\nan additional message because \"HTTP client error 4\" is not very\ninformative (4 is HTTPC_RESULT_ERR_CLOSED).\n\nSigned-off-by: Jerome Forissier <jerome.forissier@linaro.org>\nReviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>\n---\n lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c | 6 ++++++\n 1 file changed, 6 insertions(+)", "diff": "diff --git a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c\nindex fa3d1d74fed..ef51a5ac168 100644\n--- a/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c\n+++ b/lib/lwip/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c\n@@ -298,6 +298,9 @@ altcp_mbedtls_lower_recv_process(struct altcp_pcb *conn, altcp_mbedtls_state_t *\n if (ret != 0) {\n LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, (\"mbedtls_ssl_handshake failed: %d\\n\", ret));\n /* handshake failed, connection has to be closed */\n+ if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {\n+ printf(\"Certificate verification failed\\n\");\n+ }\n if (conn->err) {\n conn->err(conn->arg, ERR_CLSD);\n }\n@@ -841,6 +844,9 @@ altcp_tls_create_config(int is_server, u8_t cert_count, u8_t pkey_count, int hav\n altcp_mbedtls_free_config(conf);\n return NULL;\n }\n+ if (authmode == MBEDTLS_SSL_VERIFY_NONE) {\n+ printf(\"WARNING: no CA certificates, HTTPS connections not authenticated\\n\");\n+ }\n mbedtls_ssl_conf_authmode(&conf->conf, authmode);\n \n mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random, &altcp_tls_entropy_rng->ctr_drbg);\n", "prefixes": [ "v2", "3/6" ] }