Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2055653,
    "url": "http://patchwork.ozlabs.org/api/patches/2055653/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20250305142650.2966738-6-jerome.forissier@linaro.org/",
    "project": {
        "id": 18,
        "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api",
        "name": "U-Boot",
        "link_name": "uboot",
        "list_id": "u-boot.lists.denx.de",
        "list_email": "u-boot@lists.denx.de",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20250305142650.2966738-6-jerome.forissier@linaro.org>",
    "list_archive_url": null,
    "date": "2025-03-05T14:26:46",
    "name": "[v2,5/6] doc: cmd: wget: document cacert subcommand",
    "commit_ref": "c6862debd2292b9a382f9cb92d4f2e51820702b5",
    "pull_url": null,
    "state": "accepted",
    "archived": false,
    "hash": "fc30b9bcaa86c5776e99a325ded29011fb4d5ec3",
    "submitter": {
        "id": 69192,
        "url": "http://patchwork.ozlabs.org/api/people/69192/?format=api",
        "name": "Jerome Forissier",
        "email": "jerome.forissier@linaro.org"
    },
    "delegate": {
        "id": 157425,
        "url": "http://patchwork.ozlabs.org/api/users/157425/?format=api",
        "username": "jforissier",
        "first_name": "Jerome",
        "last_name": "Forissier",
        "email": "jerome.forissier@linaro.org"
    },
    "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20250305142650.2966738-6-jerome.forissier@linaro.org/mbox/",
    "series": [
        {
            "id": 447137,
            "url": "http://patchwork.ozlabs.org/api/series/447137/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=447137",
            "date": "2025-03-05T14:26:41",
            "name": "net: lwip: root certificates",
            "version": 2,
            "mbox": "http://patchwork.ozlabs.org/series/447137/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2055653/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2055653/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<u-boot-bounces@lists.denx.de>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256\n header.s=google header.b=vQyRlEnJ;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=85.214.62.61; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)",
            "phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=linaro.org",
            "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de",
            "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=linaro.org header.i=@linaro.org header.b=\"vQyRlEnJ\";\n\tdkim-atps=neutral",
            "phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=linaro.org",
            "phobos.denx.de;\n spf=pass smtp.mailfrom=jerome.forissier@linaro.org"
        ],
        "Received": [
            "from phobos.denx.de (phobos.denx.de [85.214.62.61])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature ECDSA (secp384r1))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4Z7FKC1vvkz1yVg\n\tfor <incoming@patchwork.ozlabs.org>; Thu,  6 Mar 2025 01:28:31 +1100 (AEDT)",
            "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id D84768164E;\n\tWed,  5 Mar 2025 15:27:26 +0100 (CET)",
            "by phobos.denx.de (Postfix, from userid 109)\n id B658681428; Wed,  5 Mar 2025 15:27:25 +0100 (CET)",
            "from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com\n [IPv6:2a00:1450:4864:20::32f])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id D1E0E81428\n for <u-boot@lists.denx.de>; Wed,  5 Mar 2025 15:27:21 +0100 (CET)",
            "by mail-wm1-x32f.google.com with SMTP id\n 5b1f17b1804b1-43bcad638efso14367145e9.2\n for <u-boot@lists.denx.de>; Wed, 05 Mar 2025 06:27:21 -0800 (PST)",
            "from builder.. ([2a01:e0a:3cb:7bb0:369c:9bd8:7c87:9a39])\n by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-391188029e0sm5442456f8f.52.2025.03.05.06.27.18\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 05 Mar 2025 06:27:19 -0800 (PST)"
        ],
        "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de",
        "X-Spam-Level": "",
        "X-Spam-Status": "No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=linaro.org; s=google; t=1741184841; x=1741789641; darn=lists.denx.de;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=VToeK9rvmge7vGIsjMizB5Qvqb2KL2Jo2850qAV1D5k=;\n b=vQyRlEnJJN1UJgqZ8t6Ut8C2S/T1mnkkS9UYQv//qx4LQbvMI+EFMxO37h5DnWmQDB\n SX9fTCDUNZmpK0NZzActmCbIxwarz4f438iJ+TS0YhHYaLnRiJKQQfIFZGqeDtBht9bi\n 3uM9S2E0BSxH2AD2fhv2gPvtMgX6M/VduXCCgVjVOUakhJszmWs858rcebJoTuJKdOPZ\n KSFSP/yL9G/+p1s6EeIcW8XH3I/LriaJ1oG0r/5+Slcp4se7iIvuy6c97kUz/RVCdxOI\n uVGaZDeYo5osmT4KGVV8avF+JE0Ff6dO9KBnLC8hFRpQMj5EEwl3gypgQpNA4uB6hdme\n ieAg==",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1741184841; x=1741789641;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc\n :subject:date:message-id:reply-to;\n bh=VToeK9rvmge7vGIsjMizB5Qvqb2KL2Jo2850qAV1D5k=;\n b=HawUPYhZq5bOfO/wCiIM9DyWNhLhQmWhy2bpLdK5KL6N7w2C14JC3C4iDk5tHpbiAM\n MDrtyL1BRAT0UlYnFAWzpml2OFXxvsd1B1WwP9u/hBjjOhSSR+/mnx/d9gsZM6B9thJ8\n 9ZiwoUVN2JTBJh8mHWPl1iViYsg0AB5ejnQulImf/Sct25o7/cpjuEq5hO8fMpAkKilv\n BZYxXUaPWpI9qjdP66+E6mb2e2OXpRnEHYgcOBs/rYHBx+WRjsi1VygoEkv4mZuMr/Qa\n sVnM0bOlwo/OC69qvn1XJ7IZVq7ycXRHgPPAEEk1kypjPnSZ5dNmms0ylJTwGl3nK+Vk\n kUhw==",
        "X-Gm-Message-State": "AOJu0Yx+7jOw+2FLjDDCv3VB6w/YzaEUPbxYub3NwN1xZRdjgL1TaJro\n bm3KHnwFtmEUmQ872ZLR6psVM/RfY22pL1YxcpnfgaajwfND2fYhwZNMhUNOh9sYmNFVtClOxuX\n C",
        "X-Gm-Gg": "ASbGncuF4Fduox0DT7sHL2HanF8705ThtOmaB0st8jB+6/WJwhjIPlgk5Xf07M33Rlp\n oY2BUHU5oA+m4gXSaTNuzJhlc45ADI2GxB+xowRCjGGfuiRN5Y2Si/wGmhPYbxb180lmP6ceFzT\n 28M1t2zb2VDfLKIgYX8dt0bUOWP92e0l3qrx58rYvzTaIqNgNGx1J6Pyl0oh3XTJ7XEO4zOIhLB\n U2PSNHHF9vnPVh03Hm0NM3YYPe6ejNuSfM8heYEqGPlKjlBAbB9l2CRQvXKTxShCcygLrgFkMwM\n q/73292hx6JDG2EKoK4OunuhasZ7LmnOlZ7b9T3aHOQmbezWgHv9Cw==",
        "X-Google-Smtp-Source": "\n AGHT+IGoEo/Ij3jf8lezZOmMaDLQdol3Jeb1pdbK1UykotIzcOSQukb4rzzhoN9x26m9rXD5yq0BvQ==",
        "X-Received": "by 2002:a05:600c:474b:b0:43b:c528:d0b8 with SMTP id\n 5b1f17b1804b1-43bd294e07fmr30738155e9.5.1741184839631;\n Wed, 05 Mar 2025 06:27:19 -0800 (PST)",
        "From": "Jerome Forissier <jerome.forissier@linaro.org>",
        "To": "u-boot@lists.denx.de",
        "Cc": "Ilias Apalodimas <ilias.apalodimas@linaro.org>,\n Jerome Forissier <jerome.forissier@linaro.org>,\n Tom Rini <trini@konsulko.com>, Heinrich Schuchardt <xypron.glpk@gmx.de>,\n Simon Glass <sjg@chromium.org>",
        "Subject": "[PATCH v2 5/6] doc: cmd: wget: document cacert subcommand",
        "Date": "Wed,  5 Mar 2025 15:26:46 +0100",
        "Message-ID": "<20250305142650.2966738-6-jerome.forissier@linaro.org>",
        "X-Mailer": "git-send-email 2.43.0",
        "In-Reply-To": "<20250305142650.2966738-1-jerome.forissier@linaro.org>",
        "References": "<20250305142650.2966738-1-jerome.forissier@linaro.org>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "X-BeenThere": "u-boot@lists.denx.de",
        "X-Mailman-Version": "2.1.39",
        "Precedence": "list",
        "List-Id": "U-Boot discussion <u-boot.lists.denx.de>",
        "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>",
        "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>",
        "List-Post": "<mailto:u-boot@lists.denx.de>",
        "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>",
        "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>",
        "Errors-To": "u-boot-bounces@lists.denx.de",
        "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>",
        "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de",
        "X-Virus-Status": "Clean"
    },
    "content": "Document the 'wget cacert' subcommand which allows to configure root\n(CA) certificates for HTTPS.\n\nSigned-off-by: Jerome Forissier <jerome.forissier@linaro.org>\n---\n doc/usage/cmd/wget.rst | 82 ++++++++++++++++++++++++++++++++++++++++--\n 1 file changed, 80 insertions(+), 2 deletions(-)",
    "diff": "diff --git a/doc/usage/cmd/wget.rst b/doc/usage/cmd/wget.rst\nindex 48bedf1e845..cc82e495a29 100644\n--- a/doc/usage/cmd/wget.rst\n+++ b/doc/usage/cmd/wget.rst\n@@ -12,7 +12,9 @@ Synopsis\n ::\n \n     wget [address] [host:]path\n-    wget [address] url          # lwIP only\n+    wget [address] url                  # lwIP only\n+    wget cacert none|optional|required  # lwIP only\n+    wget cacert <address> <size>        # lwIP only\n \n \n Description\n@@ -54,6 +56,32 @@ address\n url\n     HTTP or HTTPS URL, that is: http[s]://<host>[:<port>]/<path>.\n \n+The cacert (stands for 'Certification Authority certificates') subcommand is\n+used to provide root certificates for the purpose of HTTPS authentication. It\n+also allows to enable or disable authentication.\n+\n+wget cacert <address> <size>\n+\n+address\n+    memory address of the root certificates in X509 DER format\n+\n+size\n+    the size of the root certificates\n+\n+wget cacert none|optional|required\n+\n+none\n+    certificate verification is disabled. HTTPS is used without any server\n+    authentication (unsafe)\n+optional\n+    certificate verification is enabled provided root certificates have been\n+    provided via wget cacert <addr> <size> or wget cacert builtin. Otherwise\n+    HTTPS is used without any server authentication (unsafe).\n+required\n+    certificate verification is mandatory. If no root certificates have been\n+    configured, HTTPS transfers will fail.\n+\n+\n Examples\n --------\n \n@@ -97,11 +125,61 @@ In the example the following steps are executed:\n    1694892032 bytes transferred in 492181 ms (3.3 MiB/s)\n    Bytes transferred = 1694892032 (65060000 hex)\n \n+Here is an example showing how to configure built-in root certificates as\n+well as providing some at run time. In this example it is assumed that\n+CONFIG_WGET_BUILTIN_CACERT_PATH=DigiCertTLSRSA4096RootG5.crt downloaded from\n+https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt.\n+\n+::\n+\n+   # Make sure IP is configured\n+   => dhcp\n+   # When built-in certificates are configured, authentication is mandatory\n+   # (i.e., \"wget cacert required\"). Use a test server...\n+   => wget https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/\n+   1864 bytes transferred in 1 ms (1.8 MiB/s)\n+   Bytes transferred = 1864 (748 hex)\n+   # Another server not signed against Digicert will fail\n+   => wget https://www.google.com/\n+   Certificate verification failed\n+\n+   HTTP client error 4\n+   # Disable authentication to allow the command to proceed anyways\n+   => wget cacert none\n+   => wget https://www.google.com/\n+   WARNING: no CA certificates, HTTPS connections not authenticated\n+   16683 bytes transferred in 15 ms (1.1 MiB/s)\n+   Bytes transferred = 16683 (412b hex)\n+   # Force verification but unregister the CA certificates\n+   => wget cacert required\n+   => wget cacert 0 0\n+   # Unsurprisingly, download fails\n+   => wget https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/\n+   Error: cacert authentication mode is 'required' but no CA certificates given\n+   # Get the same certificates as above from the network\n+   => wget cacert none\n+   => wget https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt\n+   WARNING: no CA certificates, HTTPS connections not authenticated\n+   1386 bytes transferred in 1 ms (1.3 MiB/s)\n+   Bytes transferred = 1386 (56a hex)\n+   # Register them and force authentication\n+   => wget cacert $fileaddr $filesize\n+   => wget cacert required\n+   # Authentication is operational again\n+   => wget https://digicert-tls-rsa4096-root-g5.chain-demos.digicert.com/\n+   1864 bytes transferred in 1 ms (1.8 MiB/s)\n+   Bytes transferred = 1864 (748 hex)\n+   # The builtin certificates can be restored at any time\n+   => wget cacert builtin\n+\n Configuration\n -------------\n \n The command is only available if CONFIG_CMD_WGET=y.\n-To enable lwIP support set CONFIG_NET_LWIP=y.\n+To enable lwIP support set CONFIG_NET_LWIP=y. In this case, root certificates\n+support can be enabled via CONFIG_WGET_BUILTIN_CACERT=y\n+CONFIG_WGET_BUILTIN_CACERT_PATH=<some path> (for built-in certificates) and/or\n+CONFIG_WGET_CACERT=y (for the wget cacert command).\n \n TCP Selective Acknowledgments in the legacy network stack can be enabled via\n CONFIG_PROT_TCP_SACK=y. This will improve the download speed. Selective\n",
    "prefixes": [
        "v2",
        "5/6"
    ]
}