diff options
| author | Tom Rini <[email protected]> | 2025-03-11 08:57:33 -0600 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2025-03-11 08:57:33 -0600 |
| commit | 38880f39e287af132f4fb28a3f64b2af10bdbf60 (patch) | |
| tree | a2eca387e9826700ae57bbc6a2f04d2771421d23 /cmd | |
| parent | 1b42f57ec82ceba4d5f08cfb359717232301cfa5 (diff) | |
| parent | 22f3c9cd024459887066c6d82fab8766447cc289 (diff) | |
Merge tag 'net-next-20250310' of https://source.denx.de/u-boot/custodians/u-boot-net into next
Pull request net-next-20250310.
CI:
* https://source.denx.de/u-boot/custodians/u-boot-net/-/pipelines/25084
net-lwip:
* Add support for CA (root) certificates to HTTPS
* Add CONFIG_LWIP_DEBUG_RXTX to trace in/out messages
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/Kconfig | 22 | ||||
| -rw-r--r-- | cmd/net-lwip.c | 21 |
2 files changed, 40 insertions, 3 deletions
diff --git a/cmd/Kconfig b/cmd/Kconfig index bfed141914a..cd391d422ae 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2176,6 +2176,28 @@ config WGET_HTTPS help Enable TLS over http for wget. +config WGET_CACERT + bool "wget cacert" + depends on CMD_WGET + depends on WGET_HTTPS + help + Adds the "cacert" sub-command to wget to provide root certificates + to the HTTPS engine. Must be in DER format. + +config WGET_BUILTIN_CACERT + bool "Built-in CA certificates" + depends on WGET_HTTPS + select BUILD_BIN2C + +config WGET_BUILTIN_CACERT_PATH + string "Path to root certificates" + depends on WGET_BUILTIN_CACERT + default "cacert.crt" + help + Set this to the path to a DER-encoded X509 file containing + Certification Authority certificates, a.k.a. root certificates, for + the purpose of authenticating HTTPS connections. + endif # if CMD_NET config CMD_PXE diff --git a/cmd/net-lwip.c b/cmd/net-lwip.c index 0fd446ecb20..58c10fbec7d 100644 --- a/cmd/net-lwip.c +++ b/cmd/net-lwip.c @@ -27,9 +27,24 @@ U_BOOT_CMD(dns, 3, 1, do_dns, "lookup the IP of a hostname", #endif #if defined(CONFIG_CMD_WGET) -U_BOOT_CMD(wget, 3, 1, do_wget, - "boot image via network using HTTP/HTTPS protocol", +U_BOOT_CMD(wget, 4, 1, do_wget, + "boot image via network using HTTP/HTTPS protocol" +#if defined(CONFIG_WGET_CACERT) + "\nwget cacert - configure wget root certificates" +#endif + , "[loadAddress] url\n" - "wget [loadAddress] [host:]path" + "wget [loadAddress] [host:]path\n" + " - load file" +#if defined(CONFIG_WGET_CACERT) + "\nwget cacert <address> <length>\n" + " - provide CA certificates (0 0 to remove current)" + "\nwget cacert none|optional|required\n" + " - set server certificate verification mode (default: optional)" +#if defined(CONFIG_WGET_BUILTIN_CACERT) + "\nwget cacert builtin\n" + " - use the builtin CA certificates" +#endif +#endif ); #endif |