ci: provide globalsign certs tls.mbed.org has neglected to send their full certificate chain. Add their intermediate cert manually. 🙄
diff --git a/azure-pipelines/docker/xenial b/azure-pipelines/docker/xenial
index 8b2501d..475956f 100644
--- a/azure-pipelines/docker/xenial
+++ b/azure-pipelines/docker/xenial
@@ -29,7 +29,9 @@ RUN apt-get update && \
FROM apt AS mbedtls
RUN cd /tmp && \
- curl --location --silent https://tls.mbed.org/download/mbedtls-2.16.2-apache.tgz | \
+ curl --location http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt | openssl x509 -inform der -out /tmp/cacert.pem && \
+ curl --location https://curl.haxx.se/ca/cacert.pem >> /tmp/cacert.pem && \
+ curl --location --silent https://tls.mbed.org/download/mbedtls-2.16.2-apache.tgz --cacert /tmp/cacert.pem | \
tar -xz && \
cd mbedtls-2.16.2 && \
scripts/config.pl set MBEDTLS_MD4_C 1 && \