Commit 0f316d5957b2148c297c455a2e03ca555693d61e

Edward Thomson 2020-03-01T14:42:03

ci: provide globalsign certs tls.mbed.org has neglected to send their full certificate chain. Add their intermediate cert manually. 🙄

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
diff --git a/azure-pipelines/docker/xenial b/azure-pipelines/docker/xenial
index 8b2501d..475956f 100644
--- a/azure-pipelines/docker/xenial
+++ b/azure-pipelines/docker/xenial
@@ -29,7 +29,9 @@ RUN apt-get update && \
 
 FROM apt AS mbedtls
 RUN cd /tmp && \
-    curl --location --silent https://tls.mbed.org/download/mbedtls-2.16.2-apache.tgz | \
+    curl --location http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt | openssl x509 -inform der -out /tmp/cacert.pem && \
+    curl --location https://curl.haxx.se/ca/cacert.pem >> /tmp/cacert.pem && \
+    curl --location --silent https://tls.mbed.org/download/mbedtls-2.16.2-apache.tgz --cacert /tmp/cacert.pem | \
     tar -xz && \
     cd mbedtls-2.16.2 && \
     scripts/config.pl set MBEDTLS_MD4_C 1 && \