I ran into an issue yesterday with wget fetching the source packages for the iasl build from the acpica.org website. It seems that they have changed their SSL implementation. Specifically, this site, as of yesterday, uses TLS-SNI on the backend. Wget versions that I have tried, 1.12 and the latest 1.13.4, fail with:
ERROR: cannot verify www.acpica.org's certificate, issued by `/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287': Issued certificate has expired. ERROR: certificate common name `ofono.org' doesn't match requested host name `www.acpica.org'. To connect to www.acpica.org insecurely, use `--no-check-certificate'.
The suggestion back from acpica.org is to use curl, which can properly handle TLS-SNI. It appears that there may be patches around for TLS-SNI implementation within wget. So, as an alternative, we can build our own wget in coreboot. Or, we could simply pass in --no-check-certificate.
In any case, it seems that a change needs to be made to the buildgcc script to get iasl to build. Does anyone have a preference on direction for this change?
Thanks, Ray