nixpkgs/pkgs/tools/system/amtterm
Florian Klink cbc93ea250 amtterm: enable SSL support
Current versions of Intel AMT/vPro only support connecting over SSL, but
our current amtterm version isn't built with SSL support.

Set the `USE_OPENSSL=1` makeFlag and add openssl and pkg-config.

It adds an additional `-C cacert` parameter, which needs to point to
a previously downloaded server certificate.

The server certificate can be retrieved with
`openssl s_client -showcerts -connect $host:16995`.

However, due to the use of `UnsafeLegacyRenegotiation`, `OPENSSL_CONF`
needs to point to a text file explicitly allowing this:

```
openssl_conf = default_conf

[ default_conf ]
ssl_conf = ssl_sect

[ssl_sect]
system_default = ssl_default_sect

[ssl_default_sect]
Options = UnsafeLegacyRenegotiation
```

With this, I'm able to connect to `/dev/ttyS2` inside the host:

```
❯ AMT_PASSWORD='supersecret' amtterm $host 16995 -C cert.pem
amtterm: NONE -> CONNECT (connection to host)
ipv4 $ip [$ip] 16995 open
amtterm: CONNECT -> INIT (redirection initialization)
amtterm: INIT -> AUTH (session authentication)
amtterm: AUTH -> INIT_SOL (serial-over-lan initialization)
amtterm: INIT_SOL -> RUN_SOL (serial-over-lan active)
serial-over-lan redirection ok
connected now, use ^] to escape
Hello World
```
2024-08-31 21:06:24 +03:00
..
default.nix amtterm: enable SSL support 2024-08-31 21:06:24 +03:00