From dc55d0e8fe71a80a52591e8f9ab55de636bc11d3 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Mon, 2 Mar 2020 10:22:54 -0800
Subject: ci: provide globalsign certs for bionic
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

tls.mbed.org has neglected to send their full certificate chain.  Add
their intermediate cert manually.  🙄
---
 azure-pipelines/docker/bionic | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/azure-pipelines/docker/bionic b/azure-pipelines/docker/bionic
index ae9604de7..33175a0b7 100644
--- a/azure-pipelines/docker/bionic
+++ b/azure-pipelines/docker/bionic
@@ -25,7 +25,9 @@ RUN apt-get update && \
 
 FROM apt AS mbedtls
 RUN cd /tmp && \
-    curl --location --silent https://tls.mbed.org/download/mbedtls-2.16.2-apache.tgz | \
+    curl --location http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt | openssl x509 -inform der -out /tmp/cacert.pem && \
+    curl --location https://curl.haxx.se/ca/cacert.pem >> /tmp/cacert.pem && \
+    curl --location --silent https://tls.mbed.org/download/mbedtls-2.16.2-apache.tgz --cacert /tmp/cacert.pem | \
     tar -xz && \
     cd mbedtls-2.16.2 && \
     scripts/config.pl set MBEDTLS_MD4_C 1 && \
-- 
cgit v1.2.1