This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Compiler: Cannot download compiler over https / software-dl.ti.com has an invalid certificate

Tool/software: TI C/C++ Compiler

Hi,

I would like to use the TI ARM compiler on Linux without the Code Composer Studio. Unfortunately, I have not found a way how to download it securely, as software-dl.ti.com presents an invalid certificate (it is only valid for *.akamaihd-staging.net, *.akamaihd.net, *.akamaized.net, *.akamaized-staging.net, a248.e.akamai.net).

Is somewhere a GPG signature of the installer or a sha256sum that can be downloaded over https so that it is possible to verify the installer?

Thanks in advance,

Dan

  • This looks like a new problem.  It is outside my expertise.  I am notifying the right team.  You apparently tried a few different ways of downloading it.  What is your preferred method?  They can start there.

    Thanks and regards,

    -George

  • Dan,

    Can you let me know which ARM compiler you are attempting to download?

    Regards,
    John
  • This one: software-dl.ti.com/.../ti_cgt_tms470_17.9.0.STS_linux_installer_x86.bin

    My guess is that the site is hosted by Akamai and the certificate is the standard one that they provide. If you connect to software-dl.ti.com over port 443 and try to initialize TLS, you'll get a certificate from akamai which does not have software-dl.ti.com in the "X509v3 Subject Alternative Name" section.
  • From your other thread I see you are having an issue where the installer is not exiting cleanly.  What version of glibc do you have installed?  I am thinking you might be running into a compatibility issue with glibc 2.26 and install builder.  I don't have a lot of information on the issue but here is a summary from our Linux Host Support page for CCS.

    "NOTE: Certain older SDKs and Compiler installers could hang when installing on a system with glibc2.26 and greater. While the component is installed correctly, the installer doesn't exit. In order to complete your installation of the component, kill off the hanging installer and remove the downloads folder from the <installdir>/eclipse directory."

    That last part about the /eclipse directory would not be relevant in your case as you are downloading the compiler and installing it outside of CCS.

    Future releases of CCS, compilers, SDKs... will use a version of install builder that does not have the issue but for existing releases this problem will persist.

    John

  • Dan Cermak said:

    I would like to use the TI ARM compiler on Linux without the Code Composer Studio. Unfortunately, I have not found a way how to download it securely, as software-dl.ti.com presents an invalid certificate (it is only valid for *.akamaihd-staging.net, *.akamaihd.net, *.akamaized.net, *.akamaized-staging.net, a248.e.akamai.net).

    Is somewhere a GPG signature of the installer or a sha256sum that can be downloaded over https so that it is possible to verify the installer?

    You are correct, this file is not currently available over https. However, here is a SHA256 sum you can compare to your download in the meantime:

    acbbe580b3bac935709fe088ed408c0b255fa3ea83e9fda95e0da87ba095c389 ti_cgt_tms470_17.9.0.STS_linux_installer_x86.bin
    b3fd5f7f7a51adb55693a0584ef4b0a1acbddc6a233ac8232634ca7daaa9738f ti_cgt_tms470_17.9.0.STS_osx_installer.app.zip
    fb9f4154a9862488583fc2e85a5da36e0399f396b2ce90f2ab86cc8f3e672666 ti_cgt_tms470_17.9.0.STS_windows_installer.exe

  • Fedora 27 is indeed running glibc 2.26, so that explains the issue.

    Thanks for finding that out!
  • Thanks for the hashes. Are these available in a standard location where they could be queried from a script also for future versions?
  • Dan Cermak said:
    Are these available in a standard location where they could be queried from a script also for future versions?

    Unfortunately, no.  I filed CODEGEN-4289 in the SDOWP system to request that a download checksum be provided.  This entry does not report a bug, but requests an enhancement.  You are welcome to follow it with the SDOWP link below in my signature.

    Thanks and regards,

    -George

  • Hi Goerge,

    thanks for filing the issue. I would however recommend to use at least sha2 or sha3 since md5 is not secure any more (same goes for sha1). And the checksums should be downloadable via https otherwise it makes very little sense to provide them at all (maybe against accidental corruption).
  • Thank you for your insightful comments.  I added them to the enhancement request.

    Thanks and regards,

    -George