[crypto] Add previous certificate in chain as a parameter to parse_next()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-21 16:48:08 +00:00 · 2012-03-21 16:48:08 +00:00 · 2d9d0adc4e
parent c285378388
commit 2d9d0adc4e
4 changed files with 16 additions and 6 deletions
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@ -1143,8 +1143,10 @@ int x509_validate_time ( struct x509_certificate *cert, time_t time ) {
 * @v first		Initial X.509 certificate to fill in, or NULL
 * @ret rc		Return status code
 */
-int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
-						 void *context ),
+int x509_validate_chain ( int ( * parse_next )
+			  ( struct x509_certificate *cert,
+			    const struct x509_certificate *previous,
+			    void *context ),
 			  void *context, time_t time, struct x509_root *root,
 			  struct x509_certificate *first ) {
 	struct x509_certificate temp[2];
@ -1159,7 +1161,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
 		root = &root_certificates;

 	/* Get first certificate in chain */
-	if ( ( rc = parse_next ( current, context ) ) != 0 ) {
+	if ( ( rc = parse_next ( current, NULL, context ) ) != 0 ) {
 		DBGC ( context, "X509 chain %p could not get first "
 		       "certificate: %s\n", context, strerror ( rc ) );
 		return rc;
@ -1181,7 +1183,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
 			return 0;

 		/* Get next certificate in chain */
-		if ( ( rc = parse_next ( next, context ) ) != 0 ) {
+		if ( ( rc = parse_next ( next, current, context ) ) != 0 ) {
 			DBGC ( context, "X509 chain %p could not get next "
 			       "certificate: %s\n", context, strerror ( rc ) );
 			return rc;
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@ -183,6 +183,7 @@ extern int x509_validate_root ( struct x509_certificate *cert,
 extern int x509_validate_time ( struct x509_certificate *cert, time_t time );
 extern int x509_validate_chain ( int ( * parse_next )
 				 ( struct x509_certificate *cert,
+				   const struct x509_certificate *previous,
 				   void *context ),
 				 void *context, time_t time,
 				 struct x509_root *root,
--- a/src/net/tls.c
+++ b/src/net/tls.c
@ -1281,10 +1281,13 @@ struct tls_certificate_context {
 * Parse next certificate in TLS certificate list
 *
 * @v cert		X.509 certificate to fill in
+ * @v previous		Previous X.509 certificate, or NULL
 * @v ctx		Context
 * @ret rc		Return status code
 */
-static int tls_parse_next ( struct x509_certificate *cert, void *ctx ) {
+static int tls_parse_next ( struct x509_certificate *cert,
+			    const struct x509_certificate *previous __unused,
+			    void *ctx ) {
 	struct tls_certificate_context *context = ctx;
 	struct tls_session *tls = context->tls;
 	const struct {
--- a/src/tests/x509_test.c
+++ b/src/tests/x509_test.c
@ -695,10 +695,14 @@ struct x509_test_chain_context {
 * Parse next certificate in chain
 *
 * @v cert		X.509 certificate to parse
+ * @v previous		Previous X.509 certificate, or NULL
 * @v ctx		Chain context
 * @ret rc		Return status code
 */
-static int x509_test_parse_next ( struct x509_certificate *cert, void *ctx ) {
+static int
+x509_test_parse_next ( struct x509_certificate *cert,
+		       const struct x509_certificate *previous __unused,
+		       void *ctx ) {
 	struct x509_test_chain_context *context = ctx;
 	struct x509_test_certificate *test_cert;