[crypto] Add previous certificate in chain as a parameter to parse_next()
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
parent
c285378388
commit
2d9d0adc4e
|
@ -1143,8 +1143,10 @@ int x509_validate_time ( struct x509_certificate *cert, time_t time ) {
|
||||||
* @v first Initial X.509 certificate to fill in, or NULL
|
* @v first Initial X.509 certificate to fill in, or NULL
|
||||||
* @ret rc Return status code
|
* @ret rc Return status code
|
||||||
*/
|
*/
|
||||||
int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
|
int x509_validate_chain ( int ( * parse_next )
|
||||||
void *context ),
|
( struct x509_certificate *cert,
|
||||||
|
const struct x509_certificate *previous,
|
||||||
|
void *context ),
|
||||||
void *context, time_t time, struct x509_root *root,
|
void *context, time_t time, struct x509_root *root,
|
||||||
struct x509_certificate *first ) {
|
struct x509_certificate *first ) {
|
||||||
struct x509_certificate temp[2];
|
struct x509_certificate temp[2];
|
||||||
|
@ -1159,7 +1161,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
|
||||||
root = &root_certificates;
|
root = &root_certificates;
|
||||||
|
|
||||||
/* Get first certificate in chain */
|
/* Get first certificate in chain */
|
||||||
if ( ( rc = parse_next ( current, context ) ) != 0 ) {
|
if ( ( rc = parse_next ( current, NULL, context ) ) != 0 ) {
|
||||||
DBGC ( context, "X509 chain %p could not get first "
|
DBGC ( context, "X509 chain %p could not get first "
|
||||||
"certificate: %s\n", context, strerror ( rc ) );
|
"certificate: %s\n", context, strerror ( rc ) );
|
||||||
return rc;
|
return rc;
|
||||||
|
@ -1181,7 +1183,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/* Get next certificate in chain */
|
/* Get next certificate in chain */
|
||||||
if ( ( rc = parse_next ( next, context ) ) != 0 ) {
|
if ( ( rc = parse_next ( next, current, context ) ) != 0 ) {
|
||||||
DBGC ( context, "X509 chain %p could not get next "
|
DBGC ( context, "X509 chain %p could not get next "
|
||||||
"certificate: %s\n", context, strerror ( rc ) );
|
"certificate: %s\n", context, strerror ( rc ) );
|
||||||
return rc;
|
return rc;
|
||||||
|
|
|
@ -183,6 +183,7 @@ extern int x509_validate_root ( struct x509_certificate *cert,
|
||||||
extern int x509_validate_time ( struct x509_certificate *cert, time_t time );
|
extern int x509_validate_time ( struct x509_certificate *cert, time_t time );
|
||||||
extern int x509_validate_chain ( int ( * parse_next )
|
extern int x509_validate_chain ( int ( * parse_next )
|
||||||
( struct x509_certificate *cert,
|
( struct x509_certificate *cert,
|
||||||
|
const struct x509_certificate *previous,
|
||||||
void *context ),
|
void *context ),
|
||||||
void *context, time_t time,
|
void *context, time_t time,
|
||||||
struct x509_root *root,
|
struct x509_root *root,
|
||||||
|
|
|
@ -1281,10 +1281,13 @@ struct tls_certificate_context {
|
||||||
* Parse next certificate in TLS certificate list
|
* Parse next certificate in TLS certificate list
|
||||||
*
|
*
|
||||||
* @v cert X.509 certificate to fill in
|
* @v cert X.509 certificate to fill in
|
||||||
|
* @v previous Previous X.509 certificate, or NULL
|
||||||
* @v ctx Context
|
* @v ctx Context
|
||||||
* @ret rc Return status code
|
* @ret rc Return status code
|
||||||
*/
|
*/
|
||||||
static int tls_parse_next ( struct x509_certificate *cert, void *ctx ) {
|
static int tls_parse_next ( struct x509_certificate *cert,
|
||||||
|
const struct x509_certificate *previous __unused,
|
||||||
|
void *ctx ) {
|
||||||
struct tls_certificate_context *context = ctx;
|
struct tls_certificate_context *context = ctx;
|
||||||
struct tls_session *tls = context->tls;
|
struct tls_session *tls = context->tls;
|
||||||
const struct {
|
const struct {
|
||||||
|
|
|
@ -695,10 +695,14 @@ struct x509_test_chain_context {
|
||||||
* Parse next certificate in chain
|
* Parse next certificate in chain
|
||||||
*
|
*
|
||||||
* @v cert X.509 certificate to parse
|
* @v cert X.509 certificate to parse
|
||||||
|
* @v previous Previous X.509 certificate, or NULL
|
||||||
* @v ctx Chain context
|
* @v ctx Chain context
|
||||||
* @ret rc Return status code
|
* @ret rc Return status code
|
||||||
*/
|
*/
|
||||||
static int x509_test_parse_next ( struct x509_certificate *cert, void *ctx ) {
|
static int
|
||||||
|
x509_test_parse_next ( struct x509_certificate *cert,
|
||||||
|
const struct x509_certificate *previous __unused,
|
||||||
|
void *ctx ) {
|
||||||
struct x509_test_chain_context *context = ctx;
|
struct x509_test_chain_context *context = ctx;
|
||||||
struct x509_test_certificate *test_cert;
|
struct x509_test_certificate *test_cert;
|
||||||
|
|
||||||
|
|
Reference in New Issue