From f8e1678b84fc3119ce515e0c1a84881bb9ce1c36 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Thu, 24 Mar 2016 19:25:03 +0000
Subject: [PATCH] [crypto] Allow cross-certificate source to be configured at
 build time

Provide a build option CROSSCERT in config/crypto.h to allow the
default cross-signed certificate source to be configured at build
time.  The ${crosscert} setting may still be used to reconfigure the
cross-signed certificate source at runtime.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/config/crypto.h | 8 ++++++++
 src/net/validator.c | 3 ++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/config/crypto.h b/src/config/crypto.h
index bccfc04b..8f885c55 100644
--- a/src/config/crypto.h
+++ b/src/config/crypto.h
@@ -50,6 +50,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  */
 #define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )
 
+/** Default cross-signed certificate source
+ *
+ * This is the default location from which iPXE will attempt to
+ * download cross-signed certificates in order to complete a
+ * certificate chain.
+ */
+#define CROSSCERT "http://ca.ipxe.org/auto"
+
 #include <config/named.h>
 #include NAMED_CONFIG(crypto.h)
 #include <config/local/crypto.h>
diff --git a/src/net/validator.c b/src/net/validator.c
index db968398..57ad0e7b 100644
--- a/src/net/validator.c
+++ b/src/net/validator.c
@@ -41,6 +41,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/crc32.h>
 #include <ipxe/ocsp.h>
 #include <ipxe/validator.h>
+#include <config/crypto.h>
 
 /** @file
  *
@@ -133,7 +134,7 @@ const struct setting crosscert_setting __setting ( SETTING_CRYPTO, crosscert )={
 };
 
 /** Default cross-signed certificate source */
-static const char crosscert_default[] = "http://ca.ipxe.org/auto";
+static const char crosscert_default[] = CROSSCERT;
 
 /**
  * Append cross-signing certificates to certificate chain