bc8ca6b8ce
Expand the concept of the X.509 cache to provide the functionality of a certificate store. Certificates in the store will be automatically used to complete certificate chains where applicable. The certificate store may be prepopulated at build time using the CERT=... build command line option. For example: make bin/ipxe.usb CERT=mycert1.crt,mycert2.crt Certificates within the certificate store are not implicitly trusted; the trust list is specified using TRUST=... as before. For example: make bin/ipxe.usb CERT=root.crt TRUST=root.crt This can be used to embed the full trusted root certificate within the iPXE binary, which is potentially useful in an HTTPS-only environment in which there is no HTTP server from which to automatically download cross-signed certificates or other certificate chain fragments. This usage of CERT= extends the existing use of CERT= to specify the client certificate. The client certificate is now identified automatically by checking for a match against the private key. For example: make bin/ipxe.usb CERT=root.crt,client.crt TRUST=root.crt KEY=client.key Signed-off-by: Michael Brown <mcb30@ipxe.org> |
||
---|---|---|
.. | ||
autoboot.c | ||
dhcpmgmt.c | ||
fcmgmt.c | ||
ifmgmt.c | ||
imgmgmt.c | ||
imgtrust.c | ||
ipstat.c | ||
iwmgmt.c | ||
lotest.c | ||
neighmgmt.c | ||
nslookup.c | ||
pingmgmt.c | ||
prompt.c | ||
pxemenu.c | ||
route_ipv4.c | ||
route_ipv6.c | ||
route.c | ||
sync.c |