bc8ca6b8ce
Expand the concept of the X.509 cache to provide the functionality of a certificate store. Certificates in the store will be automatically used to complete certificate chains where applicable. The certificate store may be prepopulated at build time using the CERT=... build command line option. For example: make bin/ipxe.usb CERT=mycert1.crt,mycert2.crt Certificates within the certificate store are not implicitly trusted; the trust list is specified using TRUST=... as before. For example: make bin/ipxe.usb CERT=root.crt TRUST=root.crt This can be used to embed the full trusted root certificate within the iPXE binary, which is potentially useful in an HTTPS-only environment in which there is no HTTP server from which to automatically download cross-signed certificates or other certificate chain fragments. This usage of CERT= extends the existing use of CERT= to specify the client certificate. The client certificate is now identified automatically by checking for a match against the private key. For example: make bin/ipxe.usb CERT=root.crt,client.crt TRUST=root.crt KEY=client.key Signed-off-by: Michael Brown <mcb30@ipxe.org> |
||
|---|---|---|
| .. | ||
| autoboot.c | ||
| dhcpmgmt.c | ||
| fcmgmt.c | ||
| ifmgmt.c | ||
| imgmgmt.c | ||
| imgtrust.c | ||
| ipstat.c | ||
| iwmgmt.c | ||
| lotest.c | ||
| neighmgmt.c | ||
| nslookup.c | ||
| pingmgmt.c | ||
| prompt.c | ||
| pxemenu.c | ||
| route_ipv4.c | ||
| route_ipv6.c | ||
| route.c | ||
| sync.c | ||