bc8ca6b8ce
Expand the concept of the X.509 cache to provide the functionality of a certificate store. Certificates in the store will be automatically used to complete certificate chains where applicable. The certificate store may be prepopulated at build time using the CERT=... build command line option. For example: make bin/ipxe.usb CERT=mycert1.crt,mycert2.crt Certificates within the certificate store are not implicitly trusted; the trust list is specified using TRUST=... as before. For example: make bin/ipxe.usb CERT=root.crt TRUST=root.crt This can be used to embed the full trusted root certificate within the iPXE binary, which is potentially useful in an HTTPS-only environment in which there is no HTTP server from which to automatically download cross-signed certificates or other certificate chain fragments. This usage of CERT= extends the existing use of CERT= to specify the client certificate. The client certificate is now identified automatically by checking for a match against the private key. For example: make bin/ipxe.usb CERT=root.crt,client.crt TRUST=root.crt KEY=client.key Signed-off-by: Michael Brown <mcb30@ipxe.org> |
||
---|---|---|
.. | ||
hci | ||
ipxe | ||
readline | ||
sys | ||
usr | ||
.gitignore | ||
alloca.h | ||
assert.h | ||
big_bswap.h | ||
byteswap.h | ||
coff.h | ||
compiler.h | ||
cpu.h | ||
ctype.h | ||
curses.h | ||
elf.h | ||
endian.h | ||
errno.h | ||
etherboot.h | ||
fs.h | ||
getopt.h | ||
i82365.h | ||
libgen.h | ||
linux_api.h | ||
little_bswap.h | ||
mii.h | ||
nic.h | ||
old_tcp.h | ||
pc_kbd.h | ||
pcmcia-opts.h | ||
pcmcia.h | ||
stdarg.h | ||
stddef.h | ||
stdint.h | ||
stdio.h | ||
stdlib.h | ||
string.h | ||
strings.h | ||
sys_info.h | ||
syslog.h | ||
time.h | ||
unistd.h | ||
wchar.h |