Skip to content

Commit

Permalink
[tls] Display validator messages only while validation is in progress
Browse files Browse the repository at this point in the history 
Allow the cipherstream to report progress status messages during
connection establishment.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
  • Loading branch information
@mcb30
mcb30 committed Mar 10, 2019
1 parent b28ccfc commit 7b63c12
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 3 deletions.
2 changes: 2 additions & 0 deletions src/include/ipxe/tls.h
View file
Expand Up @@ -335,6 +335,8 @@ struct tls_connection {
struct pending_operation client_negotiation;
/** Server security negotiation pending operation */
struct pending_operation server_negotiation;
/** Certificate validation pending operation */
struct pending_operation validation;

/** TX sequence number */
uint64_t tx_seq;
Expand Down
12 changes: 9 additions & 3 deletions src/net/tls.c
View file
Expand Up @@ -382,6 +382,7 @@ static void tls_close ( struct tls_connection *tls, int rc ) {
/* Remove pending operations, if applicable */
pending_put ( &tls->client_negotiation );
pending_put ( &tls->server_negotiation );
pending_put ( &tls->validation );

/* Remove process */
process_del ( &tls->process );
Expand Down Expand Up @@ -950,6 +951,7 @@ static void tls_restart ( struct tls_connection *tls ) {
assert ( ! tls->tx_pending );
assert ( ! is_pending ( &tls->client_negotiation ) );
assert ( ! is_pending ( &tls->server_negotiation ) );
assert ( ! is_pending ( &tls->validation ) );

/* (Re)initialise handshake context */
digest_init ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx );
Expand Down Expand Up @@ -1875,6 +1877,7 @@ static int tls_new_server_hello_done ( struct tls_connection *tls,
"%s\n", tls, strerror ( rc ) );
return rc;
}
pending_get ( &tls->validation );

return 0;
}
Expand Down Expand Up @@ -2582,10 +2585,10 @@ static int tls_progress ( struct tls_connection *tls,
struct job_progress *progress ) {

/* Return cipherstream or validator progress as applicable */
if ( tls_ready ( tls ) ) {
return job_progress ( &tls->cipherstream, progress );
} else {
if ( is_pending ( &tls->validation ) ) {
return job_progress ( &tls->validator, progress );
} else {
return job_progress ( &tls->cipherstream, progress );
}
}

Expand Down Expand Up @@ -2820,6 +2823,9 @@ static void tls_validator_done ( struct tls_connection *tls, int rc ) {
struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
struct x509_certificate *cert;

/* Mark validation as complete */
pending_put ( &tls->validation );

/* Close validator interface */
intf_restart ( &tls->validator, rc );

Expand Down

0 comments on commit 7b63c12

Please sign in to comment.