Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[crypto] Add previous certificate in chain as a parameter to parse_ne…
…xt()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
  • Loading branch information
mcb30 committed Mar 22, 2012
1 parent c285378 commit 2d9d0ad
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 6 deletions.
10 changes: 6 additions & 4 deletions src/crypto/x509.c
Expand Up @@ -1143,8 +1143,10 @@ int x509_validate_time ( struct x509_certificate *cert, time_t time ) {
* @v first Initial X.509 certificate to fill in, or NULL
* @ret rc Return status code
*/
int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
void *context ),
int x509_validate_chain ( int ( * parse_next )
( struct x509_certificate *cert,
const struct x509_certificate *previous,
void *context ),
void *context, time_t time, struct x509_root *root,
struct x509_certificate *first ) {
struct x509_certificate temp[2];
Expand All @@ -1159,7 +1161,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
root = &root_certificates;

/* Get first certificate in chain */
if ( ( rc = parse_next ( current, context ) ) != 0 ) {
if ( ( rc = parse_next ( current, NULL, context ) ) != 0 ) {
DBGC ( context, "X509 chain %p could not get first "
"certificate: %s\n", context, strerror ( rc ) );
return rc;
Expand All @@ -1181,7 +1183,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
return 0;

/* Get next certificate in chain */
if ( ( rc = parse_next ( next, context ) ) != 0 ) {
if ( ( rc = parse_next ( next, current, context ) ) != 0 ) {
DBGC ( context, "X509 chain %p could not get next "
"certificate: %s\n", context, strerror ( rc ) );
return rc;
Expand Down
1 change: 1 addition & 0 deletions src/include/ipxe/x509.h
Expand Up @@ -183,6 +183,7 @@ extern int x509_validate_root ( struct x509_certificate *cert,
extern int x509_validate_time ( struct x509_certificate *cert, time_t time );
extern int x509_validate_chain ( int ( * parse_next )
( struct x509_certificate *cert,
const struct x509_certificate *previous,
void *context ),
void *context, time_t time,
struct x509_root *root,
Expand Down
5 changes: 4 additions & 1 deletion src/net/tls.c
Expand Up @@ -1281,10 +1281,13 @@ struct tls_certificate_context {
* Parse next certificate in TLS certificate list
*
* @v cert X.509 certificate to fill in
* @v previous Previous X.509 certificate, or NULL
* @v ctx Context
* @ret rc Return status code
*/
static int tls_parse_next ( struct x509_certificate *cert, void *ctx ) {
static int tls_parse_next ( struct x509_certificate *cert,
const struct x509_certificate *previous __unused,
void *ctx ) {
struct tls_certificate_context *context = ctx;
struct tls_session *tls = context->tls;
const struct {
Expand Down
6 changes: 5 additions & 1 deletion src/tests/x509_test.c
Expand Up @@ -695,10 +695,14 @@ struct x509_test_chain_context {
* Parse next certificate in chain
*
* @v cert X.509 certificate to parse
* @v previous Previous X.509 certificate, or NULL
* @v ctx Chain context
* @ret rc Return status code
*/
static int x509_test_parse_next ( struct x509_certificate *cert, void *ctx ) {
static int
x509_test_parse_next ( struct x509_certificate *cert,
const struct x509_certificate *previous __unused,
void *ctx ) {
struct x509_test_chain_context *context = ctx;
struct x509_test_certificate *test_cert;

Expand Down

0 comments on commit 2d9d0ad

Please sign in to comment.