Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[image] Allow "imgtrust" to automatically download cross-signed certi…
…ficates

Signed-off-by: Michael Brown <mcb30@ipxe.org>
  • Loading branch information
mcb30 committed May 21, 2012
1 parent 89a354d commit 071171e
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions src/usr/imgtrust.c
Expand Up @@ -25,6 +25,8 @@ FILE_LICENCE ( GPL2_OR_LATER );
#include <ipxe/uaccess.h>
#include <ipxe/image.h>
#include <ipxe/cms.h>
#include <ipxe/validator.h>
#include <ipxe/monojob.h>
#include <usr/imgtrust.h>

/** @file
Expand All @@ -46,6 +48,7 @@ int imgverify ( struct image *image, struct image *signature,
size_t len;
void *data;
struct cms_signature *sig;
struct cms_signer_info *info;
time_t now;
int rc;

Expand All @@ -69,6 +72,14 @@ int imgverify ( struct image *image, struct image *signature,
free ( data );
data = NULL;

/* Complete all certificate chains */
list_for_each_entry ( info, &sig->info, list ) {
if ( ( rc = create_validator ( &monojob, info->chain ) ) != 0 )
goto err_create_validator;
if ( ( rc = monojob_wait ( NULL ) ) != 0 )
goto err_validator_wait;
}

/* Use signature to verify image */
now = time ( NULL );
if ( ( rc = cms_verify ( sig, image->data, image->len,
Expand All @@ -86,6 +97,8 @@ int imgverify ( struct image *image, struct image *signature,
return 0;

err_verify:
err_validator_wait:
err_create_validator:
cms_put ( sig );
err_parse:
free ( data );
Expand Down

0 comments on commit 071171e

Please sign in to comment.