Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[crypto] Allow cross-certificate source to be configured at build time
Provide a build option CROSSCERT in config/crypto.h to allow the
default cross-signed certificate source to be configured at build
time.  The ${crosscert} setting may still be used to reconfigure the
cross-signed certificate source at runtime.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
  • Loading branch information
mcb30 committed Mar 24, 2016
1 parent c4e8c40 commit f8e1678
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 1 deletion.
8 changes: 8 additions & 0 deletions src/config/crypto.h
Expand Up @@ -50,6 +50,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
*/
#define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )

/** Default cross-signed certificate source
*
* This is the default location from which iPXE will attempt to
* download cross-signed certificates in order to complete a
* certificate chain.
*/
#define CROSSCERT "http://ca.ipxe.org/auto"

#include <config/named.h>
#include NAMED_CONFIG(crypto.h)
#include <config/local/crypto.h>
Expand Down
3 changes: 2 additions & 1 deletion src/net/validator.c
Expand Up @@ -41,6 +41,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#include <ipxe/crc32.h>
#include <ipxe/ocsp.h>
#include <ipxe/validator.h>
#include <config/crypto.h>

/** @file
*
Expand Down Expand Up @@ -133,7 +134,7 @@ const struct setting crosscert_setting __setting ( SETTING_CRYPTO, crosscert )={
};

/** Default cross-signed certificate source */
static const char crosscert_default[] = "http://ca.ipxe.org/auto";
static const char crosscert_default[] = CROSSCERT;

/**
* Append cross-signing certificates to certificate chain
Expand Down

0 comments on commit f8e1678

Please sign in to comment.