]> git.ipfire.org Git - thirdparty/ipxe.git/commit
projects / thirdparty / ipxe.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6e92d62) | patch
[x509] Record root of trust used when validating a certificate
authorMichael Brown <mcb30@ipxe.org>
Tue, 8 Dec 2020 14:58:46 +0000 (14:58 +0000)
committerMichael Brown <mcb30@ipxe.org>
Tue, 8 Dec 2020 15:04:28 +0000 (15:04 +0000)
commit39f5293492f351a274940d0ba2624ecb242b3c9b
treeead79747a5ab15d5db6dd4a236acdc9f224c7590tree
parent6e92d6213d20329d8b84431f00d8cbe7d63bb379commit | diff
[x509] Record root of trust used when validating a certificate

Record the root of trust used at the point that a certificate is
validated, redefine validation as checking a certificate against a
specific root of trust, and pass an explicit root of trust when
creating a TLS connection.

This allows a custom TLS connection to be used with a custom root of
trust, without causing any validated certificates to be treated as
valid for normal purposes.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
13 files changed:
src/crypto/ocsp.c diff | blob | blame | history
src/crypto/x509.c diff | blob | blame | history
src/include/ipxe/tls.h diff | blob | blame | history
src/include/ipxe/validator.h diff | blob | blame | history
src/include/ipxe/x509.h diff | blob | blame | history
src/net/tcp/https.c diff | blob | blame | history
src/net/tcp/syslogs.c diff | blob | blame | history
src/net/tls.c diff | blob | blame | history
src/net/validator.c diff | blob | blame | history
src/tests/ocsp_test.c diff | blob | blame | history
src/tests/x509_test.c diff | blob | blame | history
src/usr/certmgmt.c diff | blob | blame | history
src/usr/imgtrust.c diff | blob | blame | history
Mirror of https://github.com/ipxe/ipxe.git