[crypto] Add previous certificate in chain as a parameter to parse_next()

author Michael Brown <mcb30@ipxe.org>

Wed, 21 Mar 2012 16:48:08 +0000 (16:48 +0000)

committer Michael Brown <mcb30@ipxe.org>

Thu, 22 Mar 2012 01:34:40 +0000 (01:34 +0000)
author Michael Brown <mcb30@ipxe.org>
Wed, 21 Mar 2012 16:48:08 +0000 (16:48 +0000)
committer Michael Brown <mcb30@ipxe.org>
Thu, 22 Mar 2012 01:34:40 +0000 (01:34 +0000)
diff --git a/src/crypto/x509.c b/src/crypto/x509.c

index 978fbd953de5f8f2af64d1a79e1e23f2ceb4f0ef..eb485522344f80b3aaa2aca56fd93d53d52e8f60 100644 (file)
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -1143,8 +1143,10 @@ int x509_validate_time ( struct x509_certificate *cert, time_t time ) {
   * @v first            Initial X.509 certificate to fill in, or NULL
   * @ret rc             Return status code
   */
-int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
-                                                void *context ),
+int x509_validate_chain ( int ( * parse_next )
+                         ( struct x509_certificate *cert,
+                           const struct x509_certificate *previous,
+                           void *context ),
                           void *context, time_t time, struct x509_root *root,
                           struct x509_certificate *first ) {
         struct x509_certificate temp[2];
@@ -1159,7 +1161,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
                 root = &root_certificates;
  
         /* Get first certificate in chain */
-       if ( ( rc = parse_next ( current, context ) ) != 0 ) {
+       if ( ( rc = parse_next ( current, NULL, context ) ) != 0 ) {
                 DBGC ( context, "X509 chain %p could not get first "
                        "certificate: %s\n", context, strerror ( rc ) );
                 return rc;
@@ -1181,7 +1183,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
                         return 0;
  
                 /* Get next certificate in chain */
-               if ( ( rc = parse_next ( next, context ) ) != 0 ) {
+               if ( ( rc = parse_next ( next, current, context ) ) != 0 ) {
                         DBGC ( context, "X509 chain %p could not get next "
                                "certificate: %s\n", context, strerror ( rc ) );
                         return rc;
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h

index ca2912fda9789521f850950d53b8b814276eaffa..427f79557affa15355e0512dc71436217394fcd9 100644 (file)
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -183,6 +183,7 @@ extern int x509_validate_root ( struct x509_certificate *cert,
  extern int x509_validate_time ( struct x509_certificate *cert, time_t time );
  extern int x509_validate_chain ( int ( * parse_next )
                                  ( struct x509_certificate *cert,
+                                  const struct x509_certificate *previous,
                                    void *context ),
                                  void *context, time_t time,
                                  struct x509_root *root,
diff --git a/src/net/tls.c b/src/net/tls.c

index 4b5891e493dbfbcfb4f3c2f51ebc82b83c50f751..6475f78d8c911231c85f7c05823b39d4152b69c5 100644 (file)
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -1281,10 +1281,13 @@ struct tls_certificate_context {
   * Parse next certificate in TLS certificate list
   *
   * @v cert             X.509 certificate to fill in
+ * @v previous         Previous X.509 certificate, or NULL
   * @v ctx              Context
   * @ret rc             Return status code
   */
-static int tls_parse_next ( struct x509_certificate *cert, void *ctx ) {
+static int tls_parse_next ( struct x509_certificate *cert,
+                           const struct x509_certificate *previous __unused,
+                           void *ctx ) {
         struct tls_certificate_context *context = ctx;
         struct tls_session *tls = context->tls;
         const struct {
diff --git a/src/tests/x509_test.c b/src/tests/x509_test.c

index 6076d9aaf1b58da51e2be3acb431011c5a59fb7a..7803315ea485981109d4ec65c169365e8c4e6038 100644 (file)
--- a/src/tests/x509_test.c
+++ b/src/tests/x509_test.c
@@ -695,10 +695,14 @@ struct x509_test_chain_context {
   * Parse next certificate in chain
   *
   * @v cert             X.509 certificate to parse
+ * @v previous         Previous X.509 certificate, or NULL
   * @v ctx              Chain context
   * @ret rc             Return status code
   */
-static int x509_test_parse_next ( struct x509_certificate *cert, void *ctx ) {
+static int
+x509_test_parse_next ( struct x509_certificate *cert,
+                      const struct x509_certificate *previous __unused,
+                      void *ctx ) {
         struct x509_test_chain_context *context = ctx;
         struct x509_test_certificate *test_cert;
author	Michael Brown <mcb30@ipxe.org>
	Wed, 21 Mar 2012 16:48:08 +0000 (16:48 +0000)
committer	Michael Brown <mcb30@ipxe.org>
	Thu, 22 Mar 2012 01:34:40 +0000 (01:34 +0000)
src/crypto/x509.c		patch \| blob \| blame \| history
src/include/ipxe/x509.h		patch \| blob \| blame \| history
src/net/tls.c		patch \| blob \| blame \| history
src/tests/x509_test.c		patch \| blob \| blame \| history