[crypto] Expose certstore_del() to explicitly remove stored certificates

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/crypto/certstore.c b/src/crypto/certstore.c
index e62d8330b255d206d54b4a3ca1c1fc195eeda2f9..9809413a0cd83e62933ab1f2b434fea9335edf6a 100644 (file)
--- a/src/crypto/certstore.c
+++ b/src/crypto/certstore.c
@@ -145,6 +145,20 @@ void certstore_add ( struct x509_certificate *cert ) {
               x509_name ( cert ) );
 }
 
+/**
+ * Remove certificate from store
+ *
+ * @v cert             X.509 certificate
+ */
+void certstore_del ( struct x509_certificate *cert ) {
+
+       /* Remove certificate from store */
+       DBGC ( &certstore, "CERTSTORE removed certificate %s\n",
+              x509_name ( cert ) );
+       list_del ( &cert->store.list );
+       x509_put ( cert );
+}
+
 /**
  * Discard a stored certificate
  *
@@ -158,10 +172,7 @@ static unsigned int certstore_discard ( void ) {
         */
        list_for_each_entry_reverse ( cert, &certstore.links, store.list ) {
                if ( cert->refcnt.count == 0 ) {
-                       DBGC ( &certstore, "CERTSTORE discarded certificate "
-                              "%s\n", x509_name ( cert ) );
-                       list_del ( &cert->store.list );
-                       x509_put ( cert );
+                       certstore_del ( cert );
                        return 1;
                }
        }

diff --git a/src/include/ipxe/certstore.h b/src/include/ipxe/certstore.h
index 49b3b512c62934585a0f55aca5f45d4b422ed55c..e4c789cfdcf1fc4baa0d5117caf6635417c571e9 100644 (file)
--- a/src/include/ipxe/certstore.h
+++ b/src/include/ipxe/certstore.h
@@ -17,5 +17,6 @@ extern struct x509_chain certstore;
 extern struct x509_certificate * certstore_find ( struct asn1_cursor *raw );
 extern struct x509_certificate * certstore_find_key ( struct asn1_cursor *key );
 extern void certstore_add ( struct x509_certificate *cert );
+extern void certstore_del ( struct x509_certificate *cert );
 
 #endif /* _IPXE_CERTSTORE_H */