[tls] Display validator messages only while validation is in progress

Allow the cipherstream to report progress status messages during
connection establishment.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 4bffde7c2da31086958319b0fc38b1677fd1eada..febbdc5898ba8f2465129251c7d5e9dab710aebd 100644 (file)
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -335,6 +335,8 @@ struct tls_connection {
        struct pending_operation client_negotiation;
        /** Server security negotiation pending operation */
        struct pending_operation server_negotiation;
+       /** Certificate validation pending operation */
+       struct pending_operation validation;
 
        /** TX sequence number */
        uint64_t tx_seq;

diff --git a/src/net/tls.c b/src/net/tls.c
index 510bef8c4031068ed7c887d6a70480f273113a2d..746274d6166971ea46ac5aae7cd59015d6c3952b 100644 (file)
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -382,6 +382,7 @@ static void tls_close ( struct tls_connection *tls, int rc ) {
        /* Remove pending operations, if applicable */
        pending_put ( &tls->client_negotiation );
        pending_put ( &tls->server_negotiation );
+       pending_put ( &tls->validation );
 
        /* Remove process */
        process_del ( &tls->process );
@@ -950,6 +951,7 @@ static void tls_restart ( struct tls_connection *tls ) {
        assert ( ! tls->tx_pending );
        assert ( ! is_pending ( &tls->client_negotiation ) );
        assert ( ! is_pending ( &tls->server_negotiation ) );
+       assert ( ! is_pending ( &tls->validation ) );
 
        /* (Re)initialise handshake context */
        digest_init ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx );
@@ -1875,6 +1877,7 @@ static int tls_new_server_hello_done ( struct tls_connection *tls,
                       "%s\n", tls, strerror ( rc ) );
                return rc;
        }
+       pending_get ( &tls->validation );
 
        return 0;
 }
@@ -2582,10 +2585,10 @@ static int tls_progress ( struct tls_connection *tls,
                          struct job_progress *progress ) {
 
        /* Return cipherstream or validator progress as applicable */
-       if ( tls_ready ( tls ) ) {
-               return job_progress ( &tls->cipherstream, progress );
-       } else {
+       if ( is_pending ( &tls->validation ) ) {
                return job_progress ( &tls->validator, progress );
+       } else {
+               return job_progress ( &tls->cipherstream, progress );
        }
 }
 
@@ -2820,6 +2823,9 @@ static void tls_validator_done ( struct tls_connection *tls, int rc ) {
        struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
        struct x509_certificate *cert;
 
+       /* Mark validation as complete */
+       pending_put ( &tls->validation );
+
        /* Close validator interface */
        intf_restart ( &tls->validator, rc );