[crypto] Allow cross-certificate source to be configured at build time

Provide a build option CROSSCERT in config/crypto.h to allow the
default cross-signed certificate source to be configured at build
time.  The ${crosscert} setting may still be used to reconfigure the
cross-signed certificate source at runtime.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/config/crypto.h b/src/config/crypto.h
index bccfc04b83b94372aea2308bb8ee1ea03f9aa6fa..8f885c5543b4e6348a76e29933e77b9a3aaa07f8 100644 (file)
--- a/src/config/crypto.h
+++ b/src/config/crypto.h
@@ -50,6 +50,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  */
 #define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )
 
+/** Default cross-signed certificate source
+ *
+ * This is the default location from which iPXE will attempt to
+ * download cross-signed certificates in order to complete a
+ * certificate chain.
+ */
+#define CROSSCERT "http://ca.ipxe.org/auto"
+
 #include <config/named.h>
 #include NAMED_CONFIG(crypto.h)
 #include <config/local/crypto.h>

diff --git a/src/net/validator.c b/src/net/validator.c
index db968398a230f4014ac146be658cca90fa47f6f0..57ad0e7b6a872f067dff63f1b154b47024b9a87f 100644 (file)
--- a/src/net/validator.c
+++ b/src/net/validator.c
@@ -41,6 +41,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/crc32.h>
 #include <ipxe/ocsp.h>
 #include <ipxe/validator.h>
+#include <config/crypto.h>
 
 /** @file
  *
@@ -133,7 +134,7 @@ const struct setting crosscert_setting __setting ( SETTING_CRYPTO, crosscert )={
 };
 
 /** Default cross-signed certificate source */
-static const char crosscert_default[] = "http://ca.ipxe.org/auto";
+static const char crosscert_default[] = CROSSCERT;
 
 /**
  * Append cross-signing certificates to certificate chain