/* Sanity checks */
assert ( cert != NULL );
assert ( issuer != NULL );
- assert ( issuer->valid );
+ assert ( x509_is_valid ( issuer ) );
/* Allocate and initialise check */
*ocsp = zalloc ( sizeof ( **ocsp ) );
root = &root_certificates;
/* Return success if certificate has already been validated */
- if ( cert->valid )
+ if ( x509_is_valid ( cert ) )
return 0;
/* Fail if certificate is invalid at specified time */
/* Succeed if certificate is a trusted root certificate */
if ( x509_check_root ( cert, root ) == 0 ) {
- cert->valid = 1;
+ cert->flags |= X509_FL_VALIDATED;
cert->path_remaining = ( cert->extensions.basic.path_len + 1 );
return 0;
}
}
/* Fail unless issuer has already been validated */
- if ( ! issuer->valid ) {
+ if ( ! x509_is_valid ( issuer ) ) {
DBGC ( cert, "X509 %p \"%s\" ", cert, x509_name ( cert ) );
DBGC ( cert, "issuer %p \"%s\" has not yet been validated\n",
issuer, x509_name ( issuer ) );
cert->path_remaining = max_path_remaining;
/* Mark certificate as valid */
- cert->valid = 1;
+ cert->flags |= X509_FL_VALIDATED;
DBGC ( cert, "X509 %p \"%s\" successfully validated using ",
cert, x509_name ( cert ) );
/** Link in certificate store */
struct x509_link store;
- /** Certificate has been validated */
- int valid;
+ /** Flags */
+ unsigned int flags;
/** Maximum number of subsequent certificates in chain */
unsigned int path_remaining;
struct x509_extensions extensions;
};
+/** X.509 certificate flags */
+enum x509_flags {
+ /** Certificate has been validated */
+ X509_FL_VALIDATED = 0x0001,
+};
+
/**
* Get reference to X.509 certificate
*
struct x509_root *root );
extern int x509_check_time ( struct x509_certificate *cert, time_t time );
+/**
+ * Check if X.509 certificate is valid
+ *
+ * @v cert X.509 certificate
+ */
+static inline int x509_is_valid ( struct x509_certificate *cert ) {
+ return ( cert->flags & X509_FL_VALIDATED );
+}
+
/**
* Invalidate X.509 certificate
*
* @v cert X.509 certificate
*/
static inline void x509_invalidate ( struct x509_certificate *cert ) {
- cert->valid = 0;
+ cert->flags &= ~X509_FL_VALIDATED;
cert->path_remaining = 0;
}
issuer = link->cert;
if ( ! cert )
continue;
- if ( ! issuer->valid )
+ if ( ! x509_is_valid ( issuer ) )
continue;
/* The issuer is valid, but this certificate is not
* yet valid. If OCSP is applicable, start it.
x509_invalidate ( cert );
/* Force-validate issuer certificate */
- issuer->valid = 1;
+ issuer->flags |= X509_FL_VALIDATED;
issuer->path_remaining = ( issuer->extensions.basic.path_len + 1 );
}
projects / thirdparty / ipxe.git / commitdiff
