[crypto] Add previous certificate in chain as a parameter to parse_next()

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/x509.c

@@ -1143,8 +1143,10 @@ int x509_validate_time ( struct x509_certificate *cert, time_t time ) {
  * @v first		Initial X.509 certificate to fill in, or NULL
  * @ret rc		Return status code
  */
-int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
-						 void *context ),
+int x509_validate_chain ( int ( * parse_next )
+			  ( struct x509_certificate *cert,
+			    const struct x509_certificate *previous,
+			    void *context ),
 			  void *context, time_t time, struct x509_root *root,
 			  struct x509_certificate *first ) {
 	struct x509_certificate temp[2];
@@ -1159,7 +1161,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
 		root = &root_certificates;
 
 	/* Get first certificate in chain */
-	if ( ( rc = parse_next ( current, context ) ) != 0 ) {
+	if ( ( rc = parse_next ( current, NULL, context ) ) != 0 ) {
 		DBGC ( context, "X509 chain %p could not get first "
 		       "certificate: %s\n", context, strerror ( rc ) );
 		return rc;
@@ -1181,7 +1183,7 @@ int x509_validate_chain ( int ( * parse_next ) ( struct x509_certificate *cert,
 			return 0;
 
 		/* Get next certificate in chain */
-		if ( ( rc = parse_next ( next, context ) ) != 0 ) {
+		if ( ( rc = parse_next ( next, current, context ) ) != 0 ) {
 			DBGC ( context, "X509 chain %p could not get next "
 			       "certificate: %s\n", context, strerror ( rc ) );
 			return rc;

src/include/ipxe/x509.h

@@ -183,6 +183,7 @@ extern int x509_validate_root ( struct x509_certificate *cert,
 extern int x509_validate_time ( struct x509_certificate *cert, time_t time );
 extern int x509_validate_chain ( int ( * parse_next )
 				 ( struct x509_certificate *cert,
+				   const struct x509_certificate *previous,
 				   void *context ),
 				 void *context, time_t time,
 				 struct x509_root *root,

src/net/tls.c

@@ -1281,10 +1281,13 @@ struct tls_certificate_context {
  * Parse next certificate in TLS certificate list
  *
  * @v cert		X.509 certificate to fill in
+ * @v previous		Previous X.509 certificate, or NULL
  * @v ctx		Context
  * @ret rc		Return status code
  */
-static int tls_parse_next ( struct x509_certificate *cert, void *ctx ) {
+static int tls_parse_next ( struct x509_certificate *cert,
+			    const struct x509_certificate *previous __unused,
+			    void *ctx ) {
 	struct tls_certificate_context *context = ctx;
 	struct tls_session *tls = context->tls;
 	const struct {

src/tests/x509_test.c

@@ -695,10 +695,14 @@ struct x509_test_chain_context {
  * Parse next certificate in chain
  *
  * @v cert		X.509 certificate to parse
+ * @v previous		Previous X.509 certificate, or NULL
  * @v ctx		Chain context
  * @ret rc		Return status code
  */
-static int x509_test_parse_next ( struct x509_certificate *cert, void *ctx ) {
+static int
+x509_test_parse_next ( struct x509_certificate *cert,
+		       const struct x509_certificate *previous __unused,
+		       void *ctx ) {
 	struct x509_test_chain_context *context = ctx;
 	struct x509_test_certificate *test_cert;