robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[tls] Display validator messages only while validation is in progress 

Allow the cipherstream to report progress status messages during
connection establishment.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 5 years ago
parent
b28ccfc725
commit
7b63c1275f
2 changed files with 11 additions and 3 deletions
Split View Show Diff Stats
  1. 2
    0
      src/include/ipxe/tls.h
  2. 9
    3
      src/net/tls.c

+ 2
- 0
src/include/ipxe/tls.h View File 

@@ -335,6 +335,8 @@ struct tls_connection {
335 335 
 	struct pending_operation client_negotiation;
336 336 
 	/** Server security negotiation pending operation */
337 337 
 	struct pending_operation server_negotiation;
338 
+	/** Certificate validation pending operation */
339 
+	struct pending_operation validation;
338 340
339 341 
 	/** TX sequence number */
340 342 
 	uint64_t tx_seq;

+ 9
- 3
src/net/tls.c View File 

@@ -382,6 +382,7 @@ static void tls_close ( struct tls_connection *tls, int rc ) {
382 382 
 	/* Remove pending operations, if applicable */
383 383 
 	pending_put ( &tls->client_negotiation );
384 384 
 	pending_put ( &tls->server_negotiation );
385 
+	pending_put ( &tls->validation );
385 386
386 387 
 	/* Remove process */
387 388 
 	process_del ( &tls->process );
 
@@ -950,6 +951,7 @@ static void tls_restart ( struct tls_connection *tls ) {
950 951 
 	assert ( ! tls->tx_pending );
951 952 
 	assert ( ! is_pending ( &tls->client_negotiation ) );
952 953 
 	assert ( ! is_pending ( &tls->server_negotiation ) );
954 
+	assert ( ! is_pending ( &tls->validation ) );
953 955
954 956 
 	/* (Re)initialise handshake context */
955 957 
 	digest_init ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx );
 
@@ -1875,6 +1877,7 @@ static int tls_new_server_hello_done ( struct tls_connection *tls,
1875 1877 
 		       "%s\n", tls, strerror ( rc ) );
1876 1878 
 		return rc;
1877 1879 
 	}
1880 
+	pending_get ( &tls->validation );
1878 1881
1879 1882 
 	return 0;
1880 1883 
 }
 
@@ -2582,10 +2585,10 @@ static int tls_progress ( struct tls_connection *tls,
2582 2585 
 			  struct job_progress *progress ) {
2583 2586
2584 2587 
 	/* Return cipherstream or validator progress as applicable */
2585 
-	if ( tls_ready ( tls ) ) {
2586 
-		return job_progress ( &tls->cipherstream, progress );
2587 
-	} else {
2588 
+	if ( is_pending ( &tls->validation ) ) {
2588 2589 
 		return job_progress ( &tls->validator, progress );
2590 
+	} else {
2591 
+		return job_progress ( &tls->cipherstream, progress );
2589 2592 
 	}
2590 2593 
 }
2591 2594 
 
@@ -2820,6 +2823,9 @@ static void tls_validator_done ( struct tls_connection *tls, int rc ) {
2820 2823 
 	struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
2821 2824 
 	struct x509_certificate *cert;
2822 2825
2826 
+	/* Mark validation as complete */
2827 
+	pending_put ( &tls->validation );
2828 
+
2823 2829 
 	/* Close validator interface */
2824 2830 
 	intf_restart ( &tls->validator, rc );
2825 2831

Write Preview
Loading…
Cancel
Save