[tls] Display validator messages only while validation is in progress

Allow the cipherstream to report progress status messages during
connection establishment.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/include/ipxe/tls.h

 	struct pending_operation client_negotiation;
 	/** Server security negotiation pending operation */
 	struct pending_operation server_negotiation;
+	/** Certificate validation pending operation */
+	struct pending_operation validation;
 
 	/** TX sequence number */
 	uint64_t tx_seq;

src/net/tls.c

 	/* Remove pending operations, if applicable */
 	pending_put ( &tls->client_negotiation );
 	pending_put ( &tls->server_negotiation );
+	pending_put ( &tls->validation );
 
 	/* Remove process */
 	process_del ( &tls->process );
 	assert ( ! tls->tx_pending );
 	assert ( ! is_pending ( &tls->client_negotiation ) );
 	assert ( ! is_pending ( &tls->server_negotiation ) );
+	assert ( ! is_pending ( &tls->validation ) );
 
 	/* (Re)initialise handshake context */
 	digest_init ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx );
 		       "%s\n", tls, strerror ( rc ) );
 		return rc;
 	}
+	pending_get ( &tls->validation );
 
 	return 0;
 }
 			  struct job_progress *progress ) {
 
 	/* Return cipherstream or validator progress as applicable */
-	if ( tls_ready ( tls ) ) {
-		return job_progress ( &tls->cipherstream, progress );
-	} else {
+	if ( is_pending ( &tls->validation ) ) {
 		return job_progress ( &tls->validator, progress );
+	} else {
+		return job_progress ( &tls->cipherstream, progress );
 	}
 }
 
 	struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
 	struct x509_certificate *cert;
 
+	/* Mark validation as complete */
+	pending_put ( &tls->validation );
+
 	/* Close validator interface */
 	intf_restart ( &tls->validator, rc );