robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[crypto] Allow cross-certificate source to be configured at build time 

Provide a build option CROSSCERT in config/crypto.h to allow the
default cross-signed certificate source to be configured at build
time.  The ${crosscert} setting may still be used to reconfigure the
cross-signed certificate source at runtime.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 8 years ago
parent
c4e8c40227
commit
f8e1678b84
2 changed files with 10 additions and 1 deletions
Split View Show Diff Stats
  1. 8
    0
      src/config/crypto.h
  2. 2
    1
      src/net/validator.c

+ 8
- 0
src/config/crypto.h View File 

@@ -50,6 +50,14 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
50 50 
  */
51 51 
 #define TIMESTAMP_ERROR_MARGIN ( ( 12 * 60 + 30 ) * 60 )
52 52
53 
+/** Default cross-signed certificate source
54 
+ *
55 
+ * This is the default location from which iPXE will attempt to
56 
+ * download cross-signed certificates in order to complete a
57 
+ * certificate chain.
58 
+ */
59 
+#define CROSSCERT "http://ca.ipxe.org/auto"
60 
+
53 61 
 #include <config/named.h>
54 62 
 #include NAMED_CONFIG(crypto.h)
55 63 
 #include <config/local/crypto.h>

+ 2
- 1
src/net/validator.c View File 

@@ -41,6 +41,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
41 41 
 #include <ipxe/crc32.h>
42 42 
 #include <ipxe/ocsp.h>
43 43 
 #include <ipxe/validator.h>
44 
+#include <config/crypto.h>
44 45
45 46 
 /** @file
46 47 
  *
 
@@ -133,7 +134,7 @@ const struct setting crosscert_setting __setting ( SETTING_CRYPTO, crosscert )={
133 134 
 };
134 135
135 136 
 /** Default cross-signed certificate source */
136 
-static const char crosscert_default[] = "http://ca.ipxe.org/auto";
137 
+static const char crosscert_default[] = CROSSCERT;
137 138
138 139 
 /**
139 140 
  * Append cross-signing certificates to certificate chain

Write Preview
Loading…
Cancel
Save