diff options
| author | Michael Brown | 2019-03-10 18:27:33 +0100 |
|---|---|---|
| committer | Michael Brown | 2019-03-10 18:27:33 +0100 |
| commit | 7b63c1275f33e0fa20c0e59dcc1756899533823c (patch) | |
| tree | ad119504311f5f8c06a0a1d28bccf75a9df81b8d | |
| parent | [tls] Display cross-certificate and OCSP status messages (diff) | |
| download | ipxe-7b63c1275f33e0fa20c0e59dcc1756899533823c.tar.gz ipxe-7b63c1275f33e0fa20c0e59dcc1756899533823c.tar.xz ipxe-7b63c1275f33e0fa20c0e59dcc1756899533823c.zip | |
[tls] Display validator messages only while validation is in progress
Allow the cipherstream to report progress status messages during
connection establishment.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/include/ipxe/tls.h | 2 | ||||
| -rw-r--r-- | src/net/tls.c | 12 |
2 files changed, 11 insertions, 3 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index 4bffde7c..febbdc58 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -335,6 +335,8 @@ struct tls_connection { struct pending_operation client_negotiation; /** Server security negotiation pending operation */ struct pending_operation server_negotiation; + /** Certificate validation pending operation */ + struct pending_operation validation; /** TX sequence number */ uint64_t tx_seq; diff --git a/src/net/tls.c b/src/net/tls.c index 510bef8c..746274d6 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -382,6 +382,7 @@ static void tls_close ( struct tls_connection *tls, int rc ) { /* Remove pending operations, if applicable */ pending_put ( &tls->client_negotiation ); pending_put ( &tls->server_negotiation ); + pending_put ( &tls->validation ); /* Remove process */ process_del ( &tls->process ); @@ -950,6 +951,7 @@ static void tls_restart ( struct tls_connection *tls ) { assert ( ! tls->tx_pending ); assert ( ! is_pending ( &tls->client_negotiation ) ); assert ( ! is_pending ( &tls->server_negotiation ) ); + assert ( ! is_pending ( &tls->validation ) ); /* (Re)initialise handshake context */ digest_init ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx ); @@ -1875,6 +1877,7 @@ static int tls_new_server_hello_done ( struct tls_connection *tls, "%s\n", tls, strerror ( rc ) ); return rc; } + pending_get ( &tls->validation ); return 0; } @@ -2582,10 +2585,10 @@ static int tls_progress ( struct tls_connection *tls, struct job_progress *progress ) { /* Return cipherstream or validator progress as applicable */ - if ( tls_ready ( tls ) ) { - return job_progress ( &tls->cipherstream, progress ); - } else { + if ( is_pending ( &tls->validation ) ) { return job_progress ( &tls->validator, progress ); + } else { + return job_progress ( &tls->cipherstream, progress ); } } @@ -2820,6 +2823,9 @@ static void tls_validator_done ( struct tls_connection *tls, int rc ) { struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey; struct x509_certificate *cert; + /* Mark validation as complete */ + pending_put ( &tls->validation ); + /* Close validator interface */ intf_restart ( &tls->validator, rc ); |