[crypto] Allow certificate chains to be long-lived data structures - openslx-ng/ipxe.git - Fork of ipxe; additional commands and features

diff options

author	Michael Brown	2012-05-04 18:12:32 +0200
committer	Michael Brown	2012-05-04 18:54:31 +0200
commit	557f467bab42b47d91b08e936fbe2ffa8e80f2e7 (patch)
tree	ac81d6db346318baa0048444f2989144b27a0eca /src/tests/comboot
parent	[time] Add Linux time source using gettimeofday() (diff)
download	ipxe-557f467bab42b47d91b08e936fbe2ffa8e80f2e7.tar.gz ipxe-557f467bab42b47d91b08e936fbe2ffa8e80f2e7.tar.xz ipxe-557f467bab42b47d91b08e936fbe2ffa8e80f2e7.zip

[crypto] Allow certificate chains to be long-lived data structures

At present, certificate chain validation is treated as an instantaneous process that can be carried out using only data that is already in memory. This model does not allow for validation to include non-instantaneous steps, such as downloading a cross-signing certificate, or determining certificate revocation status via OCSP. Redesign the internal representation of certificate chains to allow chains to outlive the scope of the original source of certificates (such as a TLS Certificate record). Allow for certificates to be cached, so that each certificate needs to be validated only once. Signed-off-by: Michael Brown <mcb30@ipxe.org>

Diffstat (limited to 'src/tests/comboot')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: