diff options
| author | Michael Brown | 2012-05-22 01:45:31 +0200 |
|---|---|---|
| committer | Michael Brown | 2012-05-22 01:47:19 +0200 |
| commit | 071171e807b26d6f16c880674b52a553f26ccd08 (patch) | |
| tree | d9f1db9b3853363b75bb6884f5db6c0c6bcfba17 /src/usr | |
| parent | [monojob] Allow monojob to be completely silent (diff) | |
| download | ipxe-071171e807b26d6f16c880674b52a553f26ccd08.tar.gz ipxe-071171e807b26d6f16c880674b52a553f26ccd08.tar.xz ipxe-071171e807b26d6f16c880674b52a553f26ccd08.zip | |
[image] Allow "imgtrust" to automatically download cross-signed certificates
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/usr')
| -rw-r--r-- | src/usr/imgtrust.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/usr/imgtrust.c b/src/usr/imgtrust.c index 651f0493..be0ca6ee 100644 --- a/src/usr/imgtrust.c +++ b/src/usr/imgtrust.c @@ -25,6 +25,8 @@ FILE_LICENCE ( GPL2_OR_LATER ); #include <ipxe/uaccess.h> #include <ipxe/image.h> #include <ipxe/cms.h> +#include <ipxe/validator.h> +#include <ipxe/monojob.h> #include <usr/imgtrust.h> /** @file @@ -46,6 +48,7 @@ int imgverify ( struct image *image, struct image *signature, size_t len; void *data; struct cms_signature *sig; + struct cms_signer_info *info; time_t now; int rc; @@ -69,6 +72,14 @@ int imgverify ( struct image *image, struct image *signature, free ( data ); data = NULL; + /* Complete all certificate chains */ + list_for_each_entry ( info, &sig->info, list ) { + if ( ( rc = create_validator ( &monojob, info->chain ) ) != 0 ) + goto err_create_validator; + if ( ( rc = monojob_wait ( NULL ) ) != 0 ) + goto err_validator_wait; + } + /* Use signature to verify image */ now = time ( NULL ); if ( ( rc = cms_verify ( sig, image->data, image->len, @@ -86,6 +97,8 @@ int imgverify ( struct image *image, struct image *signature, return 0; err_verify: + err_validator_wait: + err_create_validator: cms_put ( sig ); err_parse: free ( data ); |