From ff28b22568ebc2cb885beae5d0c95ddcf94dca8a Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Thu, 25 Aug 2016 15:41:57 +0100
Subject: [crypto] Generalise X.509 "valid" field to a "flags" field

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/include/ipxe/x509.h | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

(limited to 'src/include/ipxe/x509.h')

diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index 80c2e3c6..58f91c01 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -189,8 +189,8 @@ struct x509_certificate {
 	/** Link in certificate store */
 	struct x509_link store;
 
-	/** Certificate has been validated */
-	int valid;
+	/** Flags */
+	unsigned int flags;
 	/** Maximum number of subsequent certificates in chain */
 	unsigned int path_remaining;
 
@@ -216,6 +216,12 @@ struct x509_certificate {
 	struct x509_extensions extensions;
 };
 
+/** X.509 certificate flags */
+enum x509_flags {
+	/** Certificate has been validated */
+	X509_FL_VALIDATED = 0x0001,
+};
+
 /**
  * Get reference to X.509 certificate
  *
@@ -373,13 +379,22 @@ extern int x509_check_root ( struct x509_certificate *cert,
 			     struct x509_root *root );
 extern int x509_check_time ( struct x509_certificate *cert, time_t time );
 
+/**
+ * Check if X.509 certificate is valid
+ *
+ * @v cert		X.509 certificate
+ */
+static inline int x509_is_valid ( struct x509_certificate *cert ) {
+	return ( cert->flags & X509_FL_VALIDATED );
+}
+
 /**
  * Invalidate X.509 certificate
  *
  * @v cert		X.509 certificate
  */
 static inline void x509_invalidate ( struct x509_certificate *cert ) {
-	cert->valid = 0;
+	cert->flags &= ~X509_FL_VALIDATED;
 	cert->path_remaining = 0;
 }
 
-- 
cgit v1.2.3-55-g7522