From 8685280cbddc6e2d050d5e94719cab5d4ba866fc Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Tue, 20 Mar 2012 13:32:20 +0000 Subject: [build] Allow a client certificate to be specified at build time Allow a client certificate and corresponding private key to be specified at build time using the syntax make CERT=/path/to/certificate KEY=/path/to/key The build process uses openssl to convert the files into DER format, and includes them within the client certificate store in clientcert.c. The build process will prompt for the private key password if applicable. Note that the private key is stored unencrypted, and so the resulting iPXE binary (and the temporary files created during the build process) should be treated as being equivalent to an unencrypted private key file. Signed-off-by: Michael Brown --- src/include/ipxe/clientcert.h | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 src/include/ipxe/clientcert.h (limited to 'src/include/ipxe') diff --git a/src/include/ipxe/clientcert.h b/src/include/ipxe/clientcert.h new file mode 100644 index 000000000..08f62eb73 --- /dev/null +++ b/src/include/ipxe/clientcert.h @@ -0,0 +1,43 @@ +#ifndef _IPXE_CLIENTCERT_H +#define _IPXE_CLIENTCERT_H + +/** @file + * + * Client certificate store + * + */ + +FILE_LICENCE ( GPL2_OR_LATER ); + +#include + +/** A client certificate */ +struct client_certificate { + /** Data */ + const void *data; + /** Length */ + size_t len; +}; + +/** A client private key */ +struct client_private_key { + /** Data */ + const void *data; + /** Length */ + size_t len; +}; + +extern struct client_certificate client_certificate; +extern struct client_private_key client_private_key; + +/** + * Check for presence of a client certificate + * + * @ret have_cert We have a client certificate and private key + */ +static inline int have_client_certificate ( void ) { + return ( ( client_certificate.len > 0 ) && + ( client_private_key.len > 0 ) ); +} + +#endif /* _IPXE_CLIENTCERT_H */ -- cgit v1.2.3-55-g7522