iPXE
|
A certificate validator. More...
Data Fields | |
struct refcnt | refcnt |
Reference count. More... | |
struct interface | job |
Job control interface. More... | |
struct interface | xfer |
Data transfer interface. More... | |
struct process | process |
Process. More... | |
int | rc |
Most relevant status code. More... | |
struct x509_root * | root |
Root of trust (or NULL to use default) More... | |
struct x509_chain * | chain |
X.509 certificate chain. More... | |
struct ocsp_check * | ocsp |
OCSP check. More... | |
struct xfer_buffer | buffer |
Data buffer. More... | |
const struct validator_action * | action |
Current action. More... | |
struct x509_certificate * | cert |
Current certificate (for progress reporting) More... | |
struct x509_link * | link |
Current link within certificate chain. More... | |
A certificate validator.
Definition at line 64 of file validator.c.
struct refcnt validator::refcnt |
struct interface validator::job |
Job control interface.
Definition at line 68 of file validator.c.
Referenced by create_validator(), and validator_finished().
struct interface validator::xfer |
Data transfer interface.
Definition at line 70 of file validator.c.
Referenced by create_validator(), validator_finished(), validator_start_download(), validator_start_ocsp(), and validator_xfer_close().
struct process validator::process |
Process.
Definition at line 73 of file validator.c.
Referenced by create_validator(), validator_finished(), and validator_xfer_close().
int validator::rc |
Most relevant status code.
The cross-signed certificate mechanism may attempt several downloads as it works its way up the provided partial chain to locate a suitable cross-signed certificate with which to complete the chain.
Some of these download or validation attempts may fail for uninteresting reasons (i.e. because a cross-signed certificate has never existed for that link in the chain).
We must therefore keep track of the most relevant error that has occurred, in order to be able to report a meaningful overall status to the user.
As a concrete example: consider the case of an expired OCSP signer for an intermediate certificate. This will cause OCSP validation to fail for that intermediate certificate, and this is the error that should eventually be reported to the user. We do not want to instead report the uninteresting fact that no cross-signed certificate was found for the remaining links in the chain, nor do we want to report just a generic "OCSP required" error.
We record the most relevant status code whenever a definitely relevant error occurs, and clear it whenever we successfully make forward progress (e.g. by completing OCSP, or by adding new cross-signed certificates).
When we subsequently attempt to validate the chain, we report the most relevant error status code (if recorded), otherwise we report the validation error itself.
Definition at line 107 of file validator.c.
Referenced by validator_append(), validator_ocsp_validate(), validator_start_download(), validator_start_ocsp(), and validator_step().
struct x509_root* validator::root |
Root of trust (or NULL to use default)
Definition at line 110 of file validator.c.
Referenced by create_validator(), validator_free(), and validator_step().
struct x509_chain* validator::chain |
X.509 certificate chain.
Definition at line 112 of file validator.c.
Referenced by create_validator(), validator_append(), validator_free(), validator_name(), and validator_step().
struct ocsp_check* validator::ocsp |
OCSP check.
Definition at line 114 of file validator.c.
Referenced by validator_free(), validator_ocsp_validate(), and validator_start_ocsp().
struct xfer_buffer validator::buffer |
Data buffer.
Definition at line 116 of file validator.c.
Referenced by create_validator(), validator_append(), validator_free(), validator_ocsp_validate(), validator_xfer_close(), and validator_xfer_deliver().
const struct validator_action* validator::action |
Current action.
Definition at line 119 of file validator.c.
Referenced by validator_progress(), validator_start_download(), validator_start_ocsp(), and validator_xfer_close().
struct x509_certificate* validator::cert |
Current certificate (for progress reporting)
This will always be present within the certificate chain and so this pointer does not hold a reference to the certificate.
Definition at line 126 of file validator.c.
Referenced by validator_append(), validator_ocsp_validate(), validator_progress(), validator_start_download(), and validator_start_ocsp().
struct x509_link* validator::link |
Current link within certificate chain.
Definition at line 128 of file validator.c.
Referenced by validator_append(), and validator_start_download().