aboutsummaryrefslogtreecommitdiff
path: root/src/include/ipxe/x509.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/ipxe/x509.h')
-rw-r--r--src/include/ipxe/x509.h22
1 files changed, 22 insertions, 0 deletions
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index d2ba49f..87323ce 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -171,6 +171,28 @@ struct x509_link {
struct list_head list;
/** Certificate */
struct x509_certificate *cert;
+ /** Flags */
+ unsigned int flags;
+};
+
+/** X.509 certficate chain link flags */
+enum x509_link_flags {
+ /** Cross-signed certificate download has been attempted
+ *
+ * This indicates that a cross-signature download attempt has
+ * been made to find a cross-signed issuer for this link's
+ * certificate.
+ */
+ X509_LINK_FL_CROSSED = 0x0001,
+ /** OCSP has been attempted
+ *
+ * This indicates that an OCSP attempt has been made using
+ * this link's certificate as an issuer. (We record the flag
+ * on the issuer rather than on the issued certificate, since
+ * we want to retry OCSP if an issuer is replaced with a
+ * downloaded cross-signed certificate.)
+ */
+ X509_LINK_FL_OCSPED = 0x0002,
};
/** An X.509 certificate chain */
generated by cgit v1.1 at 2024-07-17 02:58:31 +0000