[crypto] Add x509_truncate() to truncate a certificate chain

Downloading a cross-signed certificate chain to partially replace (rather than simply extend) an existing chain will require the ability to discard all certificates after a specified link in the chain. Extract the relevant logic from x509_free_chain() and expose it separately as x509_truncate(). Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Michael Brown <mcb30@ipxe.org> 2024-02-13 16:27:31 +0000
committer: Michael Brown <mcb30@ipxe.org> 2024-02-14 16:40:05 +0000
commit: 3e721e0c0836588b64deb6e1c1befd08f0f02e71 (patch)
tree: 417c4347622771d4fb5183cf292a69e621826519 /src/include/ipxe
parent: e10dfe5dc7a5985333c85d6b196196b5cce9303a (diff)
download: ipxe-3e721e0c0836588b64deb6e1c1befd08f0f02e71.zip
ipxe-3e721e0c0836588b64deb6e1c1befd08f0f02e71.tar.gz
ipxe-3e721e0c0836588b64deb6e1c1befd08f0f02e71.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index c703c8f..5cad459 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -391,6 +391,7 @@ extern int x509_append ( struct x509_chain *chain,
 			 struct x509_certificate *cert );
 extern int x509_append_raw ( struct x509_chain *chain, const void *data,
 			     size_t len );
+extern void x509_truncate ( struct x509_chain *chain, struct x509_link *link );
 extern int x509_auto_append ( struct x509_chain *chain,
 			      struct x509_chain *certs );
 extern int x509_validate_chain ( struct x509_chain *chain, time_t time,
author	Michael Brown <mcb30@ipxe.org>	2024-02-13 16:27:31 +0000
committer	Michael Brown <mcb30@ipxe.org>	2024-02-14 16:40:05 +0000
commit	3e721e0c0836588b64deb6e1c1befd08f0f02e71 (patch)
tree	417c4347622771d4fb5183cf292a69e621826519 /src/include/ipxe
parent	e10dfe5dc7a5985333c85d6b196196b5cce9303a (diff)
download	ipxe-3e721e0c0836588b64deb6e1c1befd08f0f02e71.zip ipxe-3e721e0c0836588b64deb6e1c1befd08f0f02e71.tar.gz ipxe-3e721e0c0836588b64deb6e1c1befd08f0f02e71.tar.bz2