diff options
author | Michael Brown <mcb30@ipxe.org> | 2024-02-13 16:27:31 +0000 |
---|---|---|
committer | Michael Brown <mcb30@ipxe.org> | 2024-02-14 16:40:05 +0000 |
commit | 3e721e0c0836588b64deb6e1c1befd08f0f02e71 (patch) | |
tree | 417c4347622771d4fb5183cf292a69e621826519 /src/include/ipxe | |
parent | e10dfe5dc7a5985333c85d6b196196b5cce9303a (diff) | |
download | ipxe-3e721e0c0836588b64deb6e1c1befd08f0f02e71.zip ipxe-3e721e0c0836588b64deb6e1c1befd08f0f02e71.tar.gz ipxe-3e721e0c0836588b64deb6e1c1befd08f0f02e71.tar.bz2 |
[crypto] Add x509_truncate() to truncate a certificate chain
Downloading a cross-signed certificate chain to partially replace
(rather than simply extend) an existing chain will require the ability
to discard all certificates after a specified link in the chain.
Extract the relevant logic from x509_free_chain() and expose it
separately as x509_truncate().
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe')
-rw-r--r-- | src/include/ipxe/x509.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index c703c8f..5cad459 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -391,6 +391,7 @@ extern int x509_append ( struct x509_chain *chain, struct x509_certificate *cert ); extern int x509_append_raw ( struct x509_chain *chain, const void *data, size_t len ); +extern void x509_truncate ( struct x509_chain *chain, struct x509_link *link ); extern int x509_auto_append ( struct x509_chain *chain, struct x509_chain *certs ); extern int x509_validate_chain ( struct x509_chain *chain, time_t time, |