[tls] Allow provision of a client certificate chain

Use the existing certificate store to automatically append any available issuing certificates to the selected client certificate. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-19 19:49:45 +03:00 · 2020-12-04 15:56:13 +00:00
parent 2b6b02ee7e
commit 25b53afa5b
2 changed files with 79 additions and 32 deletions
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -319,8 +319,8 @@ struct tls_connection {
 	struct digest_algorithm *handshake_digest;
 	/** Digest algorithm context used for handshake verification */
 	uint8_t *handshake_ctx;
-	/** Client certificate (if used) */
-	struct x509_certificate *cert;
+	/** Client certificate chain (if used) */
+	struct x509_chain *certs;
 	/** Secure renegotiation flag */
 	int secure_renegotiation;
 	/** Verification data */