[crypto] Add asynchronous certificate validator

To allow for automatic download of cross-signing certificates and for
OCSP, the validation of certificates must be an asynchronous process.
Create a stub validator which uses a job-control interface to report
the result of certificate validation.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/include/ipxe/errfile.h

@@ -258,6 +258,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #define ERRFILE_imgtrust	      ( ERRFILE_OTHER | 0x002b0000 )
 #define ERRFILE_menu_ui		      ( ERRFILE_OTHER | 0x002c0000 )
 #define ERRFILE_menu_cmd	      ( ERRFILE_OTHER | 0x002d0000 )
+#define ERRFILE_validator	      ( ERRFILE_OTHER | 0x002e0000 )
 
 /** @} */
 

src/include/ipxe/validator.h

@@ -0,0 +1,17 @@
+#ifndef _IPXE_VALIDATOR_H
+#define _IPXE_VALIDATOR_H
+
+/** @file
+ *
+ * Certificate validator
+ *
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER );
+
+#include <ipxe/interface.h>
+#include <ipxe/x509.h>
+
+extern int create_validator ( struct interface *job, struct x509_chain *chain );
+
+#endif /* _IPXE_VALIDATOR_H */