sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-13 23:41:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

[tls] Display validator messages only while validation is in progress

Browse Source 
Allow the cipherstream to report progress status messages during
connection establishment.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2019-03-10 17:27:33 +00:00
parent b28ccfc725
commit 7b63c1275f
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/include/ipxe/tls.h
View File

@@ -335,6 +335,8 @@ struct tls_connection {
struct pending_operation client_negotiation; struct pending_operation client_negotiation;
/** Server security negotiation pending operation */ /** Server security negotiation pending operation */
struct pending_operation server_negotiation; struct pending_operation server_negotiation;
/** Certificate validation pending operation */
struct pending_operation validation;
/** TX sequence number */ /** TX sequence number */
uint64_t tx_seq; uint64_t tx_seq;

12
src/net/tls.c
View File

@@ -382,6 +382,7 @@ static void tls_close ( struct tls_connection *tls, int rc ) {
/* Remove pending operations, if applicable */ /* Remove pending operations, if applicable */
pending_put ( &tls->client_negotiation ); pending_put ( &tls->client_negotiation );
pending_put ( &tls->server_negotiation ); pending_put ( &tls->server_negotiation );
pending_put ( &tls->validation );
/* Remove process */ /* Remove process */
process_del ( &tls->process ); process_del ( &tls->process );
@@ -950,6 +951,7 @@ static void tls_restart ( struct tls_connection *tls ) {
assert ( ! tls->tx_pending ); assert ( ! tls->tx_pending );
assert ( ! is_pending ( &tls->client_negotiation ) ); assert ( ! is_pending ( &tls->client_negotiation ) );
assert ( ! is_pending ( &tls->server_negotiation ) ); assert ( ! is_pending ( &tls->server_negotiation ) );
assert ( ! is_pending ( &tls->validation ) );
/* (Re)initialise handshake context */ /* (Re)initialise handshake context */
digest_init ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx ); digest_init ( &md5_sha1_algorithm, tls->handshake_md5_sha1_ctx );
@@ -1875,6 +1877,7 @@ static int tls_new_server_hello_done ( struct tls_connection *tls,
"%s\n", tls, strerror ( rc ) ); "%s\n", tls, strerror ( rc ) );
return rc; return rc;
} }
pending_get ( &tls->validation );
return 0; return 0;
} }
@@ -2582,10 +2585,10 @@ static int tls_progress ( struct tls_connection *tls,
struct job_progress *progress ) { struct job_progress *progress ) {
/* Return cipherstream or validator progress as applicable */ /* Return cipherstream or validator progress as applicable */
if ( tls_ready ( tls ) ) { if ( is_pending ( &tls->validation ) ) {
return job_progress ( &tls->cipherstream, progress );
} else {
return job_progress ( &tls->validator, progress ); return job_progress ( &tls->validator, progress );
} else {
return job_progress ( &tls->cipherstream, progress );
} }
} }
@@ -2820,6 +2823,9 @@ static void tls_validator_done ( struct tls_connection *tls, int rc ) {
struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey; struct pubkey_algorithm *pubkey = cipherspec->suite->pubkey;
struct x509_certificate *cert; struct x509_certificate *cert;
/* Mark validation as complete */
pending_put ( &tls->validation );
/* Close validator interface */ /* Close validator interface */
intf_restart ( &tls->validator, rc ); intf_restart ( &tls->validator, rc );