[crypto] Allow passing a NULL certificate store to x509_find() et al

Allow passing a NULL value for the certificate list to all functions used for identifying an X.509 certificate from an existing set of certificates, and rename function parameters to indicate that this certificate list represents an unordered certificate store (rather than an ordered certificate chain). Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-04-04 03:00:20 +03:00 · 2024-08-13 12:25:25 +01:00
parent d85590b658
commit 96fb7a0a93
4 changed files with 55 additions and 40 deletions
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -2467,7 +2467,7 @@ static int tls_new_certificate_request ( struct tls_connection *tls,
 	tls->certs = NULL;

 	/* Determine client certificate to be sent */
-	cert = x509_find_key ( &certstore, tls->key );
+	cert = x509_find_key ( NULL, tls->key );
 	if ( ! cert ) {
 		DBGC ( tls, "TLS %p could not find certificate corresponding "
 		       "to private key\n", tls );