[crypto] Centralise mechanisms for identifying X.509 certificates

Centralise all current mechanisms for identifying an X.509 certificate (by raw content, by subject, by issuer and serial number, and by matching public key), and remove the certstore-specific and CMS-specific variants of these functions. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-17 18:11:49 +03:00 · 2024-08-12 12:26:52 +01:00
parent 59e2b03e6a
commit d85590b658
6 changed files with 139 additions and 93 deletions
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -2467,7 +2467,7 @@ static int tls_new_certificate_request ( struct tls_connection *tls,
 	tls->certs = NULL;

 	/* Determine client certificate to be sent */
-	cert = certstore_find_key ( tls->key );
+	cert = x509_find_key ( &certstore, tls->key );
 	if ( ! cert ) {
 		DBGC ( tls, "TLS %p could not find certificate corresponding "
 		       "to private key\n", tls );