summaryrefslogtreecommitdiff
path: root/build/fuzz/run-afl.sh
diff options
context:
space:
mode:
authorLaszlo Ersek <lersek@redhat.com>2018-03-27 17:28:11 +0200
committerDaiki Ueno <ueno@gnu.org>2018-03-30 08:45:49 +0200
commitee27f9153a14d0c6d75f8745a8c1879a6e4bb2e8 (patch)
treee519b7a0c031cd8cfedbabb289d2feefcd32b057 /build/fuzz/run-afl.sh
parent59054e4f9fe3e95f8db881973901ab59a0b1ef8a (diff)
trust: implement the "edk2-cacerts" extractor
Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST format that is - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), - and expected by edk2's HttpDxe when it configures the certificate list for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). The intended command line is p11-kit extract \ --format=edk2-cacerts \ --filter=ca-anchors \ --overwrite \ --purpose=server-auth \ $DEST/edk2/cacerts.bin Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'build/fuzz/run-afl.sh')
0 files changed, 0 insertions, 0 deletions