[ipxe-devel] Embedding certificates

Michael Brown mcb30 at ipxe.org
Thu May 7 08:47:44 UTC 2015


On 06/05/15 22:06, Nicolas Sylvain wrote:
> The next step is to be able to find the name of the .der file in the
> crosscert path.  It's a checksum of something, but it was not clear to
> me what it was.

Thanks for documenting this!

For reference, the "checksum of something" is the CRC32 of the raw DER 
bytes comprising the X.509 subject name.  This is chosen since:

a) it can be calculated from the X.509 issuer name of the certificate 
for which iPXE currently needs to locate a cross-signed certificate,

b) it's trivial to calculate at the point of use in the iPXE codebase, 
since we already have a ptr+len for the raw X.509 issuer name,

c) it gives a fixed-length filename and so is easy to construct in C.

Michael



More information about the ipxe-devel mailing list