mirror of
git://git.openembedded.org/meta-openembedded
synced 2026-04-02 02:49:12 +00:00
a825b85363
Add handling of ca-chains which can consist of more than one certificate in a .pem file, which need to be split off, processed and stored separately in the softhsm - as the tool-chain signing.bbclass::signing_import_cert* -> softhsm -> 'extract-cert' only supports one-per-file, due to using/expecting "plain" x509 in-/output. The added signing_import_cert_chain_from_pem function takes a <role> basename, and iterates through the input .pem file, creating numbered <role>_1, _2, ... roles as needed. Afterwards the certificates can be used or extracted one-by-one from the softhsm, using the numbered roles; the only precondition - or limitation - is that the PKI structure has to be known beforhand; e.g. how many certificates are between leaf and root. Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>