[tls] Display cross-certificate and OCSP status messages

TLS connections will almost always create background connections to
perform cross-signed certificate downloads and OCSP checks.  There is
currently no direct visibility into which checks are taking place,
which makes troubleshooting difficult in the absence of either a
packet capture or a debug build.

Use the job progress message buffer to report the current cross-signed
certificate download or OCSP status check, where applicable.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 20 insertions, 0 deletions

diff --git a/src/net/tls.c b/src/net/tls.c
index 1cd37e776..510bef8c4 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -47,6 +47,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <ipxe/certstore.h>
 #include <ipxe/rbg.h>
 #include <ipxe/validator.h>
+#include <ipxe/job.h>
 #include <ipxe/tls.h>
 
 /* Disambiguate the various error causes */
@@ -2570,12 +2571,31 @@ static int tls_plainstream_deliver ( struct tls_connection *tls,
 	return rc;
 }
 
+/**
+ * Report job progress
+ *
+ * @v tls		TLS connection
+ * @v progress		Progress report to fill in
+ * @ret ongoing_rc	Ongoing job status code (if known)
+ */
+static int tls_progress ( struct tls_connection *tls,
+			  struct job_progress *progress ) {
+
+	/* Return cipherstream or validator progress as applicable */
+	if ( tls_ready ( tls ) ) {
+		return job_progress ( &tls->cipherstream, progress );
+	} else {
+		return job_progress ( &tls->validator, progress );
+	}
+}
+
 /** TLS plaintext stream interface operations */
 static struct interface_operation tls_plainstream_ops[] = {
 	INTF_OP ( xfer_deliver, struct tls_connection *,
 		  tls_plainstream_deliver ),
 	INTF_OP ( xfer_window, struct tls_connection *,
 		  tls_plainstream_window ),
+	INTF_OP ( job_progress, struct tls_connection *, tls_progress ),
 	INTF_OP ( intf_close, struct tls_connection *, tls_close ),
 };