1 files changed, 26 insertions, 1 deletions

diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index cac2f19f0..c703c8f10 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -340,8 +340,10 @@ struct x509_access_method {
 			  const struct asn1_cursor *raw );
 };
 
-/** An X.509 root certificate store */
+/** An X.509 root certificate list */
 struct x509_root {
+	/** Reference count */
+	struct refcnt refcnt;
 	/** Fingerprint digest algorithm */
 	struct digest_algorithm *digest;
 	/** Number of certificates */
@@ -350,6 +352,28 @@ struct x509_root {
 	const void *fingerprints;
 };
 
+/**
+ * Get reference to X.509 root certificate list
+ *
+ * @v root		X.509 root certificate list
+ * @ret root		X.509 root certificate list
+ */
+static inline __attribute__ (( always_inline )) struct x509_root *
+x509_root_get ( struct x509_root *root ) {
+	ref_get ( &root->refcnt );
+	return root;
+}
+
+/**
+ * Drop reference to X.509 root certificate list
+ *
+ * @v root		X.509 root certificate list
+ */
+static inline __attribute__ (( always_inline )) void
+x509_root_put ( struct x509_root *root ) {
+	ref_put ( &root->refcnt );
+}
+
 extern const char * x509_name ( struct x509_certificate *cert );
 extern int x509_parse ( struct x509_certificate *cert,
 			const struct asn1_cursor *raw );
@@ -391,6 +415,7 @@ extern int x509_check_time ( struct x509_certificate *cert, time_t time );
  * @v cert		X.509 certificate
  */
 static inline void x509_invalidate ( struct x509_certificate *cert ) {
+	x509_root_put ( cert->root );
 	cert->root = NULL;
 	cert->path_remaining = 0;
 }