netfilter: nf_tables: add nft_set_elem_expr_alloc()

[mirror_ubuntu-focal-kernel.git] / certs / Kconfig

diff --git a/certs/Kconfig b/certs/Kconfig
index c94e93d8bccf038f4684c4cce93d558d9e7269ff..ab88d2a7f3c7fb38526b334562cd7b283ca5ea62 100644 (file)
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -83,4 +83,21 @@ config SYSTEM_BLACKLIST_HASH_LIST
          wrapper to incorporate the list into the kernel.  Each <hash> should
          be a string of hex digits.
 
+config SYSTEM_REVOCATION_LIST
+       bool "Provide system-wide ring of revocation certificates"
+       depends on SYSTEM_BLACKLIST_KEYRING
+       depends on PKCS7_MESSAGE_PARSER=y
+       help
+         If set, this allows revocation certificates to be stored in the
+         blacklist keyring and implements a hook whereby a PKCS#7 message can
+         be checked to see if it matches such a certificate.
+
+config SYSTEM_REVOCATION_KEYS
+       string "X.509 certificates to be preloaded into the system blacklist keyring"
+       depends on SYSTEM_REVOCATION_LIST
+       help
+         If set, this option should be the filename of a PEM-formatted file
+         containing X.509 certificates to be included in the default blacklist
+         keyring.
+
 endmenu