[crypto] Expose certstore_del() to explicitly remove stored certificates

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/certstore.c

@@ -145,6 +145,20 @@ void certstore_add ( struct x509_certificate *cert ) {
 	       x509_name ( cert ) );
 }
 
+/**
+ * Remove certificate from store
+ *
+ * @v cert		X.509 certificate
+ */
+void certstore_del ( struct x509_certificate *cert ) {
+
+	/* Remove certificate from store */
+	DBGC ( &certstore, "CERTSTORE removed certificate %s\n",
+	       x509_name ( cert ) );
+	list_del ( &cert->store.list );
+	x509_put ( cert );
+}
+
 /**
  * Discard a stored certificate
  *
@@ -158,10 +172,7 @@ static unsigned int certstore_discard ( void ) {
 	 */
 	list_for_each_entry_reverse ( cert, &certstore.links, store.list ) {
 		if ( cert->refcnt.count == 0 ) {
-			DBGC ( &certstore, "CERTSTORE discarded certificate "
+			certstore_del ( cert );
-			       "%s\n", x509_name ( cert ) );
-			list_del ( &cert->store.list );
-			x509_put ( cert );
 			return 1;
 		}
 	}

src/include/ipxe/certstore.h

@@ -17,5 +17,6 @@ extern struct x509_chain certstore;
 extern struct x509_certificate * certstore_find ( struct asn1_cursor *raw );
 extern struct x509_certificate * certstore_find_key ( struct asn1_cursor *key );
 extern void certstore_add ( struct x509_certificate *cert );
+extern void certstore_del ( struct x509_certificate *cert );
 
 #endif /* _IPXE_CERTSTORE_H */