diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x509_vfy.h')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.h | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index e3a1db2407..4b81e8a2cd 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.h,v 1.16 2015/09/14 16:13:39 jsing Exp $ */ | 1 | /* $OpenBSD: x509_vfy.h,v 1.17 2016/11/05 20:14:59 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -147,6 +147,8 @@ typedef struct x509_lookup_method_st | |||
| 147 | X509_OBJECT *ret); | 147 | X509_OBJECT *ret); |
| 148 | } X509_LOOKUP_METHOD; | 148 | } X509_LOOKUP_METHOD; |
| 149 | 149 | ||
| 150 | typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; | ||
| 151 | |||
| 150 | /* This structure hold all parameters associated with a verify operation | 152 | /* This structure hold all parameters associated with a verify operation |
| 151 | * by including an X509_VERIFY_PARAM structure in related structures the | 153 | * by including an X509_VERIFY_PARAM structure in related structures the |
| 152 | * parameters used can be customized | 154 | * parameters used can be customized |
| @@ -162,7 +164,8 @@ typedef struct X509_VERIFY_PARAM_st | |||
| 162 | int trust; /* trust setting to check */ | 164 | int trust; /* trust setting to check */ |
| 163 | int depth; /* Verify depth */ | 165 | int depth; /* Verify depth */ |
| 164 | STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ | 166 | STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ |
| 165 | } X509_VERIFY_PARAM; | 167 | X509_VERIFY_PARAM_ID *id; /* opaque ID data */ |
| 168 | } X509_VERIFY_PARAM; | ||
| 166 | 169 | ||
| 167 | DECLARE_STACK_OF(X509_VERIFY_PARAM) | 170 | DECLARE_STACK_OF(X509_VERIFY_PARAM) |
| 168 | 171 | ||
| @@ -288,8 +291,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); | |||
| 288 | (long)(type),NULL) | 291 | (long)(type),NULL) |
| 289 | 292 | ||
| 290 | #define X509_V_OK 0 | 293 | #define X509_V_OK 0 |
| 291 | /* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */ | 294 | #define X509_V_ERR_UNSPECIFIED 1 |
| 292 | |||
| 293 | #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 | 295 | #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 |
| 294 | #define X509_V_ERR_UNABLE_TO_GET_CRL 3 | 296 | #define X509_V_ERR_UNABLE_TO_GET_CRL 3 |
| 295 | #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 | 297 | #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 |
| @@ -351,6 +353,16 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); | |||
| 351 | /* The application is not happy */ | 353 | /* The application is not happy */ |
| 352 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 | 354 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 |
| 353 | 355 | ||
| 356 | /* Host, email and IP check errors */ | ||
| 357 | #define X509_V_ERR_HOSTNAME_MISMATCH 62 | ||
| 358 | #define X509_V_ERR_EMAIL_MISMATCH 63 | ||
| 359 | #define X509_V_ERR_IP_ADDRESS_MISMATCH 64 | ||
| 360 | |||
| 361 | /* Caller error */ | ||
| 362 | #define X509_V_ERR_INVALID_CALL 65 | ||
| 363 | /* Issuer lookup error */ | ||
| 364 | #define X509_V_ERR_STORE_LOOKUP 66 | ||
| 365 | |||
| 354 | /* Certificate verify flags */ | 366 | /* Certificate verify flags */ |
| 355 | 367 | ||
| 356 | /* Send issuer+subject checks to verify_cb */ | 368 | /* Send issuer+subject checks to verify_cb */ |
| @@ -383,6 +395,16 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); | |||
| 383 | #define X509_V_FLAG_USE_DELTAS 0x2000 | 395 | #define X509_V_FLAG_USE_DELTAS 0x2000 |
| 384 | /* Check selfsigned CA signature */ | 396 | /* Check selfsigned CA signature */ |
| 385 | #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 | 397 | #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 |
| 398 | /* Use trusted store first */ | ||
| 399 | #define X509_V_FLAG_TRUSTED_FIRST 0x8000 | ||
| 400 | /* Allow partial chains if at least one certificate is in trusted store */ | ||
| 401 | #define X509_V_FLAG_PARTIAL_CHAIN 0x80000 | ||
| 402 | |||
| 403 | /* If the initial chain is not trusted, do not attempt to build an alternative | ||
| 404 | * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag | ||
| 405 | * will force the behaviour to match that of previous versions. */ | ||
| 406 | #define X509_V_FLAG_NO_ALT_CHAINS 0x100000 | ||
| 407 | |||
| 386 | /* Do not check certificate or CRL validity against current time. */ | 408 | /* Do not check certificate or CRL validity against current time. */ |
| 387 | #define X509_V_FLAG_NO_CHECK_TIME 0x200000 | 409 | #define X509_V_FLAG_NO_CHECK_TIME 0x200000 |
| 388 | 410 | ||
| @@ -519,6 +541,10 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, | |||
| 519 | ASN1_OBJECT *policy); | 541 | ASN1_OBJECT *policy); |
| 520 | int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, | 542 | int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, |
| 521 | STACK_OF(ASN1_OBJECT) *policies); | 543 | STACK_OF(ASN1_OBJECT) *policies); |
| 544 | int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, | ||
| 545 | size_t emaillen); | ||
| 546 | int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, | ||
| 547 | size_t iplen); | ||
| 522 | int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); | 548 | int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); |
| 523 | 549 | ||
| 524 | int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); | 550 | int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); |