1 files changed, 36 insertions, 1 deletions
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 6cc3d0d6f8..3929cb848e 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.38 2016/09/13 13:40:58 tedu Exp $ */
+/* $OpenBSD: tls.h,v 1.39 2016/11/02 15:18:42 beck Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -41,6 +41,31 @@ extern "C" {
 #define TLS_WANT_POLLIN         -2
 #define TLS_WANT_POLLOUT        -3
+/* RFC 6960 Section 2.3 */
+#define TLS_OCSP_RESPONSE_SUCCESSFUL            0
+#define TLS_OCSP_RESPONSE_MALFORMED             1
+#define TLS_OCSP_RESPONSE_INTERNALERROR         2
+#define TLS_OCSP_RESPONSE_TRYLATER              3
+#define TLS_OCSP_RESPONSE_SIGREQUIRED           4
+#define TLS_OCSP_RESPONSE_UNAUTHORIZED          5
+/* RFC 6960 Section 2.2 */
+#define TLS_OCSP_CERT_GOOD                      0
+#define TLS_OCSP_CERT_REVOKED                   1
+#define TLS_OCSP_CERT_UNKNOWN                   2
+/* RFC 5280 Section 5.3.1 */
+#define TLS_CRL_REASON_UNSPECIFIED              0
+#define TLS_CRL_REASON_KEY_COMPROMISE           1
+#define TLS_CRL_REASON_CA_COMPROMISE            2
+#define TLS_CRL_REASON_AFFILIATION_CHANGED      3
+#define TLS_CRL_REASON_SUPERSEDED               4
+#define TLS_CRL_REASON_CESSATION_OF_OPERATION   5
+#define TLS_CRL_REASON_CERTIFICATE_HOLD         6
+#define TLS_CRL_REASON_REMOVE_FROM_CRL          8
+#define TLS_CRL_REASON_PRIVILEGE_WITHDRAWN      9
+#define TLS_CRL_REASON_AA_COMPROMISE            10
 struct tls;
 struct tls_config;
@@ -138,6 +163,16 @@ const char *tls_conn_version(struct tls *_ctx);
 uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
+int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response, size_t _size);
+int tls_peer_ocsp_cert_status(struct tls *_ctx);
+int tls_peer_ocsp_crl_reason(struct tls *_ctx);
+time_t tls_peer_ocsp_next_update(struct tls *_ctx);
+int tls_peer_ocsp_response_status(struct tls *_ctx);
+const char *tls_peer_ocsp_result(struct tls *_ctx);
+time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
+time_t tls_peer_ocsp_this_update(struct tls *_ctx);
+const char *tls_peer_ocsp_url(struct tls *_ctx);
 #ifdef __cplusplus
 }
 #endif

diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h index 6cc3d0d6f8..3929cb848e 100644 --- a/src/lib/libtls/tls.h +++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls.h,v 1.38 2016/09/13 13:40:58 tedu Exp $ */	1	/* $OpenBSD: tls.h,v 1.39 2016/11/02 15:18:42 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -41,6 +41,31 @@ extern "C" {
41	#define TLS_WANT_POLLIN -2	41	#define TLS_WANT_POLLIN -2
42	#define TLS_WANT_POLLOUT -3	42	#define TLS_WANT_POLLOUT -3
43		43
		44	/* RFC 6960 Section 2.3 */
		45	#define TLS_OCSP_RESPONSE_SUCCESSFUL 0
		46	#define TLS_OCSP_RESPONSE_MALFORMED 1
		47	#define TLS_OCSP_RESPONSE_INTERNALERROR 2
		48	#define TLS_OCSP_RESPONSE_TRYLATER 3
		49	#define TLS_OCSP_RESPONSE_SIGREQUIRED 4
		50	#define TLS_OCSP_RESPONSE_UNAUTHORIZED 5
		51
		52	/* RFC 6960 Section 2.2 */
		53	#define TLS_OCSP_CERT_GOOD 0
		54	#define TLS_OCSP_CERT_REVOKED 1
		55	#define TLS_OCSP_CERT_UNKNOWN 2
		56
		57	/* RFC 5280 Section 5.3.1 */
		58	#define TLS_CRL_REASON_UNSPECIFIED 0
		59	#define TLS_CRL_REASON_KEY_COMPROMISE 1
		60	#define TLS_CRL_REASON_CA_COMPROMISE 2
		61	#define TLS_CRL_REASON_AFFILIATION_CHANGED 3
		62	#define TLS_CRL_REASON_SUPERSEDED 4
		63	#define TLS_CRL_REASON_CESSATION_OF_OPERATION 5
		64	#define TLS_CRL_REASON_CERTIFICATE_HOLD 6
		65	#define TLS_CRL_REASON_REMOVE_FROM_CRL 8
		66	#define TLS_CRL_REASON_PRIVILEGE_WITHDRAWN 9
		67	#define TLS_CRL_REASON_AA_COMPROMISE 10
		68
44	struct tls;	69	struct tls;
45	struct tls_config;	70	struct tls_config;
46		71
@@ -138,6 +163,16 @@ const char tls_conn_version(struct tls _ctx);
138		163
139	uint8_t tls_load_file(const char _file, size_t _len, char _password);	164	uint8_t tls_load_file(const char _file, size_t _len, char _password);
140		165
		166	int tls_ocsp_process_response(struct tls _ctx, const unsigned char _response, size_t _size);
		167	int tls_peer_ocsp_cert_status(struct tls *_ctx);
		168	int tls_peer_ocsp_crl_reason(struct tls *_ctx);
		169	time_t tls_peer_ocsp_next_update(struct tls *_ctx);
		170	int tls_peer_ocsp_response_status(struct tls *_ctx);
		171	const char tls_peer_ocsp_result(struct tls _ctx);
		172	time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
		173	time_t tls_peer_ocsp_this_update(struct tls *_ctx);
		174	const char tls_peer_ocsp_url(struct tls _ctx);
		175
141	#ifdef __cplusplus	176	#ifdef __cplusplus
142	}	177	}
143	#endif	178	#endif