Fixes for new CRL/cert callbacks. Update CRL processing code to use new

[openssl.git] / crypto / x509 / x509_vfy.h

diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 5f49c2a8b7b352355bee30946c61289fae506548..d546cd9767c6454f9bac7c33ce1f60d5461bbb5f 100644 (file)
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -198,6 +198,8 @@ struct x509_store_st
        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+       STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
+       STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
        int (*cleanup)(X509_STORE_CTX *ctx);
 
        CRYPTO_EX_DATA ex_data;
@@ -246,6 +248,8 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
        int (*check_policy)(X509_STORE_CTX *ctx);
+       STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
+       STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
        int (*cleanup)(X509_STORE_CTX *ctx);
 
        /* The following is built up */
@@ -292,7 +296,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define                X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
 #define                X509_V_ERR_CERT_SIGNATURE_FAILURE               7
 #define                X509_V_ERR_CRL_SIGNATURE_FAILURE                8
-#define                X509_V_ERR_CERT_NOT_YET_VALID                   9       
+#define                X509_V_ERR_CERT_NOT_YET_VALID                   9
 #define                X509_V_ERR_CERT_HAS_EXPIRED                     10
 #define                X509_V_ERR_CRL_NOT_YET_VALID                    11
 #define                X509_V_ERR_CRL_HAS_EXPIRED                      12
@@ -323,10 +327,13 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define                X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
 #define                X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
 #define                X509_V_ERR_INVALID_NON_CA                       37
+#define                X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
+#define                X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
+#define                X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
 
-#define                X509_V_ERR_INVALID_EXTENSION                    38
-#define                X509_V_ERR_INVALID_POLICY_EXTENSION             39
-#define                X509_V_ERR_NO_EXPLICIT_POLICY                   40
+#define                X509_V_ERR_INVALID_EXTENSION                    41
+#define                X509_V_ERR_INVALID_POLICY_EXTENSION             42
+#define                X509_V_ERR_NO_EXPLICIT_POLICY                   43
 
 
 /* The application is not happy */
@@ -346,14 +353,16 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define        X509_V_FLAG_IGNORE_CRITICAL             0x10
 /* Disable workarounds for broken certificates */
 #define        X509_V_FLAG_X509_STRICT                 0x20
+/* Enable proxy certificate validation */
+#define        X509_V_FLAG_ALLOW_PROXY_CERTS           0x40
 /* Enable policy checking */
-#define X509_V_FLAG_POLICY_CHECK               0x40
+#define X509_V_FLAG_POLICY_CHECK               0x80
 /* Policy variable require-explicit-policy */
-#define X509_V_FLAG_EXPLICIT_POLICY            0x80
+#define X509_V_FLAG_EXPLICIT_POLICY            0x100
 /* Policy variable inhibit-any-policy */
-#define        X509_V_FLAG_INHIBIT_ANY                 0x100
+#define        X509_V_FLAG_INHIBIT_ANY                 0x200
 /* Policy variable inhibit-policy-mapping */
-#define X509_V_FLAG_INHIBIT_MAP                        0x200
+#define X509_V_FLAG_INHIBIT_MAP                        0x400
 /* Notify callback that policy is OK */
 #define X509_V_FLAG_NOTIFY_POLICY              0x800
 
@@ -378,6 +387,8 @@ void X509_OBJECT_free_contents(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void );
 void X509_STORE_free(X509_STORE *v);
 
+STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
 int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
 int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
 int X509_STORE_set_trust(X509_STORE *ctx, int trust);
@@ -473,6 +484,9 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
                                                const X509_VERIFY_PARAM *from);
 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
 int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                                       unsigned long flags);
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);