Change the order of events so the capabilities of loaded engines can

[openssl.git] / crypto / x509 / x509_vfy.h

diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index e08075e85a5ca4ec622b66ac28db589874e8f77f..f0be21f4525cfc1e47ef3787614f969a3911daf0 100644 (file)
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -155,12 +155,10 @@ typedef struct x509_lookup_method_st
                            X509_OBJECT *ret);
        } X509_LOOKUP_METHOD;
 
-typedef struct x509_store_ctx_st X509_STORE_CTX;
-
 /* This is used to hold everything.  It is used for all certificate
  * validation.  Once we have a certificate chain, the 'verify'
  * function is then called to actually check the cert chain. */
-typedef struct x509_store_st
+struct x509_store_st
        {
        /* The following is a cache of trusted certs */
        int cache;      /* if true, stash any hits */
@@ -190,7 +188,7 @@ typedef struct x509_store_st
        CRYPTO_EX_DATA ex_data;
        int references;
        int depth;              /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
-       }  X509_STORE;
+       } /* X509_STORE */;
 
 #define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
 
@@ -206,7 +204,7 @@ struct x509_lookup_st
        char *method_data;              /* method data */
 
        X509_STORE *store_ctx;  /* who owns us */
-       };
+       } /* X509_LOOKUP */;
 
 /* This is a used when verifying cert chains.  Since the
  * gathering of the cert chain can take some time (and have to be
@@ -250,7 +248,7 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        X509_CRL *current_crl;  /* current CRL */
 
        CRYPTO_EX_DATA ex_data;
-       };
+       } /* X509_STORE_CTX */;
 
 #define X509_STORE_CTX_set_depth(ctx,d)       ((ctx)->depth=(d))
 
@@ -305,6 +303,7 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 #define                X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
 
 #define                X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
+#define                X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
 
 /* The application is not happy */
 #define                X509_V_ERR_APPLICATION_VERIFICATION             50
@@ -315,6 +314,7 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
 #define        X509_V_FLAG_USE_CHECK_TIME              0x2     /* Use check time instead of current time */
 #define        X509_V_FLAG_CRL_CHECK                   0x4     /* Lookup CRLs */
 #define        X509_V_FLAG_CRL_CHECK_ALL               0x8     /* Lookup CRLs for whole chain */
+#define        X509_V_FLAG_IGNORE_CRITICAL             0x10    /* Ignore unhandled critical extensions */
 
 int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
             X509_NAME *name);
@@ -334,7 +334,7 @@ X509_STORE_CTX *X509_STORE_CTX_new(void);
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
                         X509 *x509, STACK_OF(X509) *chain);
 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
@@ -397,6 +397,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
                                int purpose, int trust);
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                 int (*verify_cb)(int, X509_STORE_CTX *));
 
 #ifdef  __cplusplus
 }