Initial support for delta CRLs. If "use deltas" flag is set attempt to find

[openssl.git] / crypto / x509v3 / x509v3.h
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h

index 462ac8f47d9724461abe2e61f45306dd07955bc2..22b1b7fe39cade8027d3dbce593b805ae1e31488 100644 (file)
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -220,12 +220,29 @@ union {
         GENERAL_NAMES *fullname;
         STACK_OF(X509_NAME_ENTRY) *relativename;
  } name;
         GENERAL_NAMES *fullname;
         STACK_OF(X509_NAME_ENTRY) *relativename;
  } name;
+/* If relativename then this contains the full distribution point name */
+X509_NAME *dpname;
  } DIST_POINT_NAME;
  } DIST_POINT_NAME;
+/* All existing reasons */
+#define CRLDP_ALL_REASONS      0x807f
+
+#define CRL_REASON_NONE                                -1
+#define CRL_REASON_UNSPECIFIED                 0
+#define CRL_REASON_KEY_COMPROMISE              1
+#define CRL_REASON_CA_COMPROMISE               2
+#define CRL_REASON_AFFILIATION_CHANGED         3
+#define CRL_REASON_SUPERSEDED                  4
+#define CRL_REASON_CESSATION_OF_OPERATION      5
+#define CRL_REASON_CERTIFICATE_HOLD            6
+#define CRL_REASON_REMOVE_FROM_CRL             8
+#define CRL_REASON_PRIVILEGE_WITHDRAWN         9
+#define CRL_REASON_AA_COMPROMISE               10
  
  struct DIST_POINT_st {
  DIST_POINT_NAME        *distpoint;
  ASN1_BIT_STRING *reasons;
  GENERAL_NAMES *CRLissuer;
  
  struct DIST_POINT_st {
  DIST_POINT_NAME        *distpoint;
  ASN1_BIT_STRING *reasons;
  GENERAL_NAMES *CRLissuer;
+int dp_reasons;
  };
  
  typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
  };
  
  typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
@@ -303,10 +320,10 @@ typedef struct GENERAL_SUBTREE_st {
  
  DECLARE_STACK_OF(GENERAL_SUBTREE)
  
  
  DECLARE_STACK_OF(GENERAL_SUBTREE)
  
-typedef struct NAME_CONSTRAINTS_st {
+struct NAME_CONSTRAINTS_st {
         STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
         STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
         STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
         STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
-} NAME_CONSTRAINTS;
+};
  
  typedef struct POLICY_CONSTRAINTS_st {
         ASN1_INTEGER *requireExplicitPolicy;
  
  typedef struct POLICY_CONSTRAINTS_st {
         ASN1_INTEGER *requireExplicitPolicy;
@@ -388,6 +405,8 @@ struct ISSUING_DIST_POINT_st
  #define EXFLAG_NSCERT          0x8
  
  #define EXFLAG_CA              0x10
  #define EXFLAG_NSCERT          0x8
  
  #define EXFLAG_CA              0x10
+/* Really self issued not necessarily self signed */
+#define EXFLAG_SI              0x20
  #define EXFLAG_SS              0x20
  #define EXFLAG_V1              0x40
  #define EXFLAG_INVALID         0x80
  #define EXFLAG_SS              0x20
  #define EXFLAG_V1              0x40
  #define EXFLAG_INVALID         0x80
@@ -395,7 +414,8 @@ struct ISSUING_DIST_POINT_st
  #define EXFLAG_CRITICAL                0x200
  #define EXFLAG_PROXY           0x400
  
  #define EXFLAG_CRITICAL                0x200
  #define EXFLAG_PROXY           0x400
  
-#define EXFLAG_INVALID_POLICY  0x400
+#define EXFLAG_INVALID_POLICY  0x800
+#define EXFLAG_FRESHEST                0x1000
  
  #define KU_DIGITAL_SIGNATURE   0x0080
  #define KU_NON_REPUDIATION     0x0040
  
  #define KU_DIGITAL_SIGNATURE   0x0080
  #define KU_NON_REPUDIATION     0x0040
@@ -543,6 +563,10 @@ DECLARE_ASN1_FUNCTIONS(DIST_POINT)
  DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
  DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
  
  DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
  DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
  
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
+
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
+
  DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
  DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
  
  DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
  DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
  
@@ -661,10 +685,10 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
  void X509_PURPOSE_cleanup(void);
  int X509_PURPOSE_get_id(X509_PURPOSE *);
  
  void X509_PURPOSE_cleanup(void);
  int X509_PURPOSE_get_id(X509_PURPOSE *);
  
-STACK *X509_get1_email(X509 *x);
-STACK *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK *sk);
-STACK *X509_get1_ocsp(X509 *x);
+STACK_OF(STRING) *X509_get1_email(X509 *x);
+STACK_OF(STRING) *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK_OF(STRING) *sk);
+STACK_OF(STRING) *X509_get1_ocsp(X509 *x);
  
  ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
  ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
  
  ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
  ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);