New functions to check a hostname email or IP address against a

[openssl.git] / crypto / x509v3 / x509v3.h

diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 0ea97d18d4049ab2711ca8901ab8a1950f63dbcf..23f7091db0b760770f65d17b11976c3359bebf57 100644 (file)
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -128,6 +128,7 @@ void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
 /* Context specific info */
 struct v3_ext_ctx {
 #define CTX_TEST 0x1
+#define X509V3_CTX_REPLACE 0x2
 int flags;
 X509 *issuer_cert;
 X509 *subject_cert;
@@ -414,7 +415,6 @@ struct ISSUING_DIST_POINT_st
 #define EXFLAG_CA              0x10
 /* Really self issued not necessarily self signed */
 #define EXFLAG_SI              0x20
-#define EXFLAG_SS              0x20
 #define EXFLAG_V1              0x40
 #define EXFLAG_INVALID         0x80
 #define EXFLAG_SET             0x100
@@ -423,6 +423,8 @@ struct ISSUING_DIST_POINT_st
 
 #define EXFLAG_INVALID_POLICY  0x800
 #define EXFLAG_FRESHEST                0x1000
+/* Self signed */
+#define EXFLAG_SS              0x2000
 
 #define KU_DIGITAL_SIGNATURE   0x0080
 #define KU_NON_REPUDIATION     0x0040
@@ -451,6 +453,7 @@ struct ISSUING_DIST_POINT_st
 #define XKU_OCSP_SIGN          0x20
 #define XKU_TIMESTAMP          0x40
 #define XKU_DVCS               0x80
+#define XKU_ANYEKU             0x100
 
 #define X509_PURPOSE_DYNAMIC   0x1
 #define X509_PURPOSE_DYNAMIC_NAME      0x2
@@ -693,10 +696,22 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
 void X509_PURPOSE_cleanup(void);
 int X509_PURPOSE_get_id(X509_PURPOSE *);
 
-STACK_OF(STRING) *X509_get1_email(X509 *x);
-STACK_OF(STRING) *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK_OF(STRING) *sk);
-STACK_OF(STRING) *X509_get1_ocsp(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
+/* Flags for X509_check_* functions */
+
+/* Always check subject name for host match even if subject alt names present */
+#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT   0x1
+
+int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
+                                       unsigned int flags);
+int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
+                                       unsigned int flags);
+int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+                                       unsigned int flags);
+int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
 
 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
@@ -951,7 +966,7 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_ILLEGAL_EMPTY_EXTENSION                151
 #define X509V3_R_ILLEGAL_HEX_DIGIT                      113
 #define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG            152
-#define X509V3_R_INVAID_MULTIPLE_RDNS                   161
+#define X509V3_R_INVALID_MULTIPLE_RDNS                  161
 #define X509V3_R_INVALID_ASNUMBER                       162
 #define X509V3_R_INVALID_ASRANGE                        163
 #define X509V3_R_INVALID_BOOLEAN_STRING                         104
@@ -985,9 +1000,9 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_ODD_NUMBER_OF_DIGITS                   112
 #define X509V3_R_OPERATION_NOT_DEFINED                  148
 #define X509V3_R_OTHERNAME_ERROR                        147
-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED       155
+#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED        155
 #define X509V3_R_POLICY_PATH_LENGTH                     156
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED    157
+#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED     157
 #define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED  158
 #define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
 #define X509V3_R_SECTION_NOT_FOUND                      150