Make it possible to check for explicit auxiliary trust

[openssl.git] / include / openssl / x509.h

diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 167aae89b5e8ad26e455622fea312112fc48695a..7581bb4be80b967bec95a379ce10793f3ef710b9 100644 (file)
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1,4 +1,3 @@
-/* crypto/x509/x509.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -65,6 +64,7 @@
 # define HEADER_X509_H
 
 # include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
 # include <openssl/symhacks.h>
 # include <openssl/buffer.h>
 # include <openssl/evp.h>
@@ -77,7 +77,7 @@
 #  include <openssl/ec.h>
 # endif
 
-# ifdef OPENSSL_USE_DEPRECATED
+# if OPENSSL_API_COMPAT < 0x10100000L
 #  ifndef OPENSSL_NO_RSA
 #   include <openssl/rsa.h>
 #  endif
@@ -142,9 +142,9 @@ typedef struct X509_sig_st {
 
 typedef struct X509_name_entry_st X509_NAME_ENTRY;
 
-DECLARE_STACK_OF(X509_NAME_ENTRY)
+DEFINE_STACK_OF(X509_NAME_ENTRY)
 
-DECLARE_STACK_OF(X509_NAME)
+DEFINE_STACK_OF(X509_NAME)
 
 # define X509_EX_V_NETSCAPE_HACK         0x8000
 # define X509_EX_V_INIT                  0x0001
@@ -152,11 +152,11 @@ typedef struct X509_extension_st X509_EXTENSION;
 
 typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
 
-DECLARE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(X509_EXTENSION)
 
 typedef struct x509_attributes_st X509_ATTRIBUTE;
 
-DECLARE_STACK_OF(X509_ATTRIBUTE)
+DEFINE_STACK_OF(X509_ATTRIBUTE)
 
 typedef struct X509_req_info_st X509_REQ_INFO;
 
@@ -166,7 +166,7 @@ typedef struct x509_cert_aux_st X509_CERT_AUX;
 
 typedef struct x509_cinf_st X509_CINF;
 
-DECLARE_STACK_OF(X509)
+DEFINE_STACK_OF(X509)
 
 /* This is used for a table of trust checking functions */
 
@@ -179,7 +179,7 @@ typedef struct x509_trust_st {
     void *arg2;
 } X509_TRUST;
 
-DECLARE_STACK_OF(X509_TRUST)
+DEFINE_STACK_OF(X509_TRUST)
 
 /* standard trust ids */
 
@@ -199,8 +199,9 @@ DECLARE_STACK_OF(X509_TRUST)
 # define X509_TRUST_MAX          8
 
 /* trust_flags values */
-# define X509_TRUST_DYNAMIC      1
-# define X509_TRUST_DYNAMIC_NAME 2
+# define X509_TRUST_DYNAMIC      (1U << 0)
+# define X509_TRUST_DYNAMIC_NAME (1U << 1)
+# define X509_TRUST_NO_SS_COMPAT (1U << 2)
 
 /* check_trust return codes */
 
@@ -285,11 +286,11 @@ DECLARE_STACK_OF(X509_TRUST)
                         XN_FLAG_FN_LN | \
                         XN_FLAG_FN_ALIGN)
 
-DECLARE_STACK_OF(X509_REVOKED)
+DEFINE_STACK_OF(X509_REVOKED)
 
 typedef struct X509_crl_info_st X509_CRL_INFO;
 
-DECLARE_STACK_OF(X509_CRL)
+DEFINE_STACK_OF(X509_CRL)
 
 typedef struct private_key_st {
     int version;
@@ -317,7 +318,7 @@ typedef struct X509_info_st {
     int references;
 } X509_INFO;
 
-DECLARE_STACK_OF(X509_INFO)
+DEFINE_STACK_OF(X509_INFO)
 
 /*
  * The next 2 structures and their 8 routines were sent to me by Pat Richard
@@ -1070,8 +1071,10 @@ void ERR_load_X509_strings(void);
 
 /* Function codes. */
 # define X509_F_ADD_CERT_DIR                              100
+# define X509_F_BUILD_CHAIN                               106
 # define X509_F_BY_FILE_CTRL                              101
 # define X509_F_CHECK_POLICY                              145
+# define X509_F_DANE_I2D                                  107
 # define X509_F_DIR_CTRL                                  102
 # define X509_F_GET_CERT_BY_SUBJECT                       103
 # define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
@@ -1118,6 +1121,7 @@ void ERR_load_X509_strings(void);
 
 /* Reason codes. */
 # define X509_R_AKID_MISMATCH                             110
+# define X509_R_BAD_SELECTOR                              133
 # define X509_R_BAD_X509_FILETYPE                         100
 # define X509_R_BASE64_DECODE_ERROR                       118
 # define X509_R_CANT_CHECK_DH_KEY                         114