Make it possible for external code to flag a certificate as a proxy one.

[openssl.git] / include / openssl / x509v3.h

diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 29b7194f265e57ab1ced26345f564228c23627a7..b37f52bcabaf9a2888bd0c998a36407c3c86a6a9 100644 (file)
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -18,12 +18,6 @@
 extern "C" {
 #endif
 
-# ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#  undef X509_NAME
-#  undef X509_EXTENSIONS
-# endif
-
 /* Forward reference */
 struct v3_ext_method;
 struct v3_ext_ctx;
@@ -530,6 +524,7 @@ DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
 int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
 
 int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc);
 
 DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
 DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
@@ -549,7 +544,7 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
 
 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
                                const X509V3_EXT_METHOD *method,
-                               X509V3_CTX *ctx, int gen_type, 
+                               X509V3_CTX *ctx, int gen_type,
                                const char *value, int is_nc);
 
 # ifdef HEADER_CONF_H
@@ -654,6 +649,7 @@ int X509_supported_extension(X509_EXTENSION *ex);
 int X509_PURPOSE_set(int *p, int purpose);
 int X509_check_issued(X509 *issuer, X509 *subject);
 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
+void X509_set_proxy_flag(X509 *x);
 
 uint32_t X509_get_extension_flags(X509 *x);
 uint32_t X509_get_key_usage(X509 *x);
@@ -868,7 +864,7 @@ int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
  * made after this point may be overwritten when the script is next run.
  */
 
-void ERR_load_X509V3_strings(void);
+int ERR_load_X509V3_strings(void);
 
 /* Error codes for the X509V3 functions. */