X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509%2Fx509_lcl.h;h=eb5ae4382ad263bca8d00abc077d4ad37008fec9;hp=a71af342dc199ac2ea64405acced3de2b061a198;hb=6f4d71ff9d5ac80c5ae2a309a487ccbdb360108b;hpb=b3012c698a086937319ed413a113ed7bec1edd1a diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index a71af342dc..eb5ae4382a 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -1,6 +1,7 @@ /* x509_lcl.h */ -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project 2013. +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2013. */ /* ==================================================================== * Copyright (c) 2013 The OpenSSL Project. All rights reserved. @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,16 +57,46 @@ * */ +/* + * This structure holds all parameters associated with a verify operation by + * including an X509_VERIFY_PARAM structure in related structures the + * parameters used can be customized + */ + +struct X509_VERIFY_PARAM_st { + char *name; + time_t check_time; /* Time to use */ + unsigned long inh_flags; /* Inheritance flags */ + unsigned long flags; /* Various verify flags */ + int purpose; /* purpose to check untrusted certificates */ + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + X509_VERIFY_PARAM_ID *id; /* opaque ID data */ +}; + /* internal only structure to hold additional X509_VERIFY_PARAM data */ -struct X509_VERIFY_PARAM_ID_st - { - unsigned char *host; /* If not NULL hostname to match */ - unsigned int hostflags; /* Flags to control matching features */ - unsigned char *email; /* If not NULL email address to match */ - size_t emaillen; - unsigned char *ip; /* If not NULL IP address to match */ - size_t iplen; /* Length of IP address */ - }; +struct X509_VERIFY_PARAM_ID_st { + STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ + unsigned int hostflags; /* Flags to control matching features */ + char *peername; /* Matching hostname in peer certificate */ + char *email; /* If not NULL email address to match */ + size_t emaillen; + unsigned char *ip; /* If not NULL IP address to match */ + size_t iplen; /* Length of IP address */ +}; int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); + +/* a sequence of these are used */ +struct x509_attributes_st { + ASN1_OBJECT *object; + STACK_OF(ASN1_TYPE) *set; +}; + +struct X509_extension_st { + ASN1_OBJECT *object; + ASN1_BOOLEAN critical; + ASN1_OCTET_STRING *value; +};