Add support for CRLs partitioned by reason code.

[openssl.git] / crypto / x509v3 / x509v3.h
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h

index 4881d676019ccf684addd305e993b5d27d1e5176..c824cf01f30ee664207fc3247fbae0241e8da54c 100644 (file)
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -220,12 +220,17 @@ union {
         GENERAL_NAMES *fullname;
         STACK_OF(X509_NAME_ENTRY) *relativename;
  } name;
+/* If relativename then this contains the full distribution point name */
+X509_NAME *dpname;
  } DIST_POINT_NAME;
+/* All existing reasons */
+#define CRLDP_ALL_REASONS      0x807f
  
  struct DIST_POINT_st {
  DIST_POINT_NAME        *distpoint;
  ASN1_BIT_STRING *reasons;
  GENERAL_NAMES *CRLissuer;
+int dp_reasons;
  };
  
  typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
@@ -303,10 +308,10 @@ typedef struct GENERAL_SUBTREE_st {
  
  DECLARE_STACK_OF(GENERAL_SUBTREE)
  
-typedef struct NAME_CONSTRAINTS_st {
+struct NAME_CONSTRAINTS_st {
         STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
         STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
-} NAME_CONSTRAINTS;
+};
  
  typedef struct POLICY_CONSTRAINTS_st {
         ASN1_INTEGER *requireExplicitPolicy;
@@ -388,6 +393,8 @@ struct ISSUING_DIST_POINT_st
  #define EXFLAG_NSCERT          0x8
  
  #define EXFLAG_CA              0x10
+/* Really self issued not necessarily self signed */
+#define EXFLAG_SI              0x20
  #define EXFLAG_SS              0x20
  #define EXFLAG_V1              0x40
  #define EXFLAG_INVALID         0x80
@@ -519,6 +526,12 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
  DECLARE_ASN1_FUNCTIONS(OTHERNAME)
  DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
  int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
+void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype);
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                               ASN1_OBJECT *oid, ASN1_TYPE *value);
+int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, 
+                               ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
  
  char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
  ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
@@ -537,6 +550,10 @@ DECLARE_ASN1_FUNCTIONS(DIST_POINT)
  DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
  DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
  
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
+
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
+
  DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
  DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
  
@@ -553,6 +570,10 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
  DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
  DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
  
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
+                               X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                               int gen_type, char *value, int is_nc);
+
  #ifdef HEADER_CONF_H
  GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                                                         CONF_VALUE *cnf);
@@ -567,18 +588,23 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
  int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
  int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
  
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                                   int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                               char *name, char *value);
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                       char *section, X509 *cert);
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                           char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                           char *section, X509_CRL *crl);
  
  int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-                                               STACK_OF(CONF_VALUE) **extlist);
+                            STACK_OF(CONF_VALUE) **extlist);
  int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
  int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
  void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
  #endif
  
  char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
@@ -616,8 +642,8 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
  X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
  int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
  
-char *hex_to_string(unsigned char *buffer, long len);
-unsigned char *string_to_hex(char *str, long *len);
+char *hex_to_string(const unsigned char *buffer, long len);
+unsigned char *string_to_hex(const char *str, long *len);
  int name_cmp(const char *name, const char *cmp);
  
  void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
@@ -646,9 +672,10 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
  void X509_PURPOSE_cleanup(void);
  int X509_PURPOSE_get_id(X509_PURPOSE *);
  
-STACK *X509_get1_email(X509 *x);
-STACK *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK *sk);
+STACK_OF(STRING) *X509_get1_email(X509 *x);
+STACK_OF(STRING) *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK_OF(STRING) *sk);
+STACK_OF(STRING) *X509_get1_ocsp(X509 *x);
  
  ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
  ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
@@ -657,6 +684,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
                                                 unsigned long chtype);
  
  void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
+DECLARE_STACK_OF(X509_POLICY_NODE)
  
  #ifndef OPENSSL_NO_RFC3779
  
@@ -816,6 +844,7 @@ void ERR_load_X509V3_strings(void);
  /* Error codes for the X509V3 functions. */
  
  /* Function codes. */
+#define X509V3_F_A2I_GENERAL_NAME                       164
  #define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE            161
  #define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL        162
  #define X509V3_F_COPY_EMAIL                             122
@@ -948,6 +977,7 @@ void ERR_load_X509V3_strings(void);
  #define X509V3_R_UNKNOWN_EXTENSION_NAME                         130
  #define X509V3_R_UNKNOWN_OPTION                                 120
  #define X509V3_R_UNSUPPORTED_OPTION                     117
+#define X509V3_R_UNSUPPORTED_TYPE                       167
  #define X509V3_R_USER_TOO_LONG                          132
  
  #ifdef  __cplusplus