* [including the GNU Public Licence.]
*/
+#ifndef HEADER_X509_H
+#include <openssl/x509.h>
+/* openssl/x509.h ends up #include-ing this file at about the only
+ * appropriate moment. */
+#endif
+
#ifndef HEADER_X509_VFY_H
#define HEADER_X509_VFY_H
extern "C" {
#endif
-#include "bio.h"
-#include "crypto.h"
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
/* Outer object */
typedef struct x509_hash_dir_st
} data;
} X509_OBJECT;
+typedef struct x509_lookup_st X509_LOOKUP;
+
/* This is a static that defines the function interface */
typedef struct x509_lookup_method_st
{
- char *name;
- int (*new_item)();
- void (*free)();
- int (*init)(/* meth, char ** */);
- int (*shutdown)( /* meth, char ** */);
- int (*ctrl)( /* meth, char **, int cmd, char *argp, int argi */);
- int (*get_by_subject)(/* meth, char **, XNAME *, X509 **ret */);
- int (*get_by_issuer_serial)();
- int (*get_by_fingerprint)();
- int (*get_by_alias)();
+ const char *name;
+ int (*new_item)(X509_LOOKUP *ctx);
+ void (*free)(X509_LOOKUP *ctx);
+ int (*init)(X509_LOOKUP *ctx);
+ int (*shutdown)(X509_LOOKUP *ctx);
+ int (*ctrl)(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret);
+ int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
+ X509_OBJECT *ret);
+ int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
+ ASN1_INTEGER *serial,X509_OBJECT *ret);
+ int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
+ unsigned char *bytes,int len,
+ X509_OBJECT *ret);
+ int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
+ X509_OBJECT *ret);
} X509_LOOKUP_METHOD;
+typedef struct x509_store_state_st X509_STORE_CTX;
+
/* This is used to hold everything. It is used for all certificate
* validation. Once we have a certificate chain, the 'verify'
* function is then called to actually check the cert chain. */
/* These are external lookup methods */
STACK *get_cert_methods;/* X509_LOOKUP */
- int (*verify)(); /* called to verify a certificate */
- int (*verify_cb)(); /* error callback */
+ int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
+ int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
CRYPTO_EX_DATA ex_data;
int references;
#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
/* This is the functions plus an instance of the local variables. */
-typedef struct x509_lookup_st
+struct x509_lookup_st
{
int init; /* have we been started */
int skip; /* don't use us. */
char *method_data; /* method data */
X509_STORE *store_ctx; /* who owns us */
- } X509_LOOKUP;
+ };
/* This is a temporary used when processing cert chains. Since the
* gathering of the cert chain can take some time (and have to be
* 'retried', this needs to be kept and passed around. */
-typedef struct x509_store_state_st
+struct x509_store_state_st
{
X509_STORE *ctx;
int current_method; /* used when looking up certs */
/* The following are set by the caller */
X509 *cert; /* The cert to check */
- STACK *untrusted; /* chain of X509s - untrusted - passed in */
+ STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
/* The following is built up */
int depth; /* how far to go looking up certs */
X509 *current_cert;
CRYPTO_EX_DATA ex_data;
- } X509_STORE_CTX;
+ };
#define X509_STORE_CTX_set_app_data(ctx,data) \
X509_STORE_CTX_set_ex_data(ctx,0,data)
void X509_STORE_free(X509_STORE *v);
void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
- X509 *x509, STACK *chain);
+ X509 *x509, STACK_OF(X509) *chain);
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret);
#ifndef NO_STDIO
-int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type);
-int X509_load_crl_file(X509_LOOKUP *ctx, char *file, int type);
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
#endif
-void X509v3_cleanup_extensions(void );
-int X509v3_add_extension(X509_EXTENSION_METHOD *x);
-int X509v3_add_netscape_extensions(void );
-int X509v3_add_standard_extensions(void );
X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
void X509_LOOKUP_free(X509_LOOKUP *ctx);
int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)());
-int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,char *data);
-char * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
+void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
STACK * X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
-void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK /* X509 */ *sk);
+void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
#else
int X509_load_crl_file();
#endif
-void X509v3_cleanup_extensions();
-int X509v3_add_extension();
-int X509v3_add_netscape_extensions();
-int X509v3_add_standard_extensions();
-
X509_LOOKUP *X509_LOOKUP_new();
void X509_LOOKUP_free();
int X509_LOOKUP_init();
int X509_STORE_CTX_get_ex_new_index();
int X509_STORE_CTX_set_ex_data();
-char * X509_STORE_CTX_get_ex_data();
+void * X509_STORE_CTX_get_ex_data();
int X509_STORE_CTX_get_error();
void X509_STORE_CTX_set_error();
int X509_STORE_CTX_get_error_depth();