perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF.

[openssl.git] / crypto / x509v3 / x509v3.h

diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 84cf46f538634d2016a13dcf3609f1cb6c9582c5..272374e5a2a8626e0e0877262d0a70a0df9cad23 100644 (file)
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -128,6 +128,7 @@ void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
 /* Context specific info */
 struct v3_ext_ctx {
 #define CTX_TEST 0x1
+#define X509V3_CTX_REPLACE 0x2
 int flags;
 X509 *issuer_cert;
 X509 *subject_cert;
@@ -699,6 +700,20 @@ STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
 STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
 void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
 STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
+/* Flags for X509_check_* functions */
+
+/* Always check subject name for host match even if subject alt names present */
+#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT   0x1
+/* Disable wild-card matching for dnsName fields and common name. */
+#define X509_CHECK_FLAG_NO_WILDCARDS   0x2
+
+int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
+                                       unsigned int flags);
+int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
+                                       unsigned int flags);
+int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+                                       unsigned int flags);
+int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
 
 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);