-/* x509v3.h */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 1999.
typedef struct v3_ext_method X509V3_EXT_METHOD;
-DECLARE_STACK_OF(X509V3_EXT_METHOD)
+DEFINE_STACK_OF(X509V3_EXT_METHOD)
/* ext_flags values */
# define X509V3_EXT_DYNAMIC 0x1
} d;
} GENERAL_NAME;
-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
-
typedef struct ACCESS_DESCRIPTION_st {
ASN1_OBJECT *method;
GENERAL_NAME *location;
typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
-DECLARE_STACK_OF(GENERAL_NAME)
+typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
-DECLARE_STACK_OF(ACCESS_DESCRIPTION)
+DEFINE_STACK_OF(GENERAL_NAME)
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
+DEFINE_STACK_OF(GENERAL_NAMES)
+
+DEFINE_STACK_OF(ACCESS_DESCRIPTION)
typedef struct DIST_POINT_NAME_st {
int type;
typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
-DECLARE_STACK_OF(DIST_POINT)
+DEFINE_STACK_OF(DIST_POINT)
struct AUTHORITY_KEYID_st {
ASN1_OCTET_STRING *keyid;
ASN1_OCTET_STRING *user;
} SXNETID;
-DECLARE_STACK_OF(SXNETID)
+DEFINE_STACK_OF(SXNETID)
typedef struct SXNET_st {
ASN1_INTEGER *version;
} d;
} POLICYQUALINFO;
-DECLARE_STACK_OF(POLICYQUALINFO)
+DEFINE_STACK_OF(POLICYQUALINFO)
typedef struct POLICYINFO_st {
ASN1_OBJECT *policyid;
typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
-DECLARE_STACK_OF(POLICYINFO)
+DEFINE_STACK_OF(POLICYINFO)
typedef struct POLICY_MAPPING_st {
ASN1_OBJECT *issuerDomainPolicy;
ASN1_OBJECT *subjectDomainPolicy;
} POLICY_MAPPING;
-DECLARE_STACK_OF(POLICY_MAPPING)
+DEFINE_STACK_OF(POLICY_MAPPING)
typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
ASN1_INTEGER *maximum;
} GENERAL_SUBTREE;
-DECLARE_STACK_OF(GENERAL_SUBTREE)
+DEFINE_STACK_OF(GENERAL_SUBTREE)
struct NAME_CONSTRAINTS_st {
STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
# define X509V3_ADD_DELETE 5L
# define X509V3_ADD_SILENT 0x10
-DECLARE_STACK_OF(X509_PURPOSE)
+DEFINE_STACK_OF(X509_PURPOSE)
DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a);
+DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
+
DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
DECLARE_ASN1_FUNCTIONS(POLICYINFO)
DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
char *hex_to_string(const unsigned char *buffer, long len);
unsigned char *string_to_hex(const char *str, long *len);
-int name_cmp(const char *name, const char *cmp);
void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
int ml);
int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
int indent);
+#ifndef OPENSSL_NO_STDIO
int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
+#endif
int X509V3_extensions_print(BIO *out, char *title,
STACK_OF(X509_EXTENSION) *exts,
unsigned long flag, int indent);
# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
/* Constraint verifier subdomain patterns to match a single labels. */
# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
+/* Never check the subject CN */
+# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
/*
* Match reference identifiers starting with "." to any sub-domain.
* This is a non-public flag, turned on implicitly when the subject
unsigned long chtype);
void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
-DECLARE_STACK_OF(X509_POLICY_NODE)
+DEFINE_STACK_OF(X509_POLICY_NODE)
#ifndef OPENSSL_NO_RFC3779
typedef struct ASRange_st {
} ASIdOrRange;
typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
-DECLARE_STACK_OF(ASIdOrRange)
+DEFINE_STACK_OF(ASIdOrRange)
# define ASIdentifierChoice_inherit 0
# define ASIdentifierChoice_asIdsOrRanges 1
} IPAddressOrRange;
typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
-DECLARE_STACK_OF(IPAddressOrRange)
+DEFINE_STACK_OF(IPAddressOrRange)
# define IPAddressChoice_inherit 0
# define IPAddressChoice_addressesOrRanges 1
} IPAddressFamily;
typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
-DECLARE_STACK_OF(IPAddressFamily)
+DEFINE_STACK_OF(IPAddressFamily)
DECLARE_ASN1_FUNCTIONS(IPAddressRange)
DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
* since some of the encodings (particularly for IP address prefixes
* and ranges) are a bit tedious to work with directly.
*/
-int v3_asid_add_inherit(ASIdentifiers *asid, int which);
-int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
- ASN1_INTEGER *min, ASN1_INTEGER *max);
-int v3_addr_add_inherit(IPAddrBlocks *addr,
- const unsigned afi, const unsigned *safi);
-int v3_addr_add_prefix(IPAddrBlocks *addr,
- const unsigned afi, const unsigned *safi,
- unsigned char *a, const int prefixlen);
-int v3_addr_add_range(IPAddrBlocks *addr,
- const unsigned afi, const unsigned *safi,
- unsigned char *min, unsigned char *max);
-unsigned v3_addr_get_afi(const IPAddressFamily *f);
-int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
- unsigned char *min, unsigned char *max,
- const int length);
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
+ ASN1_INTEGER *min, ASN1_INTEGER *max);
+int X509v3_addr_add_inherit(IPAddrBlocks *addr,
+ const unsigned afi, const unsigned *safi);
+int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+ const unsigned afi, const unsigned *safi,
+ unsigned char *a, const int prefixlen);
+int X509v3_addr_add_range(IPAddrBlocks *addr,
+ const unsigned afi, const unsigned *safi,
+ unsigned char *min, unsigned char *max);
+unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
+int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
+ unsigned char *min, unsigned char *max,
+ const int length);
/*
* Canonical forms.
*/
-int v3_asid_is_canonical(ASIdentifiers *asid);
-int v3_addr_is_canonical(IPAddrBlocks *addr);
-int v3_asid_canonize(ASIdentifiers *asid);
-int v3_addr_canonize(IPAddrBlocks *addr);
+int X509v3_asid_is_canonical(ASIdentifiers *asid);
+int X509v3_addr_is_canonical(IPAddrBlocks *addr);
+int X509v3_asid_canonize(ASIdentifiers *asid);
+int X509v3_addr_canonize(IPAddrBlocks *addr);
/*
* Tests for inheritance and containment.
*/
-int v3_asid_inherits(ASIdentifiers *asid);
-int v3_addr_inherits(IPAddrBlocks *addr);
-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
+int X509v3_asid_inherits(ASIdentifiers *asid);
+int X509v3_addr_inherits(IPAddrBlocks *addr);
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
/*
* Check whether RFC 3779 extensions nest properly in chains.
*/
-int v3_asid_validate_path(X509_STORE_CTX *);
-int v3_addr_validate_path(X509_STORE_CTX *);
-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
- ASIdentifiers *ext, int allow_inheritance);
-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
- IPAddrBlocks *ext, int allow_inheritance);
+int X509v3_asid_validate_path(X509_STORE_CTX *);
+int X509v3_addr_validate_path(X509_STORE_CTX *);
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+ ASIdentifiers *ext,
+ int allow_inheritance);
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+ IPAddrBlocks *ext, int allow_inheritance);
#endif /* OPENSSL_NO_RFC3779 */
+
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes
/* Function codes. */
# define X509V3_F_A2I_GENERAL_NAME 164
+# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166
# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161
# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162
# define X509V3_F_COPY_EMAIL 122
# define X509V3_F_V2I_POLICY_CONSTRAINTS 146
# define X509V3_F_V2I_POLICY_MAPPINGS 145
# define X509V3_F_V2I_SUBJECT_ALT 154
+# define X509V3_F_V2I_TLS_FEATURE 165
# define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160
# define X509V3_F_V3_GENERIC_EXTENSION 116
# define X509V3_F_X509V3_ADD1_I2D 140
# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151
# define X509V3_R_ILLEGAL_HEX_DIGIT 113
# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152
-# define X509V3_R_INVALID_MULTIPLE_RDNS 161
# define X509V3_R_INVALID_ASNUMBER 162
# define X509V3_R_INVALID_ASRANGE 163
# define X509V3_R_INVALID_BOOLEAN_STRING 104
# define X509V3_R_INVALID_EXTENSION_STRING 105
# define X509V3_R_INVALID_INHERITANCE 165
# define X509V3_R_INVALID_IPADDRESS 166
+# define X509V3_R_INVALID_MULTIPLE_RDNS 161
# define X509V3_R_INVALID_NAME 106
# define X509V3_R_INVALID_NULL_ARGUMENT 107
# define X509V3_R_INVALID_NULL_NAME 108