X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=apps%2Fapps.h;h=4b11dbca83b528f29e1fc6589aaefa00a7e23cf2;hp=9e66056058b54cf81524da107a4e532e2c643ff0;hb=f47e5647750d4443cbdd7fc2311f838f0f103112;hpb=1bd8bc558d7c0b41286d276e62088d7186bd5c34 diff --git a/apps/apps.h b/apps/apps.h index 9e66056058..4b11dbca83 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -112,6 +112,9 @@ # define HEADER_APPS_H # include "e_os.h" +# if defined(__unix) || defined(__unix__) +# include /* struct timeval for DTLS */ +# endif # include # include @@ -121,16 +124,10 @@ # include # include # include -# ifndef OPENSSL_NO_ENGINE -# include -# endif -# ifndef OPENSSL_NO_OCSP -# include -# endif +# include +# include # include -# ifndef OPENSSL_SYS_NETWARE -# include -# endif +# include # if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) # define openssl_fdset(a,b) FD_SET((unsigned int)a, b) @@ -162,6 +159,7 @@ extern BIO *bio_out; extern BIO *bio_err; BIO *dup_bio_in(int format); BIO *dup_bio_out(int format); +BIO *dup_bio_err(int format); BIO *bio_open_owner(const char *filename, int format, int private); BIO *bio_open_default(const char *filename, char mode, int format); BIO *bio_open_default_quiet(const char *filename, char mode, int format); @@ -185,6 +183,7 @@ void wait_for_async(SSL *s); OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \ OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \ OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \ + OPT_V_VERIFY_AUTH_LEVEL, \ OPT_V__LAST # define OPT_V_OPTIONS \ @@ -192,8 +191,10 @@ void wait_for_async(SSL *s); { "purpose", OPT_V_PURPOSE, 's', \ "certificate chain purpose"}, \ { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \ - { "verify_depth", OPT_V_VERIFY_DEPTH, 'p', \ - "chain depth limit"}, \ + { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \ + "chain depth limit" }, \ + { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \ + "chain authentication security level" }, \ { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \ { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \ "expected peer hostname" }, \ @@ -240,6 +241,7 @@ void wait_for_async(SSL *s); case OPT_V_PURPOSE: \ case OPT_V_VERIFY_NAME: \ case OPT_V_VERIFY_DEPTH: \ + case OPT_V_VERIFY_AUTH_LEVEL: \ case OPT_V_ATTIME: \ case OPT_V_VERIFY_HOSTNAME: \ case OPT_V_VERIFY_EMAIL: \ @@ -408,6 +410,7 @@ typedef struct string_int_pair_st { # define OPT_FMT_HTTP (1L << 9) # define OPT_FMT_PVK (1L << 10) # define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE) +# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) # define OPT_FMT_ANY ( \ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \ @@ -450,6 +453,14 @@ typedef struct args_st { char **argv; } ARGS; +/* + * VMS C only for now, implemented in vms_decc_init.c + * If other C compilers forget to terminate argv with NULL, this function + * can be re-used. + */ +char **copy_argv(int *argc, char *argv[]); + + # define PW_MIN_LENGTH 4 typedef struct pw_cb_data { const void *password; @@ -475,22 +486,33 @@ int set_ext_copy(int *copy_type, const char *arg); int copy_extensions(X509 *x, X509_REQ *req, int copy_type); int app_passwd(char *arg1, char *arg2, char **pass1, char **pass2); int add_oid_section(CONF *conf); -X509 *load_cert(const char *file, int format, - const char *pass, ENGINE *e, const char *cert_descrip); +X509 *load_cert(const char *file, int format, const char *cert_descrip); X509_CRL *load_crl(const char *infile, int format); -int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl); EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip); EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, const char *pass, ENGINE *e, const char *key_descrip); int load_certs(const char *file, STACK_OF(X509) **certs, int format, - const char *pass, ENGINE *e, const char *cert_descrip); + const char *pass, const char *cert_descrip); int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format, - const char *pass, ENGINE *e, const char *cert_descrip); + const char *pass, const char *cert_descrip); X509_STORE *setup_verify(char *CAfile, char *CApath, int noCAfile, int noCApath); -int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath, int noCAfile, int noCApath); +__owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath, int noCAfile, + int noCApath); + +#ifndef OPENSSL_NO_CT + +/* + * Sets the file to load the Certificate Transparency log list from. + * If path is NULL, loads from the default file path. + * Returns 1 on success, 0 otherwise. + */ +__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path); + +#endif + # ifdef OPENSSL_NO_ENGINE # define setup_engine(engine, debug) NULL # else @@ -565,7 +587,7 @@ int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md, extern char *psk_key; # endif -unsigned char *next_protos_parse(unsigned short *outlen, const char *in); +unsigned char *next_protos_parse(size_t *outlen, const char *in); void print_cert_checks(BIO *bio, X509 *x, const char *checkhost, @@ -606,7 +628,6 @@ void store_setup_crl_download(X509_STORE *st); # define SERIAL_RAND_BITS 64 -int app_hex(char); int app_isdir(const char *); int app_access(const char *, int flag); int raw_read_stdin(void *, int);