Refactored: renamed X509 functions from verify_*

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

3 files changed, 40 insertions, 40 deletions

diff --git a/ssl_verify.c b/ssl_verify.c
index e82e5c0..804abe7 100644
--- a/ssl_verify.c
+++ b/ssl_verify.c
@@ -338,7 +338,7 @@ verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert,
   /* verify certificate nsCertType */
   if (opt->ns_cert_type != NS_CERT_CHECK_NONE)
     {
-      if (verify_nsCertType (peer_cert, opt->ns_cert_type))
+      if (x509_verify_ns_cert_type (peer_cert, opt->ns_cert_type))
 	{
 	  msg (D_HANDSHAKE, "VERIFY OK: nsCertType=%s",
 	       print_nsCertType (opt->ns_cert_type));
@@ -356,7 +356,7 @@ verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert,
   /* verify certificate ku */
   if (opt->remote_cert_ku[0] != 0)
     {
-      if (verify_cert_ku (peer_cert, opt->remote_cert_ku, MAX_PARMS))
+      if (x509_verify_cert_ku (peer_cert, opt->remote_cert_ku, MAX_PARMS))
 	{
 	  msg (D_HANDSHAKE, "VERIFY KU OK");
 	}
@@ -370,7 +370,7 @@ verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert,
   /* verify certificate eku */
   if (opt->remote_cert_eku != NULL)
     {
-      if (verify_cert_eku (peer_cert, opt->remote_cert_eku))
+      if (x509_verify_cert_eku (peer_cert, opt->remote_cert_eku))
         {
 	  msg (D_HANDSHAKE, "VERIFY EKU OK");
 	}
@@ -414,10 +414,10 @@ verify_cert_set_env(struct env_set *es, x509_cert_t *peer_cert, int cert_depth,
   /* Save X509 fields in environment */
 #ifdef ENABLE_X509_TRACK
   if (x509_track)
-    setenv_x509_track (x509_track, es, cert_depth, peer_cert);
+    x509_setenv_track (x509_track, es, cert_depth, peer_cert);
   else
 #endif
-    setenv_x509 (es, cert_depth, peer_cert);
+    x509_setenv (es, cert_depth, peer_cert);
 
   /* export subject name string as environmental variable */
   openvpn_snprintf (envname, sizeof(envname), "tls_id_%d", cert_depth);
@@ -443,10 +443,10 @@ verify_cert_set_env(struct env_set *es, x509_cert_t *peer_cert, int cert_depth,
   /* export serial number as environmental variable,
      use bignum in case serial number is large */
   {
-    char *serial = verify_get_serial(peer_cert);
+    char *serial = x509_get_serial(peer_cert);
     openvpn_snprintf (envname, sizeof(envname), "tls_serial_%d", cert_depth);
     setenv_str (es, envname, serial);
-    verify_free_serial(serial);
+    x509_free_serial(serial);
   }
 }
 
@@ -500,7 +500,7 @@ verify_cert_call_command(const char *verify_command, struct env_set *es,
   if (verify_export_cert)
     {
       gc = gc_new();
-      if ((tmp_file=write_peer_cert(cert, verify_export_cert,&gc)))
+      if ((tmp_file=x509_write_cert(cert, verify_export_cert,&gc)))
        {
          setenv_str(es, "peer_cert", tmp_file);
        }
@@ -540,24 +540,24 @@ verify_check_crl_dir(const char *crl_dir, X509 *cert)
 {
   char fn[256];
   int fd;
-  char *serial = verify_get_serial(cert);
+  char *serial = x509_get_serial(cert);
 
   if (!openvpn_snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, OS_SPECIFIC_DIRSEP, serial))
     {
       msg (D_HANDSHAKE, "VERIFY CRL: filename overflow");
-      verify_free_serial(serial);
+      x509_free_serial(serial);
       return true;
     }
   fd = open (fn, O_RDONLY);
   if (fd >= 0)
     {
       msg (D_HANDSHAKE, "VERIFY CRL: certificate serial number %s is revoked", serial);
-      verify_free_serial(serial);
+      x509_free_serial(serial);
       close(fd);
       return true;
     }
 
-  verify_free_serial(serial);
+  x509_free_serial(serial);
 
   return false;
 }
@@ -575,7 +575,7 @@ verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth)
   session->verified = false;
 
   /* get the X509 name */
-  subject = verify_get_subject(cert);
+  subject = x509_get_subject(cert);
   if (!subject)
     {
 	msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 "
@@ -588,7 +588,7 @@ verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth)
   string_replace_leading (subject, '-', '_');
 
   /* extract the username (default is CN) */
-  if (verify_get_username (common_name, TLS_USERNAME_LEN, opt->x509_username_field, cert))
+  if (x509_get_username (common_name, TLS_USERNAME_LEN, opt->x509_username_field, cert))
     {
       if (!cert_depth)
 	{
@@ -657,7 +657,7 @@ verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth)
       }
       else
       {
-	if (verify_check_crl(opt->crl_file, cert, subject))
+	if (x509_verify_crl(opt->crl_file, cert, subject))
 	  goto err;
       }
     }
@@ -666,7 +666,7 @@ verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth)
   session->verified = true;
 
  done:
-  verify_free_subject (subject);
+  x509_free_subject (subject);
   return (session->verified == true) ? 1 : 0;
 
  err:
diff --git a/ssl_verify_backend.h b/ssl_verify_backend.h
index ed6e62f..cab847d 100644
--- a/ssl_verify_backend.h
+++ b/ssl_verify_backend.h
@@ -81,14 +81,14 @@ void cert_hash_remember (struct tls_session *session, const int cert_depth,
  *
  * @return 		a string containing the subject
  */
-char *verify_get_subject (X509 *cert);
+char *x509_get_subject (x509_cert_t *cert);
 
 /*
  * Free a subjectnumber string as returned by \c verify_get_subject()
  *
  * @param subject	The subject to be freed.
  */
-void verify_free_subject (char *subject);
+void x509_free_subject (char *subject);
 
 /*
  * Retrieve the certificate's username from the specified field.
@@ -103,7 +103,7 @@ void verify_free_subject (char *subject);
  *
  * @return 		\c 1 on failure, \c 0 on success
  */
-bool verify_get_username (char *common_name, int cn_len,
+bool x509_get_username (char *common_name, int cn_len,
     char * x509_username_field, x509_cert_t *peer_cert);
 
 /*
@@ -116,14 +116,14 @@ bool verify_get_username (char *common_name, int cn_len,
  *
  * @return 		The certificate's serial number.
  */
-char *verify_get_serial (x509_cert_t *cert);
+char *x509_get_serial (x509_cert_t *cert);
 
 /*
  * Free a serial number string as returned by \c verify_get_serial()
  *
  * @param serial	The string to be freed.
  */
-void verify_free_serial (char *serial);
+void x509_free_serial (char *serial);
 
 /*
  * TODO: document
@@ -133,7 +133,7 @@ void verify_free_serial (char *serial);
  * @param cert_depth	Depth of the certificate
  * @param cert		Certificate to set the environment for
  */
-void setenv_x509_track (const struct x509_track *xt, struct env_set *es,
+void x509_setenv_track (const struct x509_track *xt, struct env_set *es,
     const int depth, x509_cert_t *x509);
 
 /*
@@ -145,7 +145,7 @@ void setenv_x509_track (const struct x509_track *xt, struct env_set *es,
  * @param cert_depth	Depth of the certificate
  * @param cert		Certificate to set the environment for
  */
-void setenv_x509 (struct env_set *es, int cert_depth, x509_cert_t *cert);
+void x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *cert);
 
 /*
  * Check X.509 Netscape certificate type field, if available.
@@ -158,7 +158,7 @@ void setenv_x509 (struct env_set *es, int cert_depth, x509_cert_t *cert);
  * 			the expected bit set. \c false if the certificate does
  * 			not have NS cert type verification or the wrong bit set.
  */
-bool verify_nsCertType(const x509_cert_t *cert, const int usage);
+bool x509_verify_ns_cert_type(const x509_cert_t *cert, const int usage);
 
 /*
  * Verify X.509 key usage extension field.
@@ -170,7 +170,7 @@ bool verify_nsCertType(const x509_cert_t *cert, const int usage);
  * @return 		\c true if one of the key usage values matches, \c false
  * 			if key usage is not enabled, or the values do not match.
  */
-bool verify_cert_ku (x509_cert_t *x509, const unsigned * const expected_ku,
+bool x509_verify_cert_ku (x509_cert_t *x509, const unsigned * const expected_ku,
     int expected_len);
 
 /*
@@ -186,7 +186,7 @@ bool verify_cert_ku (x509_cert_t *x509, const unsigned * const expected_ku,
  * 			extended key usage fields, \c false if extended key
  * 			usage is not enabled, or the values do not match.
  */
-bool verify_cert_eku (x509_cert_t *x509, const char * const expected_oid);
+bool x509_verify_cert_eku (x509_cert_t *x509, const char * const expected_oid);
 
 /*
  * Store the given certificate in pem format in a temporary file in tmp_dir
@@ -195,7 +195,7 @@ bool verify_cert_eku (x509_cert_t *x509, const char * const expected_oid);
  * @param tmp_dir	Temporary directory to store the directory
  * @param gc		gc_arena to store temporary objects in
  */
-const char *write_peer_cert(x509_cert_t *cert, const char *tmp_dir,
+const char *x509_write_cert(x509_cert_t *cert, const char *tmp_dir,
     struct gc_arena *gc);
 
 /*
@@ -209,7 +209,7 @@ const char *write_peer_cert(x509_cert_t *cert, const char *tmp_dir,
  * 			certificate or does not contain an entry for it.
  * 			\c 0 otherwise.
  */
-bool verify_check_crl(const char *crl_file, x509_cert_t *cert,
+bool x509_verify_crl(const char *crl_file, x509_cert_t *cert,
     const char *subject);
 
 #endif /* SSL_VERIFY_BACKEND_H_ */
diff --git a/ssl_verify_openssl.c b/ssl_verify_openssl.c
index a1b25d0..f6d27b1 100644
--- a/ssl_verify_openssl.c
+++ b/ssl_verify_openssl.c
@@ -183,7 +183,7 @@ extract_x509_field_ssl (X509_NAME *x509, const char *field_name, char *out,
 }
 
 bool
-verify_get_username (char *common_name, int cn_len,
+x509_get_username (char *common_name, int cn_len,
     char * x509_username_field, X509 *peer_cert)
 {
 #ifdef ENABLE_X509ALTUSERNAME
@@ -201,7 +201,7 @@ verify_get_username (char *common_name, int cn_len,
 }
 
 char *
-verify_get_serial (x509_cert_t *cert)
+x509_get_serial (x509_cert_t *cert)
 {
   ASN1_INTEGER *asn1_i;
   BIGNUM *bignum;
@@ -216,20 +216,20 @@ verify_get_serial (x509_cert_t *cert)
 }
 
 void
-verify_free_serial (char *serial)
+x509_free_serial (char *serial)
 {
   if (serial)
     OPENSSL_free(serial);
 }
 
 char *
-verify_get_subject (X509 *cert)
+x509_get_subject (X509 *cert)
 {
   return X509_NAME_oneline (X509_get_subject_name (cert), NULL, 0);
 }
 
 void
-verify_free_subject (char *subject)
+x509_free_subject (char *subject)
 {
   if (subject)
     OPENSSL_free(subject);
@@ -272,7 +272,7 @@ do_setenv_x509 (struct env_set *es, const char *name, char *value, int depth)
 }
 
 void
-setenv_x509_track (const struct x509_track *xt, struct env_set *es, const int depth, X509 *x509)
+x509_setenv_track (const struct x509_track *xt, struct env_set *es, const int depth, X509 *x509)
 {
   X509_NAME *x509_name = X509_get_subject_name (x509);
   const char nullc = '\0';
@@ -335,7 +335,7 @@ setenv_x509_track (const struct x509_track *xt, struct env_set *es, const int de
  *  X509_{cert_depth}_{name}={value}
  */
 void
-setenv_x509 (struct env_set *es, int cert_depth, x509_cert_t *peer_cert)
+x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *peer_cert)
 {
   int i, n;
   int fn_nid;
@@ -383,7 +383,7 @@ setenv_x509 (struct env_set *es, int cert_depth, x509_cert_t *peer_cert)
 }
 
 bool
-verify_nsCertType(const x509_cert_t *peer_cert, const int usage)
+x509_verify_ns_cert_type(const x509_cert_t *peer_cert, const int usage)
 {
   if (usage == NS_CERT_CHECK_NONE)
     return true;
@@ -400,7 +400,7 @@ verify_nsCertType(const x509_cert_t *peer_cert, const int usage)
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
 
 bool
-verify_cert_ku (X509 *x509, const unsigned * const expected_ku,
+x509_verify_cert_ku (X509 *x509, const unsigned * const expected_ku,
     int expected_len)
 {
   ASN1_BIT_STRING *ku = NULL;
@@ -450,7 +450,7 @@ verify_cert_ku (X509 *x509, const unsigned * const expected_ku,
 }
 
 bool
-verify_cert_eku (X509 *x509, const char * const expected_oid)
+x509_verify_cert_eku (X509 *x509, const char * const expected_oid)
 {
   EXTENDED_KEY_USAGE *eku = NULL;
   bool fFound = false;
@@ -494,7 +494,7 @@ verify_cert_eku (X509 *x509, const char * const expected_oid)
 }
 
 const char *
-write_peer_cert(X509 *peercert, const char *tmp_dir, struct gc_arena *gc)
+x509_write_cert(X509 *peercert, const char *tmp_dir, struct gc_arena *gc)
 {
   FILE *peercert_file;
   const char *peercert_filename="";
@@ -529,7 +529,7 @@ write_peer_cert(X509 *peercert, const char *tmp_dir, struct gc_arena *gc)
  * check peer cert against CRL
  */
 bool
-verify_check_crl(const char *crl_file, X509 *peer_cert, const char *subject)
+x509_verify_crl(const char *crl_file, X509 *peer_cert, const char *subject)
 {
   X509_CRL *crl=NULL;
   X509_REVOKED *revoked;