diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-30 13:51:16 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-21 14:51:45 +0200 |
commit | 06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa (patch) | |
tree | 84a5685bb717b30e73743b9d81a670f78d0ac878 /ssl_verify.h | |
parent | fe100528c780548c21d664d1c14b37cbfd4c3e0f (diff) | |
download | openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.tar.gz openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.tar.xz openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.zip |
Refactored: Netscape certificate type verification
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify.h')
-rw-r--r-- | ssl_verify.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/ssl_verify.h b/ssl_verify.h index 03a7942..acb27f5 100644 --- a/ssl_verify.h +++ b/ssl_verify.h @@ -215,6 +215,16 @@ void x509_track_add (const struct x509_track **ll_head, const char *name, int ms #endif /* + * Certificate checking for verify_nsCertType + */ +/** Do not perform Netscape certificate type verification */ +#define NS_CERT_CHECK_NONE (0) +/** Do not perform Netscape certificate type verification */ +#define NS_CERT_CHECK_SERVER (1<<0) +/** Do not perform Netscape certificate type verification */ +#define NS_CERT_CHECK_CLIENT (1<<1) + +/* * TODO: document */ #ifdef MANAGEMENT_DEF_AUTH @@ -233,6 +243,8 @@ tls_client_reason (struct tls_multi *multi) } /* TEMP */ +int verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert, + const char *subject, const char *common_name); void verify_cert_set_env(struct env_set *es, x509_cert_t *peer_cert, int cert_depth, const char *subject, const char *common_name, |