summaryrefslogtreecommitdiffstats
path: root/ssl_verify.h
diff options
context:
space:
mode:
authorAdriaan de Jong <dejong@fox-it.com>2011-06-30 13:51:16 +0200
committerDavid Sommerseth <davids@redhat.com>2011-10-21 14:51:45 +0200
commit06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa (patch)
tree84a5685bb717b30e73743b9d81a670f78d0ac878 /ssl_verify.h
parentfe100528c780548c21d664d1c14b37cbfd4c3e0f (diff)
downloadopenvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.tar.gz
openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.tar.xz
openvpn-06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa.zip
Refactored: Netscape certificate type verification
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify.h')
-rw-r--r--ssl_verify.h12
1 files changed, 12 insertions, 0 deletions
diff --git a/ssl_verify.h b/ssl_verify.h
index 03a7942..acb27f5 100644
--- a/ssl_verify.h
+++ b/ssl_verify.h
@@ -215,6 +215,16 @@ void x509_track_add (const struct x509_track **ll_head, const char *name, int ms
#endif
/*
+ * Certificate checking for verify_nsCertType
+ */
+/** Do not perform Netscape certificate type verification */
+#define NS_CERT_CHECK_NONE (0)
+/** Do not perform Netscape certificate type verification */
+#define NS_CERT_CHECK_SERVER (1<<0)
+/** Do not perform Netscape certificate type verification */
+#define NS_CERT_CHECK_CLIENT (1<<1)
+
+/*
* TODO: document
*/
#ifdef MANAGEMENT_DEF_AUTH
@@ -233,6 +243,8 @@ tls_client_reason (struct tls_multi *multi)
}
/* TEMP */
+int verify_peer_cert(const struct tls_options *opt, x509_cert_t *peer_cert,
+ const char *subject, const char *common_name);
void
verify_cert_set_env(struct env_set *es, x509_cert_t *peer_cert, int cert_depth,
const char *subject, const char *common_name,
generated by cgit (git 2.34.1) at 2024-05-28 22:06:26 +0000