diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-28 16:22:40 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-21 14:51:45 +0200 |
commit | 530af3efa38bd4e1044e5982f1970f5d772dbb48 (patch) | |
tree | 5628dedbeba9d56660c0b15d6d7940a252d739fe /ssl_verify.h | |
parent | 82f925b60c0f029295975e64d9acabb53c0a5e3c (diff) | |
download | openvpn-530af3efa38bd4e1044e5982f1970f5d772dbb48.tar.gz openvpn-530af3efa38bd4e1044e5982f1970f5d772dbb48.tar.xz openvpn-530af3efa38bd4e1044e5982f1970f5d772dbb48.zip |
Refactored common name locking functions
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify.h')
-rw-r--r-- | ssl_verify.h | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/ssl_verify.h b/ssl_verify.h index 4440acd..b76a16a 100644 --- a/ssl_verify.h +++ b/ssl_verify.h @@ -73,6 +73,52 @@ void cert_hash_free (struct cert_hash_set *chs); void tls_lock_cert_hash_set (struct tls_multi *multi); /** + * Locks the common name field for the given tunnel + * + * @param multi The tunnel to lock + */ +void tls_lock_common_name (struct tls_multi *multi); + +/** + * Returns the common name field for the given tunnel + * + * @param multi The tunnel to return the common name for + * @param null Whether null may be returned. If not, "UNDEF" will be returned. + */ +const char *tls_common_name (const struct tls_multi* multi, const bool null); + +void tls_set_common_name (struct tls_multi *multi, const char *common_name); + +#ifdef ENABLE_PF + +/** + * Retrieve the given tunnel's common name and its hash value. + * + * @param multi The tunnel to use + * @param cn Common name's string + * @param cn_hash Common name's hash value + * + * @return true if the common name was set, false otherwise. + */ +static inline bool +tls_common_name_hash (const struct tls_multi *multi, const char **cn, uint32_t *cn_hash) +{ + if (multi) + { + const struct tls_session *s = &multi->session[TM_ACTIVE]; + if (s->common_name && s->common_name[0] != '\0') + { + *cn = s->common_name; + *cn_hash = s->common_name_hashval; + return true; + } + } + return false; +} + +#endif + +/** * Perform final authentication checks, including locking of the cn, the allowed * certificate hashes, and whether a client config entry exists in the * client config directory. |