diff options
| author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-30 14:55:53 +0200 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2011-10-22 11:32:40 +0200 |
| commit | 83c49a3ef135141101b71037f315099d32219bbf (patch) | |
| tree | 26ce904090bb6892d39ef1ad552fc5497b7218b9 /ssl_verify.h | |
| parent | 3e44ea55339429ede83857c9e79cc218d6bc297f (diff) | |
| download | openvpn-83c49a3ef135141101b71037f315099d32219bbf.tar.gz openvpn-83c49a3ef135141101b71037f315099d32219bbf.tar.xz openvpn-83c49a3ef135141101b71037f315099d32219bbf.zip | |
Refactored CRL checks
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Notes
Notes:
"Doing low-level stuff like verifying CRL issuers and checking serial numbers
is something that's better done by the OpenSSL library directly"
(James Yonan, code review comment)
Diffstat (limited to 'ssl_verify.h')
| -rw-r--r-- | ssl_verify.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ssl_verify.h b/ssl_verify.h index 5be2627..7e53513 100644 --- a/ssl_verify.h +++ b/ssl_verify.h @@ -253,6 +253,7 @@ int verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *e int cert_depth, x509_cert_t *cert, char *subject); int verify_cert_call_command(const char *verify_command, struct env_set *es, int cert_depth, x509_cert_t *cert, char *subject, const char *verify_export_cert); +bool verify_check_crl_dir(const char *crl_dir, X509 *cert); #endif /* SSL_VERIFY_H_ */ |