diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-30 11:19:07 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-21 14:51:45 +0200 |
commit | 0a67e4621dea40ff5aa292cebbd271633adbf157 (patch) | |
tree | 5bc55449a5940f3730e2ca3ac7b7c192bb949270 /ssl_verify_backend.h | |
parent | e285cdb0a266fe43c282bc77cda4447d3043fffd (diff) | |
download | openvpn-0a67e4621dea40ff5aa292cebbd271633adbf157.tar.gz openvpn-0a67e4621dea40ff5aa292cebbd271633adbf157.tar.xz openvpn-0a67e4621dea40ff5aa292cebbd271633adbf157.zip |
Refactored: split verify_callback into two parts
- One part is the actual callback, and is OpenSSL-specific
- One part, verify_cert(), is called by the callback to process the actual
verification
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify_backend.h')
-rw-r--r-- | ssl_verify_backend.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ssl_verify_backend.h b/ssl_verify_backend.h index 130256c..232a653 100644 --- a/ssl_verify_backend.h +++ b/ssl_verify_backend.h @@ -38,6 +38,21 @@ */ /* + * Verify certificate for the given session. Performs OpenVPN-specific + * verification. + * + * This function must be called for every certificate in the certificate + * chain during the certificate verification stage of the handshake. + * + * @param session TLS Session associated with this tunnel + * @param cert Certificate to process + * @param cert_depth Depth of the current certificate + * + * @return \c 1 if verification was successful, \c 0 on failure. + */ +int verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth); + +/* * Remember the given certificate hash, allowing the certificate chain to be * locked between sessions. * |