diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-07-01 14:40:30 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-22 11:44:36 +0200 |
commit | 725336282db0c9f160d6ef577288e5a628959776 (patch) | |
tree | 9c18a3d6aad53f65371452a56566206275fe4fb3 /ssl_verify_backend.h | |
parent | fceecbab9ddd58ccec28aeafa7be39c65f313458 (diff) | |
download | openvpn-725336282db0c9f160d6ef577288e5a628959776.tar.gz openvpn-725336282db0c9f160d6ef577288e5a628959776.tar.xz openvpn-725336282db0c9f160d6ef577288e5a628959776.zip |
Refactored X509 track feature to be contained within the openssl backend
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify_backend.h')
-rw-r--r-- | ssl_verify_backend.h | 38 |
1 files changed, 33 insertions, 5 deletions
diff --git a/ssl_verify_backend.h b/ssl_verify_backend.h index f3773b3..d526270 100644 --- a/ssl_verify_backend.h +++ b/ssl_verify_backend.h @@ -148,24 +148,52 @@ void x509_free_serial (char *serial); * * X509_{cert_depth}_{name}={value} * - * @param xt * @param es Environment set to save variables in * @param cert_depth Depth of the certificate * @param cert Certificate to set the environment for */ -void x509_setenv_track (const struct x509_track *xt, struct env_set *es, - const int depth, x509_cert_t *x509); +void x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *cert); + +#ifdef ENABLE_X509_TRACK + +/* + * Start tracking the given attribute. + * + * The tracked attributes are stored in ll_head. + * + * @param ll_head The x509_track to store tracked atttributes in + * @param name Name of the attribute to track + * @param msglevel Message level for errors + * @param gc Garbage collection arena for temp data + * + */ +void x509_track_add (const struct x509_track **ll_head, const char *name, + int msglevel, struct gc_arena *gc); /* * Save X509 fields to environment, using the naming convention: * - * X509_{cert_depth}_{name}={value} + * X509_{cert_depth}_{name}={value} + * + * This function differs from setenv_x509 below in the following ways: * + * (1) Only explicitly named attributes in xt are saved, per usage + * of --x509-track program options. + * (2) Only the level 0 cert info is saved unless the XT_FULL_CHAIN + * flag is set in xt->flags (corresponds with prepending a '+' + * to the name when specified by --x509-track program option). + * (3) This function supports both X509 subject name fields as + * well as X509 V3 extensions. + * + * @param xt * @param es Environment set to save variables in * @param cert_depth Depth of the certificate * @param cert Certificate to set the environment for */ -void x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *cert); +void x509_setenv_track (const struct x509_track *xt, struct env_set *es, + const int depth, x509_cert_t *x509); + +#endif /* * Check X.509 Netscape certificate type field, if available. |