diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-30 10:10:28 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-21 11:55:14 +0200 |
commit | 82f925b60c0f029295975e64d9acabb53c0a5e3c (patch) | |
tree | 6a3e860a83a2af1ed9fcd8dd179d9cb7e0f1b92a /ssl_verify_backend.h | |
parent | 88aaf1aefd91b3704b3b00eeddff3befdefbc2b8 (diff) | |
download | openvpn-82f925b60c0f029295975e64d9acabb53c0a5e3c.tar.gz openvpn-82f925b60c0f029295975e64d9acabb53c0a5e3c.tar.xz openvpn-82f925b60c0f029295975e64d9acabb53c0a5e3c.zip |
Refactored certificate hash lock checks
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify_backend.h')
-rw-r--r-- | ssl_verify_backend.h | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ssl_verify_backend.h b/ssl_verify_backend.h index 9dbfd7f..130256c 100644 --- a/ssl_verify_backend.h +++ b/ssl_verify_backend.h @@ -30,4 +30,25 @@ #ifndef SSL_VERIFY_BACKEND_H_ #define SSL_VERIFY_BACKEND_H_ +/* + * Backend support functions. + * + * The following functions are needed by the backend, but defined in the main + * file. + */ + +/* + * Remember the given certificate hash, allowing the certificate chain to be + * locked between sessions. + * + * Must be called for every certificate in the verification chain, whether it + * is valid or not. + * + * @param session TLS Session associated with this tunnel + * @param cert_depth Depth of the current certificate + * @param sha1_hash Hash of the current certificate + */ +void cert_hash_remember (struct tls_session *session, const int cert_depth, + const unsigned char *sha1_hash); + #endif /* SSL_VERIFY_BACKEND_H_ */ |