summaryrefslogtreecommitdiffstats
path: root/ssl_verify_backend.h
Commit message (Collapse)AuthorAgeFilesLines
* Unified verification function return values:Adriaan de Jong2011-10-221-16/+23
| | | | | | | | | - Now return either SUCCESS or FAILURE. - SUCCESS is defined as 0. Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored (and disabled for PolarSSL) support for writing external cert ↵Adriaan de Jong2011-10-221-3/+1
| | | | | | | | files in scripts Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored X509 track feature to be contained within the openssl backendAdriaan de Jong2011-10-221-5/+33
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Final cleanup before PolarSSL addition:Adriaan de Jong2011-10-221-3/+27
| | | | | | | | | | - Remove stray X509 entries - Remove unnecessary USE_OPENSSL ifdefs - Normalised x509_get_sha1_hash to look similar to x509_get_* functions Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: renamed X509 functions from verify_*Adriaan de Jong2011-10-221-12/+12
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Minor cleanup in verify_cert:Adriaan de Jong2011-10-221-5/+11
| | | | | | | | | | | - Removed envname variable - Removed debug code - Changed ERR_clear_error to tls_clear_error - Changed verify_get_subject to match verify_get_serial more closely Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored CRL checksAdriaan de Jong2011-10-221-0/+14
| | | | | | | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com> Notes: "Doing low-level stuff like verifying CRL issuers and checking serial numbers is something that's better done by the OpenSSL library directly" (James Yonan, code review comment)
* Refactored tls-verify script codeAdriaan de Jong2011-10-221-0/+10
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored EKU verificationAdriaan de Jong2011-10-221-0/+15
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored key usage verification codeAdriaan de Jong2011-10-211-0/+13
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: Netscape certificate type verificationAdriaan de Jong2011-10-211-0/+13
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: separated environment setup during verificationAdriaan de Jong2011-10-211-1/+42
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added function to verify and extract the usernameAdriaan de Jong2011-10-211-0/+16
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Added function to extract and verify the subject from a certificateAdriaan de Jong2011-10-211-0/+18
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: split verify_callback into two partsAdriaan de Jong2011-10-211-0/+15
| | | | | | | | | | - One part is the actual callback, and is OpenSSL-specific - One part, verify_cert(), is called by the callback to process the actual verification Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored certificate hash lock checksAdriaan de Jong2011-10-211-0/+21
| | | | | | Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
* Refactored: Added stubs for new filesAdriaan de Jong2011-10-191-0/+33
Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
generated by cgit (git 2.34.1) at 2024-09-28 19:29:23 +0000