From 0a67e4621dea40ff5aa292cebbd271633adbf157 Mon Sep 17 00:00:00 2001
From: Adriaan de Jong <dejong@fox-it.com>
Date: Thu, 30 Jun 2011 11:19:07 +0200
Subject: Refactored: split verify_callback into two parts

 - One part is the actual callback, and is OpenSSL-specific
 - One part, verify_cert(), is called by the callback to process the actual
   verification

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
---
 ssl_verify_backend.h | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'ssl_verify_backend.h')

diff --git a/ssl_verify_backend.h b/ssl_verify_backend.h
index 130256c..232a653 100644
--- a/ssl_verify_backend.h
+++ b/ssl_verify_backend.h
@@ -37,6 +37,21 @@
  * file.
  */
 
+/*
+ * Verify certificate for the given session. Performs OpenVPN-specific
+ * verification.
+ *
+ * This function must be called for every certificate in the certificate
+ * chain during the certificate verification stage of the handshake.
+ *
+ * @param session	TLS Session associated with this tunnel
+ * @param cert		Certificate to process
+ * @param cert_depth	Depth of the current certificate
+ *
+ * @return 		\c 1 if verification was successful, \c 0 on failure.
+ */
+int verify_cert(struct tls_session *session, x509_cert_t *cert, int cert_depth);
+
 /*
  * Remember the given certificate hash, allowing the certificate chain to be
  * locked between sessions.
-- 
cgit