From 82f925b60c0f029295975e64d9acabb53c0a5e3c Mon Sep 17 00:00:00 2001
From: Adriaan de Jong <dejong@fox-it.com>
Date: Thu, 30 Jun 2011 10:10:28 +0200
Subject: Refactored certificate hash lock checks

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
---
 ssl_verify_backend.h | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'ssl_verify_backend.h')

diff --git a/ssl_verify_backend.h b/ssl_verify_backend.h
index 9dbfd7f..130256c 100644
--- a/ssl_verify_backend.h
+++ b/ssl_verify_backend.h
@@ -30,4 +30,25 @@
 #ifndef SSL_VERIFY_BACKEND_H_
 #define SSL_VERIFY_BACKEND_H_
 
+/*
+ * Backend support functions.
+ *
+ * The following functions are needed by the backend, but defined in the main
+ * file.
+ */
+
+/*
+ * Remember the given certificate hash, allowing the certificate chain to be
+ * locked between sessions.
+ *
+ * Must be called for every certificate in the verification chain, whether it
+ * is valid or not.
+ *
+ * @param session	TLS Session associated with this tunnel
+ * @param cert_depth	Depth of the current certificate
+ * @param sha1_hash	Hash of the current certificate
+ */
+void cert_hash_remember (struct tls_session *session, const int cert_depth,
+    const unsigned char *sha1_hash);
+
 #endif /* SSL_VERIFY_BACKEND_H_ */
-- 
cgit