diff options
| author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2011-01-25 13:00:33 +0100 |
|---|---|---|
| committer | Marc-André Lureau <marcandre.lureau@redhat.com> | 2011-05-03 16:49:56 +0200 |
| commit | c16b1a924b161d8031193fc375be8e2773f8d0c1 (patch) | |
| tree | 26a41f42b07e4fd7cde15e2ebc697f74995a9cef /common/ssl_verify.h | |
| parent | 2b78b4968a514262d532626d7aee78ad4a481fd2 (diff) | |
| download | spice-c16b1a924b161d8031193fc375be8e2773f8d0c1.tar.gz spice-c16b1a924b161d8031193fc375be8e2773f8d0c1.tar.xz spice-c16b1a924b161d8031193fc375be8e2773f8d0c1.zip | |
common: add ssl_verify.c common code
Code adapter from RedPeer::ssl_verify_callback() and used by
spice-gtk.
Since v1:
- fixed Makefile.am
- added config.h include
- autoconf alloca added in patch series
- moved int escape inside for loop
- added a failed case when missing assignment
- replaced strlen () by -1
- skip spaces after comma
- c++ guards
I didn't use bool, because openSSL uses int, and it is more future
proof for error reporting.
Diffstat (limited to 'common/ssl_verify.h')
| -rw-r--r-- | common/ssl_verify.h | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/common/ssl_verify.h b/common/ssl_verify.h new file mode 100644 index 00000000..f0b97d85 --- /dev/null +++ b/common/ssl_verify.h @@ -0,0 +1,60 @@ +/* -*- Mode: C; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +/* + Copyright (C) 2011 Red Hat, Inc. + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef SSL_VERIFY_H +#define SSL_VERIFY_H + +#include <openssl/rsa.h> +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/ssl.h> +#include <openssl/err.h> +#include <openssl/x509v3.h> + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + SPICE_SSL_VERIFY_OP_NONE = 0, + SPICE_SSL_VERIFY_OP_PUBKEY = (1 << 0), + SPICE_SSL_VERIFY_OP_HOSTNAME = (1 << 1), + SPICE_SSL_VERIFY_OP_SUBJECT = (1 << 2), +} SPICE_SSL_VERIFY_OP; + +typedef struct { + SSL *ssl; + SPICE_SSL_VERIFY_OP verifyop; + int all_preverify_ok; + char *hostname; + char *pubkey; + size_t pubkey_size; + char *subject; + X509_NAME *in_subject; +} SpiceOpenSSLVerify; + +SpiceOpenSSLVerify* spice_openssl_verify_new(SSL *ssl, SPICE_SSL_VERIFY_OP verifyop, + const char *hostname, + const char *pubkey, size_t pubkey_size, + const char *subject); +void spice_openssl_verify_free(SpiceOpenSSLVerify* verify); + +#ifdef __cplusplus +} +#endif // __cplusplus +#endif // SSL_VERIFY_H |