1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef BSSL_PKI_CERT_STATUS_FLAGS_H_
6 #define BSSL_PKI_CERT_STATUS_FLAGS_H_
7
8 #include "fillins/openssl_util.h"
9 #include <stdint.h>
10
11
12
13 namespace bssl {
14
15 // Bitmask of status flags of a certificate, representing any errors, as well as
16 // other non-error status information such as whether the certificate is EV.
17 typedef uint32_t CertStatus;
18
19 // NOTE: Because these names have appeared in bug reports, we preserve them as
20 // MACRO_STYLE for continuity, instead of renaming them to kConstantStyle as
21 // befits most static consts.
22 #define CERT_STATUS_FLAG(label, value) \
23 CertStatus static const CERT_STATUS_##label = value;
24 #include "cert_status_flags_list.h"
25 #undef CERT_STATUS_FLAG
26
27 static const CertStatus CERT_STATUS_ALL_ERRORS = 0xFF00FFFF;
28
29 // Returns true if the specified cert status has an error set.
IsCertStatusError(CertStatus status)30 inline bool IsCertStatusError(CertStatus status) {
31 return (CERT_STATUS_ALL_ERRORS & status) != 0;
32 }
33
34 // Maps a network error code to the equivalent certificate status flag. If
35 // the error code is not a certificate error, it is mapped to 0.
36 // Note: It is not safe to go bssl::CertStatus -> bssl::Error -> bssl::CertStatus,
37 // as the CertStatus contains more information. Conversely, going from
38 // bssl::Error -> bssl::CertStatus -> bssl::Error is not a lossy function, for the
39 // same reason.
40 // To avoid incorrect use, this is only exported for unittest helpers.
41 OPENSSL_EXPORT CertStatus MapNetErrorToCertStatus(int error);
42
43 // Maps the most serious certificate error in the certificate status flags
44 // to the equivalent network error code.
45 OPENSSL_EXPORT int MapCertStatusToNetError(CertStatus cert_status);
46
47 } // namespace net
48
49 #endif // BSSL_PKI_CERT_STATUS_FLAGS_H_
50