1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] 56 */ 57 58 #ifndef HEADER_X509_H 59 #include <openssl/x509.h> 60 // openssl/x509.h ends up #include-ing this file at about the only 61 // appropriate moment. 62 #endif 63 64 #ifndef HEADER_X509_VFY_H 65 #define HEADER_X509_VFY_H 66 67 #include <openssl/thread.h> 68 69 #ifdef __cplusplus 70 extern "C" { 71 #endif 72 73 // Legacy X.509 library. 74 // 75 // This header is part of OpenSSL's X.509 implementation. It is retained for 76 // compatibility but otherwise underdocumented and not actively maintained. In 77 // the future, a replacement library will be available. Meanwhile, minimize 78 // dependencies on this header where possible. 79 80 81 /* 82 SSL_CTX -> X509_STORE 83 -> X509_LOOKUP 84 ->X509_LOOKUP_METHOD 85 -> X509_LOOKUP 86 ->X509_LOOKUP_METHOD 87 88 SSL -> X509_STORE_CTX 89 ->X509_STORE 90 91 The X509_STORE holds the tables etc for verification stuff. 92 A X509_STORE_CTX is used while validating a single certificate. 93 The X509_STORE has X509_LOOKUPs for looking up certs. 94 The X509_STORE then calls a function to actually verify the 95 certificate chain. 96 */ 97 98 #define X509_LU_X509 1 99 #define X509_LU_CRL 2 100 #define X509_LU_PKEY 3 101 102 DEFINE_STACK_OF(X509_LOOKUP) 103 DEFINE_STACK_OF(X509_OBJECT) 104 DEFINE_STACK_OF(X509_VERIFY_PARAM) 105 106 typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); 107 typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); 108 typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx, 109 X509 *x); 110 typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, X509 *x, 111 X509 *issuer); 112 typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); 113 typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, X509_CRL **crl, 114 X509 *x); 115 typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); 116 typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl, 117 X509 *x); 118 typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); 119 typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, 120 X509_NAME *nm); 121 typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)( 122 X509_STORE_CTX *ctx, X509_NAME *nm); 123 typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); 124 125 OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth); 126 127 OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); 128 129 #define X509_STORE_CTX_set_app_data(ctx, data) \ 130 X509_STORE_CTX_set_ex_data(ctx, 0, data) 131 #define X509_STORE_CTX_get_app_data(ctx) X509_STORE_CTX_get_ex_data(ctx, 0) 132 133 #define X509_L_FILE_LOAD 1 134 #define X509_L_ADD_DIR 2 135 136 #define X509_LOOKUP_load_file(x, name, type) \ 137 X509_LOOKUP_ctrl((x), X509_L_FILE_LOAD, (name), (long)(type), NULL) 138 139 #define X509_LOOKUP_add_dir(x, name, type) \ 140 X509_LOOKUP_ctrl((x), X509_L_ADD_DIR, (name), (long)(type), NULL) 141 142 #define X509_V_OK 0 143 #define X509_V_ERR_UNSPECIFIED 1 144 145 #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 146 #define X509_V_ERR_UNABLE_TO_GET_CRL 3 147 #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 148 #define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 149 #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 150 #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 151 #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 152 #define X509_V_ERR_CERT_NOT_YET_VALID 9 153 #define X509_V_ERR_CERT_HAS_EXPIRED 10 154 #define X509_V_ERR_CRL_NOT_YET_VALID 11 155 #define X509_V_ERR_CRL_HAS_EXPIRED 12 156 #define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 157 #define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 158 #define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 159 #define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 160 #define X509_V_ERR_OUT_OF_MEM 17 161 #define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 162 #define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 163 #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 164 #define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 165 #define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 166 #define X509_V_ERR_CERT_REVOKED 23 167 #define X509_V_ERR_INVALID_CA 24 168 #define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 169 #define X509_V_ERR_INVALID_PURPOSE 26 170 #define X509_V_ERR_CERT_UNTRUSTED 27 171 #define X509_V_ERR_CERT_REJECTED 28 172 // These are 'informational' when looking for issuer cert 173 #define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 174 #define X509_V_ERR_AKID_SKID_MISMATCH 30 175 #define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 176 #define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 177 178 #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 179 #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 180 #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 181 #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 182 #define X509_V_ERR_INVALID_NON_CA 37 183 #define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 184 #define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 185 #define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 186 187 #define X509_V_ERR_INVALID_EXTENSION 41 188 #define X509_V_ERR_INVALID_POLICY_EXTENSION 42 189 #define X509_V_ERR_NO_EXPLICIT_POLICY 43 190 #define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 191 #define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 192 193 #define X509_V_ERR_UNNESTED_RESOURCE 46 194 195 #define X509_V_ERR_PERMITTED_VIOLATION 47 196 #define X509_V_ERR_EXCLUDED_VIOLATION 48 197 #define X509_V_ERR_SUBTREE_MINMAX 49 198 #define X509_V_ERR_APPLICATION_VERIFICATION 50 199 #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 200 #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 201 #define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 202 #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 203 204 // Suite B mode algorithm violation 205 #define X509_V_ERR_SUITE_B_INVALID_VERSION 56 206 #define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 207 #define X509_V_ERR_SUITE_B_INVALID_CURVE 58 208 #define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 209 #define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 210 #define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 211 212 // Host, email and IP check errors 213 #define X509_V_ERR_HOSTNAME_MISMATCH 62 214 #define X509_V_ERR_EMAIL_MISMATCH 63 215 #define X509_V_ERR_IP_ADDRESS_MISMATCH 64 216 217 // Caller error 218 #define X509_V_ERR_INVALID_CALL 65 219 // Issuer lookup error 220 #define X509_V_ERR_STORE_LOOKUP 66 221 222 #define X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS 67 223 224 // Certificate verify flags 225 226 // Send issuer+subject checks to verify_cb 227 #define X509_V_FLAG_CB_ISSUER_CHECK 0x1 228 // Use check time instead of current time 229 #define X509_V_FLAG_USE_CHECK_TIME 0x2 230 // Lookup CRLs 231 #define X509_V_FLAG_CRL_CHECK 0x4 232 // Lookup CRLs for whole chain 233 #define X509_V_FLAG_CRL_CHECK_ALL 0x8 234 // Ignore unhandled critical extensions 235 #define X509_V_FLAG_IGNORE_CRITICAL 0x10 236 // Does nothing as its functionality has been enabled by default. 237 #define X509_V_FLAG_X509_STRICT 0x00 238 // Enable proxy certificate validation 239 #define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 240 // Enable policy checking 241 #define X509_V_FLAG_POLICY_CHECK 0x80 242 // Policy variable require-explicit-policy 243 #define X509_V_FLAG_EXPLICIT_POLICY 0x100 244 // Policy variable inhibit-any-policy 245 #define X509_V_FLAG_INHIBIT_ANY 0x200 246 // Policy variable inhibit-policy-mapping 247 #define X509_V_FLAG_INHIBIT_MAP 0x400 248 // Notify callback that policy is OK 249 #define X509_V_FLAG_NOTIFY_POLICY 0x800 250 // Extended CRL features such as indirect CRLs, alternate CRL signing keys 251 #define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 252 // Delta CRL support 253 #define X509_V_FLAG_USE_DELTAS 0x2000 254 // Check selfsigned CA signature 255 #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 256 // Use trusted store first 257 #define X509_V_FLAG_TRUSTED_FIRST 0x8000 258 // Suite B 128 bit only mode: not normally used 259 #define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000 260 // Suite B 192 bit only mode 261 #define X509_V_FLAG_SUITEB_192_LOS 0x20000 262 // Suite B 128 bit mode allowing 192 bit algorithms 263 #define X509_V_FLAG_SUITEB_128_LOS 0x30000 264 265 // Allow partial chains if at least one certificate is in trusted store 266 #define X509_V_FLAG_PARTIAL_CHAIN 0x80000 267 268 // If the initial chain is not trusted, do not attempt to build an alternative 269 // chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag 270 // will force the behaviour to match that of previous versions. 271 #define X509_V_FLAG_NO_ALT_CHAINS 0x100000 272 273 #define X509_VP_FLAG_DEFAULT 0x1 274 #define X509_VP_FLAG_OVERWRITE 0x2 275 #define X509_VP_FLAG_RESET_FLAGS 0x4 276 #define X509_VP_FLAG_LOCKED 0x8 277 #define X509_VP_FLAG_ONCE 0x10 278 279 // Internal use: mask of policy related options 280 #define X509_V_FLAG_POLICY_MASK \ 281 (X509_V_FLAG_POLICY_CHECK | X509_V_FLAG_EXPLICIT_POLICY | \ 282 X509_V_FLAG_INHIBIT_ANY | X509_V_FLAG_INHIBIT_MAP) 283 284 OPENSSL_EXPORT int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, 285 int type, X509_NAME *name); 286 OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject( 287 STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name); 288 OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, 289 X509_OBJECT *x); 290 OPENSSL_EXPORT int X509_OBJECT_up_ref_count(X509_OBJECT *a); 291 OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a); 292 OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *a); 293 OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); 294 OPENSSL_EXPORT X509_STORE *X509_STORE_new(void); 295 OPENSSL_EXPORT int X509_STORE_up_ref(X509_STORE *store); 296 OPENSSL_EXPORT void X509_STORE_free(X509_STORE *v); 297 298 OPENSSL_EXPORT STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st); 299 OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, 300 X509_NAME *nm); 301 OPENSSL_EXPORT STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, 302 X509_NAME *nm); 303 OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); 304 OPENSSL_EXPORT int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); 305 OPENSSL_EXPORT int X509_STORE_set_trust(X509_STORE *ctx, int trust); 306 OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *ctx, 307 X509_VERIFY_PARAM *pm); 308 OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); 309 // X509_STORE_set0_additional_untrusted sets a stack of additional, untrusted 310 // certificates that are available for chain building. This function does not 311 // take ownership of the stack. 312 OPENSSL_EXPORT void X509_STORE_set0_additional_untrusted( 313 X509_STORE *ctx, STACK_OF(X509) *untrusted); 314 315 OPENSSL_EXPORT void X509_STORE_set_verify(X509_STORE *ctx, 316 X509_STORE_CTX_verify_fn verify); 317 #define X509_STORE_set_verify_func(ctx, func) \ 318 X509_STORE_set_verify((ctx), (func)) 319 OPENSSL_EXPORT void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, 320 X509_STORE_CTX_verify_fn verify); 321 OPENSSL_EXPORT X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); 322 OPENSSL_EXPORT void X509_STORE_set_verify_cb( 323 X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb); 324 #define X509_STORE_set_verify_cb_func(ctx, func) \ 325 X509_STORE_set_verify_cb((ctx), (func)) 326 OPENSSL_EXPORT X509_STORE_CTX_verify_cb 327 X509_STORE_get_verify_cb(X509_STORE *ctx); 328 OPENSSL_EXPORT void X509_STORE_set_get_issuer( 329 X509_STORE *ctx, X509_STORE_CTX_get_issuer_fn get_issuer); 330 OPENSSL_EXPORT X509_STORE_CTX_get_issuer_fn 331 X509_STORE_get_get_issuer(X509_STORE *ctx); 332 OPENSSL_EXPORT void X509_STORE_set_check_issued( 333 X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued); 334 OPENSSL_EXPORT X509_STORE_CTX_check_issued_fn 335 X509_STORE_get_check_issued(X509_STORE *ctx); 336 OPENSSL_EXPORT void X509_STORE_set_check_revocation( 337 X509_STORE *ctx, X509_STORE_CTX_check_revocation_fn check_revocation); 338 OPENSSL_EXPORT X509_STORE_CTX_check_revocation_fn 339 X509_STORE_get_check_revocation(X509_STORE *ctx); 340 OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *ctx, 341 X509_STORE_CTX_get_crl_fn get_crl); 342 OPENSSL_EXPORT X509_STORE_CTX_get_crl_fn 343 X509_STORE_get_get_crl(X509_STORE *ctx); 344 OPENSSL_EXPORT void X509_STORE_set_check_crl( 345 X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl); 346 OPENSSL_EXPORT X509_STORE_CTX_check_crl_fn 347 X509_STORE_get_check_crl(X509_STORE *ctx); 348 OPENSSL_EXPORT void X509_STORE_set_cert_crl( 349 X509_STORE *ctx, X509_STORE_CTX_cert_crl_fn cert_crl); 350 OPENSSL_EXPORT X509_STORE_CTX_cert_crl_fn 351 X509_STORE_get_cert_crl(X509_STORE *ctx); 352 OPENSSL_EXPORT void X509_STORE_set_lookup_certs( 353 X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs); 354 OPENSSL_EXPORT X509_STORE_CTX_lookup_certs_fn 355 X509_STORE_get_lookup_certs(X509_STORE *ctx); 356 OPENSSL_EXPORT void X509_STORE_set_lookup_crls( 357 X509_STORE *ctx, X509_STORE_CTX_lookup_crls_fn lookup_crls); 358 #define X509_STORE_set_lookup_crls_cb(ctx, func) \ 359 X509_STORE_set_lookup_crls((ctx), (func)) 360 OPENSSL_EXPORT X509_STORE_CTX_lookup_crls_fn 361 X509_STORE_get_lookup_crls(X509_STORE *ctx); 362 OPENSSL_EXPORT void X509_STORE_set_cleanup(X509_STORE *ctx, 363 X509_STORE_CTX_cleanup_fn cleanup); 364 OPENSSL_EXPORT X509_STORE_CTX_cleanup_fn 365 X509_STORE_get_cleanup(X509_STORE *ctx); 366 367 368 OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void); 369 370 OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer, 371 X509_STORE_CTX *ctx, X509 *x); 372 373 OPENSSL_EXPORT void X509_STORE_CTX_zero(X509_STORE_CTX *ctx); 374 OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx); 375 OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, 376 X509 *x509, STACK_OF(X509) *chain); 377 OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, 378 STACK_OF(X509) *sk); 379 OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); 380 381 OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); 382 OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); 383 384 OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, 385 X509_LOOKUP_METHOD *m); 386 387 OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); 388 OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void); 389 390 OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); 391 OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); 392 393 OPENSSL_EXPORT int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, 394 X509_NAME *name, X509_OBJECT *ret); 395 396 OPENSSL_EXPORT int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, 397 long argl, char **ret); 398 399 #ifndef OPENSSL_NO_STDIO 400 OPENSSL_EXPORT int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, 401 int type); 402 OPENSSL_EXPORT int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, 403 int type); 404 OPENSSL_EXPORT int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, 405 int type); 406 #endif 407 408 409 OPENSSL_EXPORT X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); 410 OPENSSL_EXPORT void X509_LOOKUP_free(X509_LOOKUP *ctx); 411 OPENSSL_EXPORT int X509_LOOKUP_init(X509_LOOKUP *ctx); 412 OPENSSL_EXPORT int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, 413 X509_NAME *name, X509_OBJECT *ret); 414 OPENSSL_EXPORT int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, 415 X509_NAME *name, 416 ASN1_INTEGER *serial, 417 X509_OBJECT *ret); 418 OPENSSL_EXPORT int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, 419 unsigned char *bytes, int len, 420 X509_OBJECT *ret); 421 OPENSSL_EXPORT int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, 422 int len, X509_OBJECT *ret); 423 OPENSSL_EXPORT int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); 424 425 #ifndef OPENSSL_NO_STDIO 426 OPENSSL_EXPORT int X509_STORE_load_locations(X509_STORE *ctx, const char *file, 427 const char *dir); 428 OPENSSL_EXPORT int X509_STORE_set_default_paths(X509_STORE *ctx); 429 #endif 430 431 OPENSSL_EXPORT int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, 432 CRYPTO_EX_unused *unused, 433 CRYPTO_EX_dup *dup_unused, 434 CRYPTO_EX_free *free_func); 435 OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, 436 void *data); 437 OPENSSL_EXPORT void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); 438 OPENSSL_EXPORT int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); 439 OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); 440 OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); 441 OPENSSL_EXPORT X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); 442 OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); 443 OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); 444 OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx( 445 X509_STORE_CTX *ctx); 446 OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); 447 OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); 448 OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); 449 OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); 450 OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, 451 STACK_OF(X509) *sk); 452 OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_untrusted( 453 X509_STORE_CTX *ctx); 454 OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, 455 STACK_OF(X509_CRL) *sk); 456 OPENSSL_EXPORT int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); 457 OPENSSL_EXPORT int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); 458 OPENSSL_EXPORT int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, 459 int def_purpose, int purpose, 460 int trust); 461 OPENSSL_EXPORT void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, 462 unsigned long flags); 463 OPENSSL_EXPORT void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, 464 unsigned long flags, time_t t); 465 OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb( 466 X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); 467 468 OPENSSL_EXPORT X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree( 469 X509_STORE_CTX *ctx); 470 OPENSSL_EXPORT int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); 471 472 OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param( 473 X509_STORE_CTX *ctx); 474 OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, 475 X509_VERIFY_PARAM *param); 476 OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, 477 const char *name); 478 479 // X509_VERIFY_PARAM functions 480 481 OPENSSL_EXPORT X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); 482 OPENSSL_EXPORT void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); 483 OPENSSL_EXPORT int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, 484 const X509_VERIFY_PARAM *from); 485 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, 486 const X509_VERIFY_PARAM *from); 487 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, 488 const char *name); 489 OPENSSL_EXPORT int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, 490 unsigned long flags); 491 OPENSSL_EXPORT int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, 492 unsigned long flags); 493 OPENSSL_EXPORT unsigned long X509_VERIFY_PARAM_get_flags( 494 X509_VERIFY_PARAM *param); 495 OPENSSL_EXPORT int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, 496 int purpose); 497 OPENSSL_EXPORT int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, 498 int trust); 499 OPENSSL_EXPORT void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, 500 int depth); 501 OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, 502 time_t t); 503 OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, 504 ASN1_OBJECT *policy); 505 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies( 506 X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies); 507 508 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, 509 const char *name, 510 size_t namelen); 511 OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, 512 const char *name, 513 size_t namelen); 514 OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, 515 unsigned int flags); 516 OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); 517 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, 518 const char *email, 519 size_t emaillen); 520 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, 521 const unsigned char *ip, 522 size_t iplen); 523 OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, 524 const char *ipasc); 525 526 OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); 527 OPENSSL_EXPORT const char *X509_VERIFY_PARAM_get0_name( 528 const X509_VERIFY_PARAM *param); 529 530 OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); 531 OPENSSL_EXPORT int X509_VERIFY_PARAM_get_count(void); 532 OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); 533 OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup( 534 const char *name); 535 OPENSSL_EXPORT void X509_VERIFY_PARAM_table_cleanup(void); 536 537 OPENSSL_EXPORT int X509_policy_check(X509_POLICY_TREE **ptree, 538 int *pexplicit_policy, 539 STACK_OF(X509) *certs, 540 STACK_OF(ASN1_OBJECT) *policy_oids, 541 unsigned int flags); 542 543 OPENSSL_EXPORT void X509_policy_tree_free(X509_POLICY_TREE *tree); 544 545 OPENSSL_EXPORT int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); 546 OPENSSL_EXPORT X509_POLICY_LEVEL *X509_policy_tree_get0_level( 547 const X509_POLICY_TREE *tree, int i); 548 549 OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies( 550 const X509_POLICY_TREE *tree); 551 552 OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies( 553 const X509_POLICY_TREE *tree); 554 555 OPENSSL_EXPORT int X509_policy_level_node_count(X509_POLICY_LEVEL *level); 556 557 OPENSSL_EXPORT X509_POLICY_NODE *X509_policy_level_get0_node( 558 X509_POLICY_LEVEL *level, int i); 559 560 OPENSSL_EXPORT const ASN1_OBJECT *X509_policy_node_get0_policy( 561 const X509_POLICY_NODE *node); 562 563 OPENSSL_EXPORT STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers( 564 const X509_POLICY_NODE *node); 565 OPENSSL_EXPORT const X509_POLICY_NODE *X509_policy_node_get0_parent( 566 const X509_POLICY_NODE *node); 567 568 #ifdef __cplusplus 569 } 570 #endif 571 #endif 572