summaryrefslogtreecommitdiff
path: root/src/openvpn/ssl_verify.h
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-12-27 18:25:47 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-12-27 18:25:47 +0100
commit79f3537f69e125f19f59c36aa090120a63186a54 (patch)
tree2089a3b7dac990841dbc2e4d9b2f535b82dbb0af /src/openvpn/ssl_verify.h
parentf2137fedb30cb87448eb03b2f288920df6187571 (diff)
parent3a2bbdb05ca6a6996e424c9fb225cb0d53804125 (diff)
Merge tag 'upstream/2.4.0'
Upstream version 2.4.0
Diffstat (limited to 'src/openvpn/ssl_verify.h')
-rw-r--r--src/openvpn/ssl_verify.h100
1 files changed, 51 insertions, 49 deletions
diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h
index 98312fd..ffab218 100644
--- a/src/openvpn/ssl_verify.h
+++ b/src/openvpn/ssl_verify.h
@@ -5,8 +5,8 @@
* packet encryption, packet authentication, and
* packet compression.
*
- * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
- * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
+ * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net>
+ * Copyright (C) 2010-2017 Fox Crypto B.V. <openvpn@fox-it.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2
@@ -55,12 +55,12 @@
/** Structure containing the hash for a single certificate */
struct cert_hash {
- unsigned char sha256_hash[256/8];
+ unsigned char sha256_hash[256/8];
};
/** Structure containing the hashes for a full certificate chain */
struct cert_hash_set {
- struct cert_hash *ch[MAX_CERT_DEPTH]; /**< Array of certificate hashes */
+ struct cert_hash *ch[MAX_CERT_DEPTH]; /**< Array of certificate hashes */
};
#define VERIFY_X509_NONE 0
@@ -79,7 +79,7 @@ struct cert_hash_set {
*
* TODO: document this function
*/
-int tls_authentication_status (struct tls_multi *multi, const int latency);
+int tls_authentication_status(struct tls_multi *multi, const int latency);
/** Check whether the \a ks \c key_state is ready to receive data channel
* packets.
@@ -94,46 +94,46 @@ int tls_authentication_status (struct tls_multi *multi, const int latency);
/**
* Remove the given key state's auth control file, if it exists.
*
- * @param ks The key state the remove the file for
+ * @param ks The key state the remove the file for
*/
-void key_state_rm_auth_control_file (struct key_state *ks);
+void key_state_rm_auth_control_file(struct key_state *ks);
/**
* Frees the given set of certificate hashes.
*
- * @param chs The certificate hash set to free.
+ * @param chs The certificate hash set to free.
*/
-void cert_hash_free (struct cert_hash_set *chs);
+void cert_hash_free(struct cert_hash_set *chs);
/**
* Locks the certificate hash set used in the given tunnel
*
- * @param multi The tunnel to lock
+ * @param multi The tunnel to lock
*/
-void tls_lock_cert_hash_set (struct tls_multi *multi);
+void tls_lock_cert_hash_set(struct tls_multi *multi);
/**
* Locks the common name field for the given tunnel
*
- * @param multi The tunnel to lock
+ * @param multi The tunnel to lock
*/
-void tls_lock_common_name (struct tls_multi *multi);
+void tls_lock_common_name(struct tls_multi *multi);
/**
* Returns the common name field for the given tunnel
*
- * @param multi The tunnel to return the common name for
- * @param null Whether null may be returned. If not, "UNDEF" will be returned.
+ * @param multi The tunnel to return the common name for
+ * @param null Whether null may be returned. If not, "UNDEF" will be returned.
*/
-const char *tls_common_name (const struct tls_multi* multi, const bool null);
+const char *tls_common_name(const struct tls_multi *multi, const bool null);
/**
* Returns the username field for the given tunnel
*
- * @param multi The tunnel to return the username for
- * @param null Whether null may be returned. If not, "UNDEF" will be returned.
+ * @param multi The tunnel to return the username for
+ * @param null Whether null may be returned. If not, "UNDEF" will be returned.
*/
-const char *tls_username (const struct tls_multi *multi, const bool null);
+const char *tls_username(const struct tls_multi *multi, const bool null);
/**
* Compares certificates hashes, returns true if hashes are equal.
@@ -141,33 +141,33 @@ const char *tls_username (const struct tls_multi *multi, const bool null);
* @param chs1 cert 1 hash set
* @param chs2 cert 2 hash set
*/
-bool cert_hash_compare (const struct cert_hash_set *chs1, const struct cert_hash_set *chs2);
+bool cert_hash_compare(const struct cert_hash_set *chs1, const struct cert_hash_set *chs2);
#ifdef ENABLE_PF
/**
* Retrieve the given tunnel's common name and its hash value.
*
- * @param multi The tunnel to use
- * @param cn Common name's string
- * @param cn_hash Common name's hash value
+ * @param multi The tunnel to use
+ * @param cn Common name's string
+ * @param cn_hash Common name's hash value
*
* @return true if the common name was set, false otherwise.
*/
static inline bool
-tls_common_name_hash (const struct tls_multi *multi, const char **cn, uint32_t *cn_hash)
+tls_common_name_hash(const struct tls_multi *multi, const char **cn, uint32_t *cn_hash)
{
- if (multi)
+ if (multi)
{
- const struct tls_session *s = &multi->session[TM_ACTIVE];
- if (s->common_name && s->common_name[0] != '\0')
- {
- *cn = s->common_name;
- *cn_hash = s->common_name_hashval;
- return true;
- }
+ const struct tls_session *s = &multi->session[TM_ACTIVE];
+ if (s->common_name && s->common_name[0] != '\0')
+ {
+ *cn = s->common_name;
+ *cn_hash = s->common_name_hashval;
+ return true;
+ }
}
- return false;
+ return false;
}
#endif
@@ -180,32 +180,32 @@ tls_common_name_hash (const struct tls_multi *multi, const char **cn, uint32_t *
* session's primary key state's authenticated field. Authentication may also
* be deferred, in which case the key state's auth_deferred field is filled in.
*
- * @param up The username and password to verify.
- * @param multi The TLS multi structure to verify usernames against.
- * @param session The current TLS session
+ * @param up The username and password to verify.
+ * @param multi The TLS multi structure to verify usernames against.
+ * @param session The current TLS session
*
*/
void verify_user_pass(struct user_pass *up, struct tls_multi *multi,
- struct tls_session *session);
+ struct tls_session *session);
/**
* Perform final authentication checks, including locking of the cn, the allowed
* certificate hashes, and whether a client config entry exists in the
* client config directory.
*
- * @param multi The TLS multi structure to verify locked structures.
- * @param session The current TLS session
+ * @param multi The TLS multi structure to verify locked structures.
+ * @param session The current TLS session
*
*/
void verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session);
struct x509_track
{
- const struct x509_track *next;
- const char *name;
-# define XT_FULL_CHAIN (1<<0)
- unsigned int flags;
- int nid;
+ const struct x509_track *next;
+ const char *name;
+#define XT_FULL_CHAIN (1<<0)
+ unsigned int flags;
+ int nid;
};
/*
@@ -222,17 +222,19 @@ struct x509_track
* TODO: document
*/
#ifdef MANAGEMENT_DEF_AUTH
-bool tls_authenticate_key (struct tls_multi *multi, const unsigned int mda_key_id, const bool auth, const char *client_reason);
-void man_def_auth_set_client_reason (struct tls_multi *multi, const char *client_reason);
+bool tls_authenticate_key(struct tls_multi *multi, const unsigned int mda_key_id, const bool auth, const char *client_reason);
+
+void man_def_auth_set_client_reason(struct tls_multi *multi, const char *client_reason);
+
#endif
static inline const char *
-tls_client_reason (struct tls_multi *multi)
+tls_client_reason(struct tls_multi *multi)
{
#ifdef ENABLE_DEF_AUTH
- return multi->client_reason;
+ return multi->client_reason;
#else
- return NULL;
+ return NULL;
#endif
}