summaryrefslogtreecommitdiff
path: root/src/openvpn/ssl_verify.h
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2017-06-22 13:16:46 +0200
committerAlberto Gonzalez Iniesta <agi@inittab.org>2017-06-22 13:16:46 +0200
commit766cdd4b4d1fcb31addf6727dbcfd3d99e390456 (patch)
tree76932876ae57f139fa1b3f82b375e4e526b507d7 /src/openvpn/ssl_verify.h
parentd73f7253d939e293abf9e27b4b7f37df1ec12a39 (diff)
parent9683f890944ffb114f5f8214f694e0b339cf5a5a (diff)
Merge tag 'upstream/2.4.3'
Upstream version 2.4.3
Diffstat (limited to 'src/openvpn/ssl_verify.h')
-rw-r--r--src/openvpn/ssl_verify.h13
1 files changed, 9 insertions, 4 deletions
diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h
index ffab218..f2d0d6c 100644
--- a/src/openvpn/ssl_verify.h
+++ b/src/openvpn/ssl_verify.h
@@ -17,10 +17,9 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/**
@@ -218,6 +217,9 @@ struct x509_track
/** Do not perform Netscape certificate type verification */
#define NS_CERT_CHECK_CLIENT (1<<1)
+/** Require keyUsage to be present in cert (0xFFFF is an invalid KU value) */
+#define OPENVPN_KU_REQUIRED (0xFFFF)
+
/*
* TODO: document
*/
@@ -238,6 +240,9 @@ tls_client_reason(struct tls_multi *multi)
#endif
}
+/** Remove any X509_ env variables from env_set es */
+void tls_x509_clear_env(struct env_set *es);
+
#endif /* ENABLE_CRYPTO */
#endif /* SSL_VERIFY_H_ */