diff options
author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-12-27 18:25:47 +0100 |
---|---|---|
committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-12-27 18:25:47 +0100 |
commit | 79f3537f69e125f19f59c36aa090120a63186a54 (patch) | |
tree | 2089a3b7dac990841dbc2e4d9b2f535b82dbb0af /src/openvpn/ssl_verify_backend.h | |
parent | f2137fedb30cb87448eb03b2f288920df6187571 (diff) | |
parent | 3a2bbdb05ca6a6996e424c9fb225cb0d53804125 (diff) |
Merge tag 'upstream/2.4.0'
Upstream version 2.4.0
Diffstat (limited to 'src/openvpn/ssl_verify_backend.h')
-rw-r--r-- | src/openvpn/ssl_verify_backend.h | 168 |
1 files changed, 84 insertions, 84 deletions
diff --git a/src/openvpn/ssl_verify_backend.h b/src/openvpn/ssl_verify_backend.h index de304b9..c4330ba 100644 --- a/src/openvpn/ssl_verify_backend.h +++ b/src/openvpn/ssl_verify_backend.h @@ -5,8 +5,8 @@ * packet encryption, packet authentication, and * packet compression. * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> - * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com> + * Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> + * Copyright (C) 2010-2017 Fox Crypto B.V. <openvpn@fox-it.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -33,7 +33,7 @@ /** * Result of verification function */ -typedef enum { SUCCESS=0, FAILURE=1 } result_t; +typedef enum { SUCCESS = 0, FAILURE = 1 } result_t; /* * Backend support functions. @@ -49,11 +49,11 @@ typedef enum { SUCCESS=0, FAILURE=1 } result_t; * This function must be called for every certificate in the certificate * chain during the certificate verification stage of the handshake. * - * @param session TLS Session associated with this tunnel - * @param cert Certificate to process - * @param cert_depth Depth of the current certificate + * @param session TLS Session associated with this tunnel + * @param cert Certificate to process + * @param cert_depth Depth of the current certificate * - * @return \c SUCCESS if verification was successful, \c FAILURE on failure. + * @return \c SUCCESS if verification was successful, \c FAILURE on failure. */ result_t verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_depth); @@ -64,12 +64,12 @@ result_t verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int * Must be called for every certificate in the verification chain, whether it * is valid or not. * - * @param session TLS Session associated with this tunnel - * @param cert_depth Depth of the current certificate - * @param cert_hash Hash of the current certificate + * @param session TLS Session associated with this tunnel + * @param cert_depth Depth of the current certificate + * @param cert_hash Hash of the current certificate */ -void cert_hash_remember (struct tls_session *session, const int cert_depth, - const struct buffer *cert_hash); +void cert_hash_remember(struct tls_session *session, const int cert_depth, + const struct buffer *cert_hash); /* * Library-specific functions. @@ -80,34 +80,34 @@ void cert_hash_remember (struct tls_session *session, const int cert_depth, /* * Retrieve certificate's subject name. * - * @param cert Certificate to retrieve the subject from. - * @param gc Garbage collection arena to use when allocating string. + * @param cert Certificate to retrieve the subject from. + * @param gc Garbage collection arena to use when allocating string. * - * @return a string containing the subject + * @return a string containing the subject */ -char *x509_get_subject (openvpn_x509_cert_t *cert, struct gc_arena *gc); +char *x509_get_subject(openvpn_x509_cert_t *cert, struct gc_arena *gc); /** * Retrieve the certificate's SHA1 fingerprint. * - * @param cert Certificate to retrieve the fingerprint from. - * @param gc Garbage collection arena to use when allocating string. + * @param cert Certificate to retrieve the fingerprint from. + * @param gc Garbage collection arena to use when allocating string. * - * @return a string containing the certificate fingerprint + * @return a string containing the certificate fingerprint */ -struct buffer x509_get_sha1_fingerprint (openvpn_x509_cert_t *cert, - struct gc_arena *gc); +struct buffer x509_get_sha1_fingerprint(openvpn_x509_cert_t *cert, + struct gc_arena *gc); /** * Retrieve the certificate's SHA256 fingerprint. * - * @param cert Certificate to retrieve the fingerprint from. - * @param gc Garbage collection arena to use when allocating string. + * @param cert Certificate to retrieve the fingerprint from. + * @param gc Garbage collection arena to use when allocating string. * - * @return a string containing the certificate fingerprint + * @return a string containing the certificate fingerprint */ -struct buffer x509_get_sha256_fingerprint (openvpn_x509_cert_t *cert, - struct gc_arena *gc); +struct buffer x509_get_sha256_fingerprint(openvpn_x509_cert_t *cert, + struct gc_arena *gc); /* * Retrieve the certificate's username from the specified field. @@ -115,67 +115,67 @@ struct buffer x509_get_sha256_fingerprint (openvpn_x509_cert_t *cert, * If the field is prepended with ext: and ENABLE_X509ALTUSERNAME is enabled, * it will be loaded from an X.509 extension * - * @param cn Buffer to return the common name in. - * @param cn_len Length of the cn buffer. - * @param x509_username_field Name of the field to load from - * @param cert Certificate to retrieve the common name from. + * @param cn Buffer to return the common name in. + * @param cn_len Length of the cn buffer. + * @param x509_username_field Name of the field to load from + * @param cert Certificate to retrieve the common name from. * - * @return \c FAILURE, \c or SUCCESS + * @return \c FAILURE, \c or SUCCESS */ -result_t backend_x509_get_username (char *common_name, int cn_len, - char * x509_username_field, openvpn_x509_cert_t *peer_cert); +result_t backend_x509_get_username(char *common_name, int cn_len, + char *x509_username_field, openvpn_x509_cert_t *peer_cert); /* * Return the certificate's serial number in decimal string representation. * * The serial number is returned as a string, since it might be a bignum. * - * @param cert Certificate to retrieve the serial number from. - * @param gc Garbage collection arena to use when allocating string. + * @param cert Certificate to retrieve the serial number from. + * @param gc Garbage collection arena to use when allocating string. * - * @return String representation of the certificate's serial number - * in decimal notation, or NULL on error. + * @return String representation of the certificate's serial number + * in decimal notation, or NULL on error. */ -char *backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc); +char *backend_x509_get_serial(openvpn_x509_cert_t *cert, struct gc_arena *gc); /* * Return the certificate's serial number in hex string representation. * * The serial number is returned as a string, since it might be a bignum. * - * @param cert Certificate to retrieve the serial number from. - * @param gc Garbage collection arena to use when allocating string. + * @param cert Certificate to retrieve the serial number from. + * @param gc Garbage collection arena to use when allocating string. * - * @return String representation of the certificate's serial number - * in hex notation, or NULL on error. + * @return String representation of the certificate's serial number + * in hex notation, or NULL on error. */ -char *backend_x509_get_serial_hex (openvpn_x509_cert_t *cert, - struct gc_arena *gc); +char *backend_x509_get_serial_hex(openvpn_x509_cert_t *cert, + struct gc_arena *gc); /* * Save X509 fields to environment, using the naming convention: * * X509_{cert_depth}_{name}={value} * - * @param es Environment set to save variables in - * @param cert_depth Depth of the certificate - * @param cert Certificate to set the environment for + * @param es Environment set to save variables in + * @param cert_depth Depth of the certificate + * @param cert Certificate to set the environment for */ -void x509_setenv (struct env_set *es, int cert_depth, openvpn_x509_cert_t *cert); +void x509_setenv(struct env_set *es, int cert_depth, openvpn_x509_cert_t *cert); /* * Start tracking the given attribute. * * The tracked attributes are stored in ll_head. * - * @param ll_head The x509_track to store tracked atttributes in - * @param name Name of the attribute to track - * @param msglevel Message level for errors - * @param gc Garbage collection arena for temp data + * @param ll_head The x509_track to store tracked atttributes in + * @param name Name of the attribute to track + * @param msglevel Message level for errors + * @param gc Garbage collection arena for temp data * */ -void x509_track_add (const struct x509_track **ll_head, const char *name, - int msglevel, struct gc_arena *gc); +void x509_track_add(const struct x509_track **ll_head, const char *name, + int msglevel, struct gc_arena *gc); /* * Save X509 fields to environment, using the naming convention: @@ -193,60 +193,60 @@ void x509_track_add (const struct x509_track **ll_head, const char *name, * well as X509 V3 extensions. * * @param xt - * @param es Environment set to save variables in - * @param cert_depth Depth of the certificate - * @param cert Certificate to set the environment for + * @param es Environment set to save variables in + * @param cert_depth Depth of the certificate + * @param cert Certificate to set the environment for */ -void x509_setenv_track (const struct x509_track *xt, struct env_set *es, - const int depth, openvpn_x509_cert_t *x509); +void x509_setenv_track(const struct x509_track *xt, struct env_set *es, + const int depth, openvpn_x509_cert_t *x509); /* * Check X.509 Netscape certificate type field, if available. * - * @param cert Certificate to check. - * @param usage One of \c NS_CERT_CHECK_CLIENT, \c NS_CERT_CHECK_SERVER, - * or \c NS_CERT_CHECK_NONE. + * @param cert Certificate to check. + * @param usage One of \c NS_CERT_CHECK_CLIENT, \c NS_CERT_CHECK_SERVER, + * or \c NS_CERT_CHECK_NONE. * - * @return \c SUCCESS if NS_CERT_CHECK_NONE or if the certificate has - * the expected bit set. \c FAILURE if the certificate does - * not have NS cert type verification or the wrong bit set. + * @return \c SUCCESS if NS_CERT_CHECK_NONE or if the certificate has + * the expected bit set. \c FAILURE if the certificate does + * not have NS cert type verification or the wrong bit set. */ result_t x509_verify_ns_cert_type(const openvpn_x509_cert_t *cert, const int usage); /* * Verify X.509 key usage extension field. * - * @param cert Certificate to check. - * @param expected_ku Array of valid key usage values - * @param expected_len Length of the key usage array + * @param cert Certificate to check. + * @param expected_ku Array of valid key usage values + * @param expected_len Length of the key usage array * - * @return \c SUCCESS if one of the key usage values matches, \c FAILURE - * if key usage is not enabled, or the values do not match. + * @return \c SUCCESS if one of the key usage values matches, \c FAILURE + * if key usage is not enabled, or the values do not match. */ -result_t x509_verify_cert_ku (openvpn_x509_cert_t *x509, const unsigned * const expected_ku, - int expected_len); +result_t x509_verify_cert_ku(openvpn_x509_cert_t *x509, const unsigned *const expected_ku, + int expected_len); /* * Verify X.509 extended key usage extension field. * - * @param cert Certificate to check. - * @param expected_oid String representation of the expected Object ID. May be - * either the string representation of the numeric OID - * (e.g. \c "1.2.3.4", or the descriptive string matching - * the OID. + * @param cert Certificate to check. + * @param expected_oid String representation of the expected Object ID. May be + * either the string representation of the numeric OID + * (e.g. \c "1.2.3.4", or the descriptive string matching + * the OID. * - * @return \c SUCCESS if one of the expected OID matches one of the - * extended key usage fields, \c FAILURE if extended key - * usage is not enabled, or the values do not match. + * @return \c SUCCESS if one of the expected OID matches one of the + * extended key usage fields, \c FAILURE if extended key + * usage is not enabled, or the values do not match. */ -result_t x509_verify_cert_eku (openvpn_x509_cert_t *x509, const char * const expected_oid); +result_t x509_verify_cert_eku(openvpn_x509_cert_t *x509, const char *const expected_oid); /* * Store the given certificate in pem format in a temporary file in tmp_dir * - * @param cert Certificate to store - * @param tmp_dir Temporary directory to store the directory - * @param gc gc_arena to store temporary objects in + * @param cert Certificate to store + * @param tmp_dir Temporary directory to store the directory + * @param gc gc_arena to store temporary objects in * * */ |