diff options
author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-11-21 09:37:33 +0100 |
---|---|---|
committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2016-11-21 09:37:33 +0100 |
commit | 20c8675ba46bda97330a4117c459a59a9f1c465e (patch) | |
tree | d888c714fb61947dd79dc44b64a4aaae2f70bfb7 /src/openvpn/ssl_verify_polarssl.h | |
parent | ffca24bed7a03d95585ad02278667abe75d8b272 (diff) |
New upstream version 2.4~beta1upstream/2.4_beta1
Diffstat (limited to 'src/openvpn/ssl_verify_polarssl.h')
-rw-r--r-- | src/openvpn/ssl_verify_polarssl.h | 80 |
1 files changed, 0 insertions, 80 deletions
diff --git a/src/openvpn/ssl_verify_polarssl.h b/src/openvpn/ssl_verify_polarssl.h deleted file mode 100644 index b5157ed..0000000 --- a/src/openvpn/ssl_verify_polarssl.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * OpenVPN -- An application to securely tunnel IP networks - * over a single TCP/UDP port, with support for SSL/TLS-based - * session authentication and key exchange, - * packet encryption, packet authentication, and - * packet compression. - * - * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> - * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -/** - * @file Control Channel Verification Module PolarSSL backend - */ - -#ifndef SSL_VERIFY_POLARSSL_H_ -#define SSL_VERIFY_POLARSSL_H_ - -#include "syshead.h" -#include "misc.h" -#include "manage.h" -#include <polarssl/x509_crt.h> - -#ifndef __OPENVPN_X509_CERT_T_DECLARED -#define __OPENVPN_X509_CERT_T_DECLARED -typedef x509_crt openvpn_x509_cert_t; -#endif - -/** @name Function for authenticating a new connection from a remote OpenVPN peer - * @{ */ - -/** - * Verify that the remote OpenVPN peer's certificate allows setting up a - * VPN tunnel. - * @ingroup control_tls - * - * This callback function is called when a new TLS session is being setup to - * determine whether the remote OpenVPN peer's certificate is allowed to - * connect. It is called for once for every certificate in the chain. The - * callback functionality is configured in the \c init_ssl() function, which - * calls the PolarSSL library's \c ssl_set_verify_callback() function with \c - * verify_callback() as its callback argument. - * - * It checks *flags and registers the certificate hash. If these steps succeed, - * it calls the \c verify_cert() function, which performs OpenVPN-specific - * verification. - * - * @param session_obj - The OpenVPN \c tls_session associated with this object, - * as set during SSL session setup. - * @param cert - The certificate used by PolarSSL. - * @param cert_depth - The depth of the current certificate in the chain, with - * 0 being the actual certificate. - * @param flags - Whether the remote OpenVPN peer's certificate - * passed verification. A value of 0 means it - * verified successfully, any other value means it - * failed. \c verify_callback() is considered to have - * ok'ed this certificate if flags is 0 when it returns. - * - * @return The return value is 0 unless a fatal error occurred. - */ -int verify_callback (void *session_obj, x509_crt *cert, int cert_depth, - int *flags); - -/** @} name Function for authenticating a new connection from a remote OpenVPN peer */ - -#endif /* SSL_VERIFY_POLARSSL_H_ */ |