diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-04 20:58:50 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-04 20:58:50 +0200 |
| commit | 7af8e49ad43d5550c1cdf4fa5426c4e7034f08eb (patch) | |
| tree | ef2426ed9f4b43f9b23b48f7b62f836cc05ded09 /lib/includes/gnutls/x509.h | |
| parent | 402df96be2bad49e8ea371334ce5df3acb48fbbb (diff) | |
| download | gnutls-7af8e49ad43d5550c1cdf4fa5426c4e7034f08eb.tar.gz | |
Added gnutls_x509_trust_list_add_named_crt() and
gnutls_x509_trust_list_verify_named_crt() that allow having a
list of certificates in the trusted list that will be associated
with a name (e.g. server name) and will not be used as CAs.
Diffstat (limited to 'lib/includes/gnutls/x509.h')
| -rw-r--r-- | lib/includes/gnutls/x509.h | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 0ee291811c..f6bfdd8e78 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -541,6 +541,8 @@ extern "C" * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation * and expiration validity periods of certificate chains. Don't set * this unless you understand the security implications. + * @GNUTLS_VERIFY_DISABLE_CRL_CHECKS: Disable checking for validity + * using certificate revocation lists. * * Enumeration of different certificate verify flags. */ @@ -554,7 +556,8 @@ extern "C" GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32, GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64, GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128, - GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256 + GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256, + GNUTLS_VERIFY_DISABLE_CRL_CHECKS = 512, } gnutls_certificate_verify_flags; int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, @@ -847,13 +850,16 @@ extern "C" void gnutls_x509_trust_list_deinit (gnutls_x509_trust_list_t list, unsigned int all); - int gnutls_trust_list_get_issuer(gnutls_x509_trust_list_t list, + int gnutls_x509_trust_list_get_issuer(gnutls_x509_trust_list_t list, gnutls_x509_crt_t cert, gnutls_x509_crt_t* issuer, unsigned int flags); int gnutls_x509_trust_list_add_cas (gnutls_x509_trust_list_t list, const gnutls_x509_crt_t * clist, int clist_size, unsigned int flags); + int gnutls_x509_trust_list_add_named_crt (gnutls_x509_trust_list_t list, + gnutls_x509_crt_t cert, const void* name, size_t name_size, unsigned int flags); + #define GNUTLS_TL_VERIFY_CRL 1 int gnutls_x509_trust_list_add_crls (gnutls_x509_trust_list_t list, @@ -870,6 +876,14 @@ extern "C" */ unsigned int verification_output); + int gnutls_x509_trust_list_verify_named_crt ( + gnutls_x509_trust_list_t list, + gnutls_x509_crt_t cert, + const void * name, size_t name_size, + unsigned int flags, + unsigned int *verify, + gnutls_verify_output_function func); + int gnutls_x509_trust_list_verify_crt ( gnutls_x509_trust_list_t list, |