diff options
Diffstat (limited to 'lib/ext/cert_types.h')
-rw-r--r-- | lib/ext/cert_types.h | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/lib/ext/cert_types.h b/lib/ext/cert_types.h index c54e0f2bfe..04e024d5db 100644 --- a/lib/ext/cert_types.h +++ b/lib/ext/cert_types.h @@ -26,11 +26,13 @@ /* Maps IANA TLS Certificate Types identifiers to internal * certificate type representation. */ -static inline gnutls_certificate_type_t _gnutls_IANA2cert_type(int num) +static inline gnutls_certificate_type_t IANA2cert_type(int num) { switch (num) { case 0: return GNUTLS_CRT_X509; + case 2: + return GNUTLS_CRT_RAWPK; default: return GNUTLS_CRT_UNKNOWN; } @@ -39,12 +41,43 @@ static inline gnutls_certificate_type_t _gnutls_IANA2cert_type(int num) /* Maps internal certificate type representation to * IANA TLS Certificate Types identifiers. */ -static inline int _gnutls_cert_type2IANA(gnutls_certificate_type_t cert_type) +static inline int cert_type2IANA(gnutls_certificate_type_t cert_type) { switch (cert_type) { case GNUTLS_CRT_X509: return 0; + case GNUTLS_CRT_RAWPK: + return 2; default: return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } } + +/* Checks whether the given cert type is enabled in the application + */ +static inline bool is_cert_type_enabled(gnutls_session_t session, gnutls_certificate_type_t cert_type) +{ + switch(cert_type) { + case GNUTLS_CRT_X509: + // Default cert type, always enabled + return true; + case GNUTLS_CRT_RAWPK: + return session->internals.flags & GNUTLS_ENABLE_RAWPK; + default: + // When not explicitly supported here disable it + return false; + } +} + +/* Checks whether alternative cert types (i.e. other than X.509) + * are enabled in the application + */ +static inline bool are_alternative_cert_types_allowed(gnutls_session_t session) +{ + // OR-ed list of defined cert type init flags + #define CERT_TYPES_FLAGS GNUTLS_ENABLE_RAWPK + + return session->internals.flags & CERT_TYPES_FLAGS; + + #undef CERT_TYPES_FLAGS +} |