diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-05 18:35:20 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-05 18:35:20 +0000 |
| commit | 3bf15e2974f416cb970ef54fae0f600ec299000e (patch) | |
| tree | e5eee2ff6fe2245b552813dce2741b1bec28647b /crypto/x509/x509_vfy.h | |
| parent | 8df400cf8de73f2377f6931735c386b1480300ad (diff) | |
| download | openssl-3bf15e2974f416cb970ef54fae0f600ec299000e.tar.gz | |
Integrate host, email and IP address checks into X509_verify.
Add new verify options to set checks.
Remove previous -check* commands from s_client and s_server.
Diffstat (limited to 'crypto/x509/x509_vfy.h')
| -rw-r--r-- | crypto/x509/x509_vfy.h | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index a6f3943025..58eff53f72 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -173,6 +173,12 @@ typedef struct X509_VERIFY_PARAM_st int trust; /* trust setting to check */ int depth; /* Verify depth */ STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + unsigned char *host; /* If not NULL hostname to match */ + size_t hostlen; + unsigned char *email; /* If not NULL email address to match */ + size_t emaillen; + unsigned char *ip; /* If not NULL IP address to match */ + size_t iplen; /* Length of IP address */ } X509_VERIFY_PARAM; DECLARE_STACK_OF(X509_VERIFY_PARAM) @@ -362,6 +368,10 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 #define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 #define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 +/* Host, email and IP check errors */ +#define X509_V_ERR_HOSTNAME_MISMATCH 62 +#define X509_V_ERR_EMAIL_MISMATCH 63 +#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 /* The application is not happy */ #define X509_V_ERR_APPLICATION_VERIFICATION 50 @@ -548,6 +558,15 @@ int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy); int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies); + +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const unsigned char *name, size_t namelen); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const unsigned char *email, size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); + int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); |