grpc 1.38.0 → 1.40.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +68 -21
- data/include/grpc/event_engine/endpoint_config.h +48 -0
- data/include/grpc/event_engine/event_engine.h +23 -29
- data/include/grpc/event_engine/port.h +2 -0
- data/include/grpc/event_engine/slice_allocator.h +21 -36
- data/include/grpc/grpc.h +9 -2
- data/include/grpc/grpc_security.h +32 -0
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +33 -19
- data/include/grpc/impl/codegen/port_platform.h +41 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +415 -249
- data/src/core/ext/filters/client_channel/client_channel.h +42 -18
- data/src/core/ext/filters/client_channel/config_selector.h +19 -6
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +2 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +16 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +7 -8
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +12 -21
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +10 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +8 -15
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +18 -36
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +14 -22
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +68 -103
- data/src/core/ext/filters/client_channel/lb_policy.cc +1 -15
- data/src/core/ext/filters/client_channel/lb_policy.h +70 -46
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -3
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +7 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +116 -76
- data/src/core/ext/filters/client_channel/retry_filter.cc +967 -544
- data/src/core/ext/filters/client_channel/retry_service_config.cc +57 -28
- data/src/core/ext/filters/client_channel/retry_service_config.h +9 -3
- data/src/core/ext/filters/client_channel/service_config_call_data.h +45 -5
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +5 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +2 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +5 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +1 -1
- data/src/core/{lib/event_engine/slice_allocator.cc → ext/transport/chttp2/transport/chttp2_slice_allocator.cc} +23 -16
- data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.h +74 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +12 -10
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +639 -752
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +190 -69
- data/src/core/ext/transport/chttp2/transport/internal.h +2 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +72 -56
- data/src/core/ext/transport/chttp2/transport/varint.cc +6 -4
- data/src/core/ext/transport/inproc/inproc_transport.cc +42 -31
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +56 -35
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +180 -76
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +35 -27
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +97 -48
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +45 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +67 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +66 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +227 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +121 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +32 -24
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -73
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +48 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +171 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +8 -6
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +27 -19
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +24 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +57 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +29 -17
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +6 -5
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +15 -11
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +85 -43
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +274 -91
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +11 -8
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +30 -13
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +33 -5
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +115 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +60 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +181 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +1 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +82 -66
- data/src/core/ext/upb-generated/validate/validate.upb.h +220 -124
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +15 -7
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +53 -52
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +318 -277
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +437 -410
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +198 -170
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +219 -163
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +29 -25
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +135 -125
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +131 -123
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +90 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +32 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +69 -55
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +684 -664
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +13 -10
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +13 -10
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +441 -375
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +122 -114
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +112 -79
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +35 -32
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +4 -4
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +182 -160
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/xds_api.cc +582 -257
- data/src/core/ext/xds/xds_api.h +46 -8
- data/src/core/ext/xds/xds_bootstrap.cc +4 -1
- data/src/core/ext/xds/xds_client.cc +66 -43
- data/src/core/ext/xds/xds_client.h +0 -4
- data/src/core/ext/xds/xds_http_filters.cc +3 -2
- data/src/core/ext/xds/xds_http_filters.h +3 -0
- data/src/core/lib/address_utils/sockaddr_utils.cc +13 -0
- data/src/core/lib/address_utils/sockaddr_utils.h +10 -0
- data/src/core/lib/channel/call_tracer.h +85 -0
- data/src/core/lib/channel/channel_stack.h +1 -1
- data/src/core/lib/channel/channelz.h +3 -0
- data/src/core/lib/channel/context.h +3 -0
- data/src/core/lib/channel/status_util.h +4 -0
- data/src/core/lib/compression/stream_compression.h +1 -1
- data/src/core/lib/compression/stream_compression_gzip.h +1 -1
- data/src/core/lib/compression/stream_compression_identity.h +1 -1
- data/src/core/lib/debug/stats.h +1 -1
- data/src/core/lib/event_engine/endpoint_config.cc +46 -0
- data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
- data/src/core/lib/event_engine/event_engine.cc +50 -0
- data/src/core/lib/event_engine/sockaddr.cc +14 -12
- data/src/core/lib/event_engine/sockaddr.h +44 -0
- data/src/core/lib/gpr/murmur_hash.cc +4 -2
- data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/orphanable.h +3 -3
- data/src/core/lib/gprpp/status_helper.h +3 -0
- data/src/core/lib/gprpp/sync.h +2 -30
- data/src/core/lib/iomgr/buffer_list.cc +1 -1
- data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +33 -0
- data/src/core/lib/iomgr/error.cc +5 -4
- data/src/core/lib/iomgr/error.h +1 -1
- data/src/core/lib/iomgr/ev_apple.h +1 -1
- data/src/core/lib/iomgr/event_engine/closure.cc +54 -0
- data/src/core/lib/iomgr/event_engine/closure.h +33 -0
- data/src/core/lib/iomgr/event_engine/endpoint.cc +192 -0
- data/src/core/lib/iomgr/event_engine/endpoint.h +53 -0
- data/src/core/lib/iomgr/event_engine/iomgr.cc +105 -0
- data/src/core/lib/iomgr/event_engine/iomgr.h +24 -0
- data/src/core/lib/iomgr/event_engine/pollset.cc +87 -0
- data/{include/grpc/event_engine/channel_args.h → src/core/lib/iomgr/event_engine/pollset.h} +7 -10
- data/src/core/lib/iomgr/event_engine/promise.h +51 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
- data/src/core/lib/iomgr/event_engine/resolver.cc +110 -0
- data/src/core/lib/iomgr/event_engine/tcp.cc +263 -0
- data/src/core/lib/iomgr/event_engine/timer.cc +57 -0
- data/src/core/lib/iomgr/exec_ctx.cc +8 -0
- data/src/core/lib/iomgr/exec_ctx.h +3 -4
- data/src/core/lib/iomgr/executor/threadpool.cc +2 -3
- data/src/core/lib/iomgr/executor/threadpool.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +40 -10
- data/src/core/lib/iomgr/pollset_custom.cc +2 -2
- data/src/core/lib/iomgr/pollset_custom.h +3 -1
- data/src/core/lib/iomgr/pollset_uv.cc +3 -1
- data/src/core/lib/iomgr/pollset_uv.h +5 -1
- data/src/core/lib/iomgr/port.h +7 -5
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +5 -1
- data/src/core/lib/iomgr/resolve_address.h +6 -0
- data/src/core/lib/iomgr/resource_quota.cc +2 -0
- data/src/core/lib/iomgr/sockaddr.h +1 -0
- data/src/core/lib/iomgr/socket_mutator.cc +15 -2
- data/src/core/lib/iomgr/socket_mutator.h +26 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -4
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
- data/src/core/lib/iomgr/tcp_client_posix.cc +7 -2
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -0
- data/src/core/lib/iomgr/tcp_posix.cc +42 -39
- data/src/core/lib/iomgr/tcp_posix.h +8 -0
- data/src/core/lib/iomgr/tcp_server_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_server_posix.cc +7 -0
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -1
- data/src/core/lib/iomgr/timer.h +6 -1
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/json/json_reader.cc +1 -2
- data/src/core/lib/matchers/matchers.cc +8 -20
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/security/authorization/authorization_engine.h +44 -0
- data/src/core/lib/security/authorization/authorization_policy_provider.h +32 -0
- data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +209 -0
- data/src/core/lib/security/authorization/evaluate_args.h +91 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +49 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +7 -0
- data/src/core/lib/security/credentials/tls/tls_utils.cc +32 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +13 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +9 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +5 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +6 -18
- data/src/core/lib/security/transport/security_handshaker.cc +12 -4
- data/src/core/lib/security/transport/server_auth_filter.cc +0 -7
- data/src/core/lib/slice/slice.cc +12 -2
- data/src/core/lib/slice/slice_internal.h +1 -0
- data/src/core/lib/surface/call.cc +26 -7
- data/src/core/lib/surface/call.h +11 -0
- data/src/core/lib/surface/completion_queue.cc +22 -22
- data/src/core/lib/surface/completion_queue.h +1 -1
- data/src/core/lib/surface/completion_queue_factory.cc +1 -2
- data/src/core/lib/surface/init.cc +1 -3
- data/src/core/lib/surface/init.h +10 -1
- data/src/core/lib/surface/server.cc +3 -1
- data/src/core/lib/surface/server.h +3 -3
- data/src/core/lib/surface/version.cc +2 -4
- data/src/core/lib/transport/error_utils.cc +2 -2
- data/src/core/lib/transport/metadata_batch.cc +13 -2
- data/src/core/lib/transport/metadata_batch.h +7 -0
- data/src/core/lib/transport/transport.h +2 -0
- data/src/core/lib/transport/transport_op_string.cc +1 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
- data/src/core/tsi/alts/crypt/gsec.h +2 -0
- data/src/ruby/ext/grpc/extconf.rb +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +10 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/err_data.c +269 -263
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +8 -6
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -121
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +20 -30
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +19 -30
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +26 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +28 -39
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +48 -66
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +362 -371
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +101 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +53 -73
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +66 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +40 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +14 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +19 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +325 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +23 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +99 -63
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -109
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +12 -19
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +48 -50
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +451 -435
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +773 -84
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +80 -47
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +24 -19
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +189 -86
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +45 -56
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +272 -167
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -102
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +8 -31
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +576 -648
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +31 -3
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -39
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +141 -94
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +58 -68
- data/third_party/xxhash/xxhash.h +77 -195
- metadata +81 -39
- data/src/core/lib/gpr/arena.h +0 -47
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -267
- data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
|
@@ -115,11 +115,6 @@ DECLARE_ASN1_SET_OF(X509_ALGOR)
|
|
|
115
115
|
|
|
116
116
|
typedef STACK_OF(X509_ALGOR) X509_ALGORS;
|
|
117
117
|
|
|
118
|
-
struct X509_sig_st {
|
|
119
|
-
X509_ALGOR *algor;
|
|
120
|
-
ASN1_OCTET_STRING *digest;
|
|
121
|
-
} /* X509_SIG */;
|
|
122
|
-
|
|
123
118
|
struct X509_name_entry_st {
|
|
124
119
|
ASN1_OBJECT *object;
|
|
125
120
|
ASN1_STRING *value;
|
|
@@ -156,23 +151,6 @@ DECLARE_ASN1_SET_OF(X509_EXTENSION)
|
|
|
156
151
|
DEFINE_STACK_OF(X509_ATTRIBUTE)
|
|
157
152
|
DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
|
|
158
153
|
|
|
159
|
-
|
|
160
|
-
struct X509_req_info_st {
|
|
161
|
-
ASN1_ENCODING enc;
|
|
162
|
-
ASN1_INTEGER *version;
|
|
163
|
-
X509_NAME *subject;
|
|
164
|
-
X509_PUBKEY *pubkey;
|
|
165
|
-
// d=2 hl=2 l= 0 cons: cont: 00
|
|
166
|
-
STACK_OF(X509_ATTRIBUTE) *attributes; // [ 0 ]
|
|
167
|
-
} /* X509_REQ_INFO */;
|
|
168
|
-
|
|
169
|
-
struct X509_req_st {
|
|
170
|
-
X509_REQ_INFO *req_info;
|
|
171
|
-
X509_ALGOR *sig_alg;
|
|
172
|
-
ASN1_BIT_STRING *signature;
|
|
173
|
-
CRYPTO_refcount_t references;
|
|
174
|
-
} /* X509_REQ */;
|
|
175
|
-
|
|
176
154
|
struct x509_cinf_st {
|
|
177
155
|
ASN1_INTEGER *version; // [ 0 ] default of v1
|
|
178
156
|
ASN1_INTEGER *serialNumber;
|
|
@@ -192,14 +170,6 @@ struct x509_cinf_st {
|
|
|
192
170
|
// stores and databases. When used this is tagged onto
|
|
193
171
|
// the end of the certificate itself
|
|
194
172
|
|
|
195
|
-
struct x509_cert_aux_st {
|
|
196
|
-
STACK_OF(ASN1_OBJECT) *trust; // trusted uses
|
|
197
|
-
STACK_OF(ASN1_OBJECT) *reject; // rejected uses
|
|
198
|
-
ASN1_UTF8STRING *alias; // "friendly name"
|
|
199
|
-
ASN1_OCTET_STRING *keyid; // key id of private key
|
|
200
|
-
STACK_OF(X509_ALGOR) *other; // other unspecified info
|
|
201
|
-
} /* X509_CERT_AUX */;
|
|
202
|
-
|
|
203
173
|
DECLARE_STACK_OF(DIST_POINT)
|
|
204
174
|
DECLARE_STACK_OF(GENERAL_NAME)
|
|
205
175
|
|
|
@@ -453,24 +423,23 @@ extern "C" {
|
|
|
453
423
|
// it is safe to call mutating functions is a little tricky due to various
|
|
454
424
|
// internal caches.
|
|
455
425
|
|
|
456
|
-
//
|
|
457
|
-
//
|
|
458
|
-
|
|
459
|
-
#define
|
|
460
|
-
#define
|
|
461
|
-
#define X509V3_VERSION 2
|
|
426
|
+
// X509_VERSION_* are X.509 version numbers. Note the numerical values of all
|
|
427
|
+
// defined X.509 versions are one less than the named version.
|
|
428
|
+
#define X509_VERSION_1 0
|
|
429
|
+
#define X509_VERSION_2 1
|
|
430
|
+
#define X509_VERSION_3 2
|
|
462
431
|
|
|
463
432
|
// X509_get_version returns the numerical value of |x509|'s version. Callers may
|
|
464
|
-
// compare the result to the |
|
|
433
|
+
// compare the result to the |X509_VERSION_*| constants. Unknown versions are
|
|
465
434
|
// rejected by the parser, but a manually-created |X509| object may encode
|
|
466
435
|
// invalid versions. In that case, the function will return the invalid version,
|
|
467
436
|
// or -1 on overflow.
|
|
468
437
|
OPENSSL_EXPORT long X509_get_version(const X509 *x509);
|
|
469
438
|
|
|
470
439
|
// X509_set_version sets |x509|'s version to |version|, which should be one of
|
|
471
|
-
// the |
|
|
440
|
+
// the |X509V_VERSION_*| constants. It returns one on success and zero on error.
|
|
472
441
|
//
|
|
473
|
-
// If unsure, use |
|
|
442
|
+
// If unsure, use |X509_VERSION_3|.
|
|
474
443
|
OPENSSL_EXPORT int X509_set_version(X509 *x509, long version);
|
|
475
444
|
|
|
476
445
|
// X509_get0_serialNumber returns |x509|'s serial number.
|
|
@@ -542,9 +511,15 @@ OPENSSL_EXPORT void X509_get0_uids(const X509 *x509,
|
|
|
542
511
|
// |EXFLAG_INVALID| bit.
|
|
543
512
|
OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
|
|
544
513
|
|
|
545
|
-
//
|
|
546
|
-
//
|
|
547
|
-
|
|
514
|
+
// X509_REQ_VERSION_1 is the version constant for |X509_REQ| objects. Note no
|
|
515
|
+
// other versions are defined.
|
|
516
|
+
#define X509_REQ_VERSION_1 0
|
|
517
|
+
|
|
518
|
+
// X509_REQ_get_version returns the numerical value of |req|'s version. This
|
|
519
|
+
// will be |X509_REQ_VERSION_1| for valid certificate requests. If |req| is
|
|
520
|
+
// invalid, it may return another value, or -1 on overflow.
|
|
521
|
+
//
|
|
522
|
+
// TODO(davidben): Enforce the version number in the parser.
|
|
548
523
|
OPENSSL_EXPORT long X509_REQ_get_version(const X509_REQ *req);
|
|
549
524
|
|
|
550
525
|
// X509_REQ_get_subject_name returns |req|'s subject name. Note this function is
|
|
@@ -557,9 +532,14 @@ OPENSSL_EXPORT X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
|
|
|
557
532
|
// X509_name_cmp is a legacy alias for |X509_NAME_cmp|.
|
|
558
533
|
#define X509_name_cmp(a, b) X509_NAME_cmp((a), (b))
|
|
559
534
|
|
|
535
|
+
#define X509_CRL_VERSION_1 0
|
|
536
|
+
#define X509_CRL_VERSION_2 1
|
|
537
|
+
|
|
560
538
|
// X509_CRL_get_version returns the numerical value of |crl|'s version. Callers
|
|
561
|
-
// may compare the result to |
|
|
562
|
-
// it may return another value, or -1 on overflow.
|
|
539
|
+
// may compare the result to |X509_CRL_VERSION_*| constants. If |crl| is
|
|
540
|
+
// invalid, it may return another value, or -1 on overflow.
|
|
541
|
+
//
|
|
542
|
+
// TODO(davidben): Enforce the version number in the parser.
|
|
563
543
|
OPENSSL_EXPORT long X509_CRL_get_version(const X509_CRL *crl);
|
|
564
544
|
|
|
565
545
|
// X509_CRL_get0_lastUpdate returns |crl|'s lastUpdate time.
|
|
@@ -953,7 +933,6 @@ OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
|
|
|
953
933
|
OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
|
|
954
934
|
|
|
955
935
|
DECLARE_ASN1_FUNCTIONS(X509_SIG)
|
|
956
|
-
DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
|
|
957
936
|
DECLARE_ASN1_FUNCTIONS(X509_REQ)
|
|
958
937
|
|
|
959
938
|
DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
|
|
@@ -1158,9 +1137,9 @@ OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_get0_extensions(
|
|
|
1158
1137
|
OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x509);
|
|
1159
1138
|
|
|
1160
1139
|
// X509_REQ_set_version sets |req|'s version to |version|, which should be
|
|
1161
|
-
// |
|
|
1140
|
+
// |X509_REQ_VERSION_1|. It returns one on success and zero on error.
|
|
1162
1141
|
//
|
|
1163
|
-
// Note no versions other than |
|
|
1142
|
+
// Note no versions other than |X509_REQ_VERSION_1| are defined for CSRs.
|
|
1164
1143
|
OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *req, long version);
|
|
1165
1144
|
|
|
1166
1145
|
// X509_REQ_set_subject_name sets |req|'s subject to a copy of |name|. It
|
|
@@ -1292,11 +1271,11 @@ OPENSSL_EXPORT int X509_REQ_add1_attr_by_txt(X509_REQ *req,
|
|
|
1292
1271
|
int len);
|
|
1293
1272
|
|
|
1294
1273
|
// X509_CRL_set_version sets |crl|'s version to |version|, which should be one
|
|
1295
|
-
// of the |
|
|
1274
|
+
// of the |X509_CRL_VERSION_*| constants. It returns one on success and zero on
|
|
1296
1275
|
// error.
|
|
1297
1276
|
//
|
|
1298
|
-
// If unsure, use |
|
|
1299
|
-
//
|
|
1277
|
+
// If unsure, use |X509_CRL_VERSION_2|. Note that, unlike certificates, CRL
|
|
1278
|
+
// versions are only defined up to v2. Callers should not use |X509_VERSION_3|.
|
|
1300
1279
|
OPENSSL_EXPORT int X509_CRL_set_version(X509_CRL *crl, long version);
|
|
1301
1280
|
|
|
1302
1281
|
// X509_CRL_set_issuer_name sets |crl|'s issuer to a copy of |name|. It returns
|
|
@@ -1353,6 +1332,25 @@ OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
|
|
|
1353
1332
|
// instead.
|
|
1354
1333
|
OPENSSL_EXPORT int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
|
|
1355
1334
|
|
|
1335
|
+
// X509_CRL_set1_signature_algo sets |crl|'s signature algorithm to |algo| and
|
|
1336
|
+
// returns one on success or zero on error. It updates both the signature field
|
|
1337
|
+
// of the TBSCertList structure, and the signatureAlgorithm field of the CRL.
|
|
1338
|
+
OPENSSL_EXPORT int X509_CRL_set1_signature_algo(X509_CRL *crl,
|
|
1339
|
+
const X509_ALGOR *algo);
|
|
1340
|
+
|
|
1341
|
+
// X509_CRL_set1_signature_value sets |crl|'s signature to a copy of the
|
|
1342
|
+
// |sig_len| bytes pointed by |sig|. It returns one on success and zero on
|
|
1343
|
+
// error.
|
|
1344
|
+
//
|
|
1345
|
+
// Due to a specification error, X.509 CRLs store signatures in ASN.1 BIT
|
|
1346
|
+
// STRINGs, but signature algorithms return byte strings rather than bit
|
|
1347
|
+
// strings. This function creates a BIT STRING containing a whole number of
|
|
1348
|
+
// bytes, with the bit order matching the DER encoding. This matches the
|
|
1349
|
+
// encoding used by all X.509 signature algorithms.
|
|
1350
|
+
OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
|
|
1351
|
+
const uint8_t *sig,
|
|
1352
|
+
size_t sig_len);
|
|
1353
|
+
|
|
1356
1354
|
// X509_REVOKED_get0_serialNumber returns the serial number of the certificate
|
|
1357
1355
|
// revoked by |revoked|.
|
|
1358
1356
|
OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(
|
|
@@ -4,21 +4,21 @@
|
|
|
4
4
|
* This package is an SSL implementation written
|
|
5
5
|
* by Eric Young (eay@cryptsoft.com).
|
|
6
6
|
* The implementation was written so as to conform with Netscapes SSL.
|
|
7
|
-
*
|
|
7
|
+
*
|
|
8
8
|
* This library is free for commercial and non-commercial use as long as
|
|
9
9
|
* the following conditions are aheared to. The following conditions
|
|
10
10
|
* apply to all code found in this distribution, be it the RC4, RSA,
|
|
11
11
|
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
|
12
12
|
* included with this distribution is covered by the same copyright terms
|
|
13
13
|
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
|
14
|
-
*
|
|
14
|
+
*
|
|
15
15
|
* Copyright remains Eric Young's, and as such any Copyright notices in
|
|
16
16
|
* the code are not to be removed.
|
|
17
17
|
* If this package is used in a product, Eric Young should be given attribution
|
|
18
18
|
* as the author of the parts of the library used.
|
|
19
19
|
* This can be in the form of a textual message at program startup or
|
|
20
20
|
* in documentation (online or textual) provided with the package.
|
|
21
|
-
*
|
|
21
|
+
*
|
|
22
22
|
* Redistribution and use in source and binary forms, with or without
|
|
23
23
|
* modification, are permitted provided that the following conditions
|
|
24
24
|
* are met:
|
|
@@ -33,10 +33,10 @@
|
|
|
33
33
|
* Eric Young (eay@cryptsoft.com)"
|
|
34
34
|
* The word 'cryptographic' can be left out if the rouines from the library
|
|
35
35
|
* being used are not cryptographic related :-).
|
|
36
|
-
* 4. If you include any Windows specific code (or a derivative thereof) from
|
|
36
|
+
* 4. If you include any Windows specific code (or a derivative thereof) from
|
|
37
37
|
* the apps directory (application code) you must include an acknowledgement:
|
|
38
38
|
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
|
39
|
-
*
|
|
39
|
+
*
|
|
40
40
|
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
|
41
41
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
42
42
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
@@ -48,7 +48,7 @@
|
|
|
48
48
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
49
49
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
50
50
|
* SUCH DAMAGE.
|
|
51
|
-
*
|
|
51
|
+
*
|
|
52
52
|
* The licence and distribution terms for any publically available version or
|
|
53
53
|
* derivative of this code cannot be changed. i.e. this code cannot simply be
|
|
54
54
|
* copied and put under another distribution licence
|
|
@@ -57,8 +57,8 @@
|
|
|
57
57
|
|
|
58
58
|
#ifndef HEADER_X509_H
|
|
59
59
|
#include <openssl/x509.h>
|
|
60
|
-
|
|
61
|
-
|
|
60
|
+
// openssl/x509.h ends up #include-ing this file at about the only
|
|
61
|
+
// appropriate moment.
|
|
62
62
|
#endif
|
|
63
63
|
|
|
64
64
|
#ifndef HEADER_X509_VFY_H
|
|
@@ -66,28 +66,27 @@
|
|
|
66
66
|
|
|
67
67
|
#include <openssl/thread.h>
|
|
68
68
|
|
|
69
|
-
#ifdef
|
|
69
|
+
#ifdef __cplusplus
|
|
70
70
|
extern "C" {
|
|
71
71
|
#endif
|
|
72
72
|
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
73
|
+
// Legacy X.509 library.
|
|
74
|
+
//
|
|
75
|
+
// This header is part of OpenSSL's X.509 implementation. It is retained for
|
|
76
|
+
// compatibility but otherwise underdocumented and not actively maintained. In
|
|
77
|
+
// the future, a replacement library will be available. Meanwhile, minimize
|
|
78
|
+
// dependencies on this header where possible.
|
|
79
79
|
|
|
80
80
|
|
|
81
|
-
/*******************************/
|
|
82
81
|
/*
|
|
83
|
-
SSL_CTX -> X509_STORE
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
82
|
+
SSL_CTX -> X509_STORE
|
|
83
|
+
-> X509_LOOKUP
|
|
84
|
+
->X509_LOOKUP_METHOD
|
|
85
|
+
-> X509_LOOKUP
|
|
86
|
+
->X509_LOOKUP_METHOD
|
|
87
|
+
|
|
89
88
|
SSL -> X509_STORE_CTX
|
|
90
|
-
|
|
89
|
+
->X509_STORE
|
|
91
90
|
|
|
92
91
|
The X509_STORE holds the tables etc for verification stuff.
|
|
93
92
|
A X509_STORE_CTX is used while validating a single certificate.
|
|
@@ -96,366 +95,346 @@ The X509_STORE then calls a function to actually verify the
|
|
|
96
95
|
certificate chain.
|
|
97
96
|
*/
|
|
98
97
|
|
|
99
|
-
#define X509_LU_X509
|
|
100
|
-
#define X509_LU_CRL
|
|
101
|
-
#define X509_LU_PKEY
|
|
102
|
-
|
|
103
|
-
typedef struct x509_object_st
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
} X509_OBJECT;
|
|
98
|
+
#define X509_LU_X509 1
|
|
99
|
+
#define X509_LU_CRL 2
|
|
100
|
+
#define X509_LU_PKEY 3
|
|
101
|
+
|
|
102
|
+
typedef struct x509_object_st {
|
|
103
|
+
// one of the above types
|
|
104
|
+
int type;
|
|
105
|
+
union {
|
|
106
|
+
char *ptr;
|
|
107
|
+
X509 *x509;
|
|
108
|
+
X509_CRL *crl;
|
|
109
|
+
EVP_PKEY *pkey;
|
|
110
|
+
} data;
|
|
111
|
+
} X509_OBJECT;
|
|
114
112
|
|
|
115
113
|
DEFINE_STACK_OF(X509_LOOKUP)
|
|
116
114
|
DEFINE_STACK_OF(X509_OBJECT)
|
|
117
115
|
|
|
118
|
-
|
|
119
|
-
typedef struct x509_lookup_method_st
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
X509_OBJECT *ret);
|
|
137
|
-
} X509_LOOKUP_METHOD;
|
|
138
|
-
|
|
139
|
-
typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID;
|
|
140
|
-
|
|
141
|
-
/* This structure hold all parameters associated with a verify operation
|
|
142
|
-
* by including an X509_VERIFY_PARAM structure in related structures the
|
|
143
|
-
* parameters used can be customized
|
|
144
|
-
*/
|
|
145
|
-
|
|
146
|
-
struct X509_VERIFY_PARAM_st
|
|
147
|
-
{
|
|
148
|
-
char *name;
|
|
149
|
-
time_t check_time; /* Time to use */
|
|
150
|
-
unsigned long inh_flags; /* Inheritance flags */
|
|
151
|
-
unsigned long flags; /* Various verify flags */
|
|
152
|
-
int purpose; /* purpose to check untrusted certificates */
|
|
153
|
-
int trust; /* trust setting to check */
|
|
154
|
-
int depth; /* Verify depth */
|
|
155
|
-
STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
|
|
156
|
-
X509_VERIFY_PARAM_ID *id; /* opaque ID data */
|
|
157
|
-
};
|
|
116
|
+
// This is a static that defines the function interface
|
|
117
|
+
typedef struct x509_lookup_method_st {
|
|
118
|
+
const char *name;
|
|
119
|
+
int (*new_item)(X509_LOOKUP *ctx);
|
|
120
|
+
void (*free)(X509_LOOKUP *ctx);
|
|
121
|
+
int (*init)(X509_LOOKUP *ctx);
|
|
122
|
+
int (*shutdown)(X509_LOOKUP *ctx);
|
|
123
|
+
int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
|
|
124
|
+
char **ret);
|
|
125
|
+
int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name,
|
|
126
|
+
X509_OBJECT *ret);
|
|
127
|
+
int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name,
|
|
128
|
+
ASN1_INTEGER *serial, X509_OBJECT *ret);
|
|
129
|
+
int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type, unsigned char *bytes,
|
|
130
|
+
int len, X509_OBJECT *ret);
|
|
131
|
+
int (*get_by_alias)(X509_LOOKUP *ctx, int type, char *str, int len,
|
|
132
|
+
X509_OBJECT *ret);
|
|
133
|
+
} X509_LOOKUP_METHOD;
|
|
158
134
|
|
|
159
135
|
DEFINE_STACK_OF(X509_VERIFY_PARAM)
|
|
160
136
|
|
|
161
137
|
typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
|
|
162
138
|
typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
|
|
163
|
-
typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
|
|
164
|
-
|
|
165
|
-
typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
|
|
166
|
-
X509 *
|
|
139
|
+
typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx,
|
|
140
|
+
X509 *x);
|
|
141
|
+
typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, X509 *x,
|
|
142
|
+
X509 *issuer);
|
|
167
143
|
typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
|
|
168
|
-
typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
|
|
169
|
-
|
|
144
|
+
typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, X509_CRL **crl,
|
|
145
|
+
X509 *x);
|
|
170
146
|
typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
|
|
171
|
-
typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
|
|
172
|
-
|
|
147
|
+
typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl,
|
|
148
|
+
X509 *x);
|
|
173
149
|
typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
|
|
174
150
|
typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
|
|
175
151
|
X509_NAME *nm);
|
|
176
|
-
typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(
|
|
177
|
-
|
|
152
|
+
typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(
|
|
153
|
+
X509_STORE_CTX *ctx, X509_NAME *nm);
|
|
178
154
|
typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
|
|
179
155
|
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
struct x509_store_st
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
156
|
+
// This is used to hold everything. It is used for all certificate
|
|
157
|
+
// validation. Once we have a certificate chain, the 'verify'
|
|
158
|
+
// function is then called to actually check the cert chain.
|
|
159
|
+
struct x509_store_st {
|
|
160
|
+
// The following is a cache of trusted certs
|
|
161
|
+
int cache; // if true, stash any hits
|
|
162
|
+
STACK_OF(X509_OBJECT) *objs; // Cache of all objects
|
|
163
|
+
CRYPTO_MUTEX objs_lock;
|
|
164
|
+
STACK_OF(X509) *additional_untrusted;
|
|
165
|
+
|
|
166
|
+
// These are external lookup methods
|
|
167
|
+
STACK_OF(X509_LOOKUP) *get_cert_methods;
|
|
168
|
+
|
|
169
|
+
X509_VERIFY_PARAM *param;
|
|
170
|
+
|
|
171
|
+
// Callbacks for various operations
|
|
172
|
+
X509_STORE_CTX_verify_fn verify; // called to verify a certificate
|
|
173
|
+
X509_STORE_CTX_verify_cb verify_cb; // error callback
|
|
174
|
+
X509_STORE_CTX_get_issuer_fn get_issuer; // get issuers cert from ctx
|
|
175
|
+
X509_STORE_CTX_check_issued_fn check_issued; // check issued
|
|
176
|
+
X509_STORE_CTX_check_revocation_fn
|
|
177
|
+
check_revocation; // Check revocation status of chain
|
|
178
|
+
X509_STORE_CTX_get_crl_fn get_crl; // retrieve CRL
|
|
179
|
+
X509_STORE_CTX_check_crl_fn check_crl; // Check CRL validity
|
|
180
|
+
X509_STORE_CTX_cert_crl_fn cert_crl; // Check certificate against CRL
|
|
181
|
+
X509_STORE_CTX_lookup_certs_fn lookup_certs;
|
|
182
|
+
X509_STORE_CTX_lookup_crls_fn lookup_crls;
|
|
183
|
+
X509_STORE_CTX_cleanup_fn cleanup;
|
|
184
|
+
|
|
185
|
+
CRYPTO_refcount_t references;
|
|
186
|
+
} /* X509_STORE */;
|
|
211
187
|
|
|
212
188
|
OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth);
|
|
213
189
|
|
|
214
|
-
|
|
215
|
-
struct x509_lookup_st
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
190
|
+
// This is the functions plus an instance of the local variables.
|
|
191
|
+
struct x509_lookup_st {
|
|
192
|
+
int init; // have we been started
|
|
193
|
+
int skip; // don't use us.
|
|
194
|
+
X509_LOOKUP_METHOD *method; // the functions
|
|
195
|
+
char *method_data; // method data
|
|
196
|
+
|
|
197
|
+
X509_STORE *store_ctx; // who owns us
|
|
198
|
+
} /* X509_LOOKUP */;
|
|
199
|
+
|
|
200
|
+
// This is a used when verifying cert chains. Since the
|
|
201
|
+
// gathering of the cert chain can take some time (and have to be
|
|
202
|
+
// 'retried', this needs to be kept and passed around.
|
|
203
|
+
struct x509_store_ctx_st // X509_STORE_CTX
|
|
204
|
+
{
|
|
205
|
+
X509_STORE *ctx;
|
|
206
|
+
|
|
207
|
+
// The following are set by the caller
|
|
208
|
+
X509 *cert; // The cert to check
|
|
209
|
+
STACK_OF(X509) *untrusted; // chain of X509s - untrusted - passed in
|
|
210
|
+
STACK_OF(X509_CRL) *crls; // set of CRLs passed in
|
|
211
|
+
|
|
212
|
+
X509_VERIFY_PARAM *param;
|
|
213
|
+
void *other_ctx; // Other info for use with get_issuer()
|
|
214
|
+
|
|
215
|
+
// Callbacks for various operations
|
|
216
|
+
X509_STORE_CTX_verify_fn verify; // called to verify a certificate
|
|
217
|
+
X509_STORE_CTX_verify_cb verify_cb; // error callback
|
|
218
|
+
X509_STORE_CTX_get_issuer_fn get_issuer; // get issuers cert from ctx
|
|
219
|
+
X509_STORE_CTX_check_issued_fn check_issued; // check issued
|
|
220
|
+
X509_STORE_CTX_check_revocation_fn
|
|
221
|
+
check_revocation; // Check revocation status of chain
|
|
222
|
+
X509_STORE_CTX_get_crl_fn get_crl; // retrieve CRL
|
|
223
|
+
X509_STORE_CTX_check_crl_fn check_crl; // Check CRL validity
|
|
224
|
+
X509_STORE_CTX_cert_crl_fn cert_crl; // Check certificate against CRL
|
|
225
|
+
X509_STORE_CTX_check_policy_fn check_policy;
|
|
226
|
+
X509_STORE_CTX_lookup_certs_fn lookup_certs;
|
|
227
|
+
X509_STORE_CTX_lookup_crls_fn lookup_crls;
|
|
228
|
+
X509_STORE_CTX_cleanup_fn cleanup;
|
|
229
|
+
|
|
230
|
+
// The following is built up
|
|
231
|
+
int valid; // if 0, rebuild chain
|
|
232
|
+
int last_untrusted; // index of last untrusted cert
|
|
233
|
+
STACK_OF(X509) *chain; // chain of X509s - built up and trusted
|
|
234
|
+
X509_POLICY_TREE *tree; // Valid policy tree
|
|
235
|
+
|
|
236
|
+
int explicit_policy; // Require explicit policy value
|
|
237
|
+
|
|
238
|
+
// When something goes wrong, this is why
|
|
239
|
+
int error_depth;
|
|
240
|
+
int error;
|
|
241
|
+
X509 *current_cert;
|
|
242
|
+
X509 *current_issuer; // cert currently being tested as valid issuer
|
|
243
|
+
X509_CRL *current_crl; // current CRL
|
|
244
|
+
|
|
245
|
+
int current_crl_score; // score of current CRL
|
|
246
|
+
unsigned int current_reasons; // Reason mask
|
|
247
|
+
|
|
248
|
+
X509_STORE_CTX *parent; // For CRL path validation: parent context
|
|
249
|
+
|
|
250
|
+
CRYPTO_EX_DATA ex_data;
|
|
251
|
+
} /* X509_STORE_CTX */;
|
|
276
252
|
|
|
277
253
|
OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
|
|
278
254
|
|
|
279
|
-
#define X509_STORE_CTX_set_app_data(ctx,data) \
|
|
280
|
-
|
|
281
|
-
#define X509_STORE_CTX_get_app_data(ctx)
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
#define
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
#define
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
#define
|
|
297
|
-
#define
|
|
298
|
-
#define
|
|
299
|
-
#define
|
|
300
|
-
#define
|
|
301
|
-
#define
|
|
302
|
-
#define
|
|
303
|
-
#define
|
|
304
|
-
#define
|
|
305
|
-
#define
|
|
306
|
-
#define
|
|
307
|
-
#define
|
|
308
|
-
#define
|
|
309
|
-
#define
|
|
310
|
-
#define
|
|
311
|
-
#define
|
|
312
|
-
#define
|
|
313
|
-
#define
|
|
314
|
-
#define
|
|
315
|
-
#define
|
|
316
|
-
#define
|
|
317
|
-
#define
|
|
318
|
-
#define
|
|
319
|
-
#define
|
|
320
|
-
#define
|
|
321
|
-
#define
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
#define
|
|
325
|
-
#define
|
|
326
|
-
#define
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
#define
|
|
330
|
-
#define
|
|
331
|
-
#define
|
|
332
|
-
#define
|
|
333
|
-
#define
|
|
334
|
-
#define
|
|
335
|
-
#define
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
#define
|
|
339
|
-
#define
|
|
340
|
-
#define
|
|
341
|
-
#define
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
#define
|
|
347
|
-
#define
|
|
348
|
-
#define
|
|
349
|
-
#define
|
|
350
|
-
#define
|
|
351
|
-
#define
|
|
352
|
-
#define
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
#define
|
|
357
|
-
#define
|
|
358
|
-
#define
|
|
359
|
-
#define
|
|
360
|
-
#define
|
|
361
|
-
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
#define
|
|
365
|
-
#define
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
#define
|
|
425
|
-
#define
|
|
426
|
-
#define
|
|
427
|
-
#define
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
OPENSSL_EXPORT
|
|
437
|
-
|
|
438
|
-
OPENSSL_EXPORT X509_OBJECT *
|
|
439
|
-
|
|
255
|
+
#define X509_STORE_CTX_set_app_data(ctx, data) \
|
|
256
|
+
X509_STORE_CTX_set_ex_data(ctx, 0, data)
|
|
257
|
+
#define X509_STORE_CTX_get_app_data(ctx) X509_STORE_CTX_get_ex_data(ctx, 0)
|
|
258
|
+
|
|
259
|
+
#define X509_L_FILE_LOAD 1
|
|
260
|
+
#define X509_L_ADD_DIR 2
|
|
261
|
+
|
|
262
|
+
#define X509_LOOKUP_load_file(x, name, type) \
|
|
263
|
+
X509_LOOKUP_ctrl((x), X509_L_FILE_LOAD, (name), (long)(type), NULL)
|
|
264
|
+
|
|
265
|
+
#define X509_LOOKUP_add_dir(x, name, type) \
|
|
266
|
+
X509_LOOKUP_ctrl((x), X509_L_ADD_DIR, (name), (long)(type), NULL)
|
|
267
|
+
|
|
268
|
+
#define X509_V_OK 0
|
|
269
|
+
#define X509_V_ERR_UNSPECIFIED 1
|
|
270
|
+
|
|
271
|
+
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
|
|
272
|
+
#define X509_V_ERR_UNABLE_TO_GET_CRL 3
|
|
273
|
+
#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
|
|
274
|
+
#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
|
|
275
|
+
#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
|
|
276
|
+
#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
|
|
277
|
+
#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
|
|
278
|
+
#define X509_V_ERR_CERT_NOT_YET_VALID 9
|
|
279
|
+
#define X509_V_ERR_CERT_HAS_EXPIRED 10
|
|
280
|
+
#define X509_V_ERR_CRL_NOT_YET_VALID 11
|
|
281
|
+
#define X509_V_ERR_CRL_HAS_EXPIRED 12
|
|
282
|
+
#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
|
|
283
|
+
#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
|
|
284
|
+
#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
|
|
285
|
+
#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
|
|
286
|
+
#define X509_V_ERR_OUT_OF_MEM 17
|
|
287
|
+
#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
|
|
288
|
+
#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
|
|
289
|
+
#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
|
|
290
|
+
#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
|
|
291
|
+
#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
|
|
292
|
+
#define X509_V_ERR_CERT_REVOKED 23
|
|
293
|
+
#define X509_V_ERR_INVALID_CA 24
|
|
294
|
+
#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
|
|
295
|
+
#define X509_V_ERR_INVALID_PURPOSE 26
|
|
296
|
+
#define X509_V_ERR_CERT_UNTRUSTED 27
|
|
297
|
+
#define X509_V_ERR_CERT_REJECTED 28
|
|
298
|
+
// These are 'informational' when looking for issuer cert
|
|
299
|
+
#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
|
|
300
|
+
#define X509_V_ERR_AKID_SKID_MISMATCH 30
|
|
301
|
+
#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
|
|
302
|
+
#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
|
|
303
|
+
|
|
304
|
+
#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
|
|
305
|
+
#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
|
|
306
|
+
#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
|
|
307
|
+
#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
|
|
308
|
+
#define X509_V_ERR_INVALID_NON_CA 37
|
|
309
|
+
#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
|
|
310
|
+
#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
|
|
311
|
+
#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
|
|
312
|
+
|
|
313
|
+
#define X509_V_ERR_INVALID_EXTENSION 41
|
|
314
|
+
#define X509_V_ERR_INVALID_POLICY_EXTENSION 42
|
|
315
|
+
#define X509_V_ERR_NO_EXPLICIT_POLICY 43
|
|
316
|
+
#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
|
|
317
|
+
#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
|
|
318
|
+
|
|
319
|
+
#define X509_V_ERR_UNNESTED_RESOURCE 46
|
|
320
|
+
|
|
321
|
+
#define X509_V_ERR_PERMITTED_VIOLATION 47
|
|
322
|
+
#define X509_V_ERR_EXCLUDED_VIOLATION 48
|
|
323
|
+
#define X509_V_ERR_SUBTREE_MINMAX 49
|
|
324
|
+
#define X509_V_ERR_APPLICATION_VERIFICATION 50
|
|
325
|
+
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
|
|
326
|
+
#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
|
|
327
|
+
#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
|
|
328
|
+
#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
|
|
329
|
+
|
|
330
|
+
// Suite B mode algorithm violation
|
|
331
|
+
#define X509_V_ERR_SUITE_B_INVALID_VERSION 56
|
|
332
|
+
#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
|
|
333
|
+
#define X509_V_ERR_SUITE_B_INVALID_CURVE 58
|
|
334
|
+
#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
|
|
335
|
+
#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
|
|
336
|
+
#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
|
|
337
|
+
|
|
338
|
+
// Host, email and IP check errors
|
|
339
|
+
#define X509_V_ERR_HOSTNAME_MISMATCH 62
|
|
340
|
+
#define X509_V_ERR_EMAIL_MISMATCH 63
|
|
341
|
+
#define X509_V_ERR_IP_ADDRESS_MISMATCH 64
|
|
342
|
+
|
|
343
|
+
// Caller error
|
|
344
|
+
#define X509_V_ERR_INVALID_CALL 65
|
|
345
|
+
// Issuer lookup error
|
|
346
|
+
#define X509_V_ERR_STORE_LOOKUP 66
|
|
347
|
+
|
|
348
|
+
#define X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS 67
|
|
349
|
+
|
|
350
|
+
// Certificate verify flags
|
|
351
|
+
|
|
352
|
+
// Send issuer+subject checks to verify_cb
|
|
353
|
+
#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
|
|
354
|
+
// Use check time instead of current time
|
|
355
|
+
#define X509_V_FLAG_USE_CHECK_TIME 0x2
|
|
356
|
+
// Lookup CRLs
|
|
357
|
+
#define X509_V_FLAG_CRL_CHECK 0x4
|
|
358
|
+
// Lookup CRLs for whole chain
|
|
359
|
+
#define X509_V_FLAG_CRL_CHECK_ALL 0x8
|
|
360
|
+
// Ignore unhandled critical extensions
|
|
361
|
+
#define X509_V_FLAG_IGNORE_CRITICAL 0x10
|
|
362
|
+
// Does nothing as its functionality has been enabled by default.
|
|
363
|
+
#define X509_V_FLAG_X509_STRICT 0x00
|
|
364
|
+
// Enable proxy certificate validation
|
|
365
|
+
#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
|
|
366
|
+
// Enable policy checking
|
|
367
|
+
#define X509_V_FLAG_POLICY_CHECK 0x80
|
|
368
|
+
// Policy variable require-explicit-policy
|
|
369
|
+
#define X509_V_FLAG_EXPLICIT_POLICY 0x100
|
|
370
|
+
// Policy variable inhibit-any-policy
|
|
371
|
+
#define X509_V_FLAG_INHIBIT_ANY 0x200
|
|
372
|
+
// Policy variable inhibit-policy-mapping
|
|
373
|
+
#define X509_V_FLAG_INHIBIT_MAP 0x400
|
|
374
|
+
// Notify callback that policy is OK
|
|
375
|
+
#define X509_V_FLAG_NOTIFY_POLICY 0x800
|
|
376
|
+
// Extended CRL features such as indirect CRLs, alternate CRL signing keys
|
|
377
|
+
#define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000
|
|
378
|
+
// Delta CRL support
|
|
379
|
+
#define X509_V_FLAG_USE_DELTAS 0x2000
|
|
380
|
+
// Check selfsigned CA signature
|
|
381
|
+
#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
|
|
382
|
+
// Use trusted store first
|
|
383
|
+
#define X509_V_FLAG_TRUSTED_FIRST 0x8000
|
|
384
|
+
// Suite B 128 bit only mode: not normally used
|
|
385
|
+
#define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000
|
|
386
|
+
// Suite B 192 bit only mode
|
|
387
|
+
#define X509_V_FLAG_SUITEB_192_LOS 0x20000
|
|
388
|
+
// Suite B 128 bit mode allowing 192 bit algorithms
|
|
389
|
+
#define X509_V_FLAG_SUITEB_128_LOS 0x30000
|
|
390
|
+
|
|
391
|
+
// Allow partial chains if at least one certificate is in trusted store
|
|
392
|
+
#define X509_V_FLAG_PARTIAL_CHAIN 0x80000
|
|
393
|
+
|
|
394
|
+
// If the initial chain is not trusted, do not attempt to build an alternative
|
|
395
|
+
// chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag
|
|
396
|
+
// will force the behaviour to match that of previous versions.
|
|
397
|
+
#define X509_V_FLAG_NO_ALT_CHAINS 0x100000
|
|
398
|
+
|
|
399
|
+
#define X509_VP_FLAG_DEFAULT 0x1
|
|
400
|
+
#define X509_VP_FLAG_OVERWRITE 0x2
|
|
401
|
+
#define X509_VP_FLAG_RESET_FLAGS 0x4
|
|
402
|
+
#define X509_VP_FLAG_LOCKED 0x8
|
|
403
|
+
#define X509_VP_FLAG_ONCE 0x10
|
|
404
|
+
|
|
405
|
+
// Internal use: mask of policy related options
|
|
406
|
+
#define X509_V_FLAG_POLICY_MASK \
|
|
407
|
+
(X509_V_FLAG_POLICY_CHECK | X509_V_FLAG_EXPLICIT_POLICY | \
|
|
408
|
+
X509_V_FLAG_INHIBIT_ANY | X509_V_FLAG_INHIBIT_MAP)
|
|
409
|
+
|
|
410
|
+
OPENSSL_EXPORT int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h,
|
|
411
|
+
int type, X509_NAME *name);
|
|
412
|
+
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(
|
|
413
|
+
STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name);
|
|
414
|
+
OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
|
|
415
|
+
X509_OBJECT *x);
|
|
440
416
|
OPENSSL_EXPORT int X509_OBJECT_up_ref_count(X509_OBJECT *a);
|
|
441
417
|
OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a);
|
|
442
418
|
OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *a);
|
|
443
419
|
OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
|
|
444
|
-
OPENSSL_EXPORT X509_STORE *X509_STORE_new(void
|
|
420
|
+
OPENSSL_EXPORT X509_STORE *X509_STORE_new(void);
|
|
445
421
|
OPENSSL_EXPORT int X509_STORE_up_ref(X509_STORE *store);
|
|
446
422
|
OPENSSL_EXPORT void X509_STORE_free(X509_STORE *v);
|
|
447
423
|
|
|
448
424
|
OPENSSL_EXPORT STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st);
|
|
449
|
-
OPENSSL_EXPORT STACK_OF(X509)*
|
|
450
|
-
|
|
425
|
+
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st,
|
|
426
|
+
X509_NAME *nm);
|
|
427
|
+
OPENSSL_EXPORT STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st,
|
|
428
|
+
X509_NAME *nm);
|
|
451
429
|
OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
|
|
452
430
|
OPENSSL_EXPORT int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
|
|
453
431
|
OPENSSL_EXPORT int X509_STORE_set_trust(X509_STORE *ctx, int trust);
|
|
454
|
-
OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *ctx,
|
|
432
|
+
OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *ctx,
|
|
433
|
+
X509_VERIFY_PARAM *pm);
|
|
455
434
|
OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
435
|
+
// X509_STORE_set0_additional_untrusted sets a stack of additional, untrusted
|
|
436
|
+
// certificates that are available for chain building. This function does not
|
|
437
|
+
// take ownership of the stack.
|
|
459
438
|
OPENSSL_EXPORT void X509_STORE_set0_additional_untrusted(
|
|
460
439
|
X509_STORE *ctx, STACK_OF(X509) *untrusted);
|
|
461
440
|
|
|
@@ -514,19 +493,22 @@ X509_STORE_get_cleanup(X509_STORE *ctx);
|
|
|
514
493
|
|
|
515
494
|
OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
|
|
516
495
|
|
|
517
|
-
OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer,
|
|
496
|
+
OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer,
|
|
497
|
+
X509_STORE_CTX *ctx, X509 *x);
|
|
518
498
|
|
|
519
499
|
OPENSSL_EXPORT void X509_STORE_CTX_zero(X509_STORE_CTX *ctx);
|
|
520
500
|
OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
|
|
521
501
|
OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
|
|
522
|
-
|
|
523
|
-
OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx,
|
|
502
|
+
X509 *x509, STACK_OF(X509) *chain);
|
|
503
|
+
OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx,
|
|
504
|
+
STACK_OF(X509) *sk);
|
|
524
505
|
OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
|
|
525
506
|
|
|
526
507
|
OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
|
|
527
508
|
OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
|
|
528
509
|
|
|
529
|
-
OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v,
|
|
510
|
+
OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v,
|
|
511
|
+
X509_LOOKUP_METHOD *m);
|
|
530
512
|
|
|
531
513
|
OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
|
|
532
514
|
OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
|
|
@@ -534,148 +516,182 @@ OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
|
|
|
534
516
|
OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
|
|
535
517
|
OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
|
|
536
518
|
|
|
537
|
-
OPENSSL_EXPORT int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,
|
|
538
|
-
|
|
519
|
+
OPENSSL_EXPORT int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type,
|
|
520
|
+
X509_NAME *name, X509_OBJECT *ret);
|
|
539
521
|
|
|
540
522
|
OPENSSL_EXPORT int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
|
|
541
|
-
|
|
523
|
+
long argl, char **ret);
|
|
542
524
|
|
|
543
525
|
#ifndef OPENSSL_NO_STDIO
|
|
544
|
-
OPENSSL_EXPORT int X509_load_cert_file(X509_LOOKUP *ctx, const char *file,
|
|
545
|
-
|
|
546
|
-
OPENSSL_EXPORT int
|
|
526
|
+
OPENSSL_EXPORT int X509_load_cert_file(X509_LOOKUP *ctx, const char *file,
|
|
527
|
+
int type);
|
|
528
|
+
OPENSSL_EXPORT int X509_load_crl_file(X509_LOOKUP *ctx, const char *file,
|
|
529
|
+
int type);
|
|
530
|
+
OPENSSL_EXPORT int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file,
|
|
531
|
+
int type);
|
|
547
532
|
#endif
|
|
548
533
|
|
|
549
534
|
|
|
550
535
|
OPENSSL_EXPORT X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
|
|
551
536
|
OPENSSL_EXPORT void X509_LOOKUP_free(X509_LOOKUP *ctx);
|
|
552
537
|
OPENSSL_EXPORT int X509_LOOKUP_init(X509_LOOKUP *ctx);
|
|
553
|
-
OPENSSL_EXPORT int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type,
|
|
554
|
-
|
|
555
|
-
OPENSSL_EXPORT int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type,
|
|
556
|
-
|
|
538
|
+
OPENSSL_EXPORT int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type,
|
|
539
|
+
X509_NAME *name, X509_OBJECT *ret);
|
|
540
|
+
OPENSSL_EXPORT int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type,
|
|
541
|
+
X509_NAME *name,
|
|
542
|
+
ASN1_INTEGER *serial,
|
|
543
|
+
X509_OBJECT *ret);
|
|
557
544
|
OPENSSL_EXPORT int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
|
|
558
|
-
|
|
545
|
+
unsigned char *bytes, int len,
|
|
546
|
+
X509_OBJECT *ret);
|
|
559
547
|
OPENSSL_EXPORT int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
|
|
560
|
-
|
|
548
|
+
int len, X509_OBJECT *ret);
|
|
561
549
|
OPENSSL_EXPORT int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
|
|
562
550
|
|
|
563
551
|
#ifndef OPENSSL_NO_STDIO
|
|
564
|
-
OPENSSL_EXPORT int
|
|
565
|
-
|
|
566
|
-
OPENSSL_EXPORT int
|
|
552
|
+
OPENSSL_EXPORT int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
|
|
553
|
+
const char *dir);
|
|
554
|
+
OPENSSL_EXPORT int X509_STORE_set_default_paths(X509_STORE *ctx);
|
|
567
555
|
#endif
|
|
568
556
|
|
|
569
|
-
OPENSSL_EXPORT int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
OPENSSL_EXPORT int
|
|
574
|
-
|
|
575
|
-
OPENSSL_EXPORT
|
|
576
|
-
OPENSSL_EXPORT
|
|
557
|
+
OPENSSL_EXPORT int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
|
|
558
|
+
CRYPTO_EX_unused *unused,
|
|
559
|
+
CRYPTO_EX_dup *dup_unused,
|
|
560
|
+
CRYPTO_EX_free *free_func);
|
|
561
|
+
OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx,
|
|
562
|
+
void *data);
|
|
563
|
+
OPENSSL_EXPORT void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
|
|
564
|
+
OPENSSL_EXPORT int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
|
|
565
|
+
OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
|
|
566
|
+
OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
|
|
567
|
+
OPENSSL_EXPORT X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
|
|
577
568
|
OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
|
|
578
569
|
OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
|
|
579
|
-
OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(
|
|
570
|
+
OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(
|
|
571
|
+
X509_STORE_CTX *ctx);
|
|
580
572
|
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
|
|
581
573
|
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
|
|
582
574
|
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
|
|
583
|
-
OPENSSL_EXPORT void
|
|
584
|
-
OPENSSL_EXPORT void
|
|
585
|
-
|
|
586
|
-
|
|
587
|
-
|
|
575
|
+
OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
|
|
576
|
+
OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,
|
|
577
|
+
STACK_OF(X509) *sk);
|
|
578
|
+
OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(
|
|
579
|
+
X509_STORE_CTX *ctx);
|
|
580
|
+
OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,
|
|
581
|
+
STACK_OF(X509_CRL) *sk);
|
|
588
582
|
OPENSSL_EXPORT int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
|
|
589
583
|
OPENSSL_EXPORT int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
|
|
590
|
-
OPENSSL_EXPORT int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx,
|
|
591
|
-
|
|
592
|
-
|
|
593
|
-
OPENSSL_EXPORT void
|
|
594
|
-
|
|
595
|
-
OPENSSL_EXPORT void
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
584
|
+
OPENSSL_EXPORT int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx,
|
|
585
|
+
int def_purpose, int purpose,
|
|
586
|
+
int trust);
|
|
587
|
+
OPENSSL_EXPORT void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx,
|
|
588
|
+
unsigned long flags);
|
|
589
|
+
OPENSSL_EXPORT void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx,
|
|
590
|
+
unsigned long flags, time_t t);
|
|
591
|
+
OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb(
|
|
592
|
+
X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *));
|
|
593
|
+
|
|
594
|
+
OPENSSL_EXPORT X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(
|
|
595
|
+
X509_STORE_CTX *ctx);
|
|
599
596
|
OPENSSL_EXPORT int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
|
|
600
597
|
|
|
601
|
-
OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(
|
|
602
|
-
|
|
603
|
-
OPENSSL_EXPORT
|
|
598
|
+
OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(
|
|
599
|
+
X509_STORE_CTX *ctx);
|
|
600
|
+
OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx,
|
|
601
|
+
X509_VERIFY_PARAM *param);
|
|
602
|
+
OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx,
|
|
603
|
+
const char *name);
|
|
604
604
|
|
|
605
|
-
|
|
605
|
+
// X509_VERIFY_PARAM functions
|
|
606
606
|
|
|
607
607
|
OPENSSL_EXPORT X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
|
|
608
608
|
OPENSSL_EXPORT void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
|
|
609
609
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
|
|
610
|
-
|
|
611
|
-
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
|
|
612
|
-
|
|
613
|
-
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param,
|
|
614
|
-
|
|
610
|
+
const X509_VERIFY_PARAM *from);
|
|
611
|
+
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
|
|
612
|
+
const X509_VERIFY_PARAM *from);
|
|
613
|
+
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param,
|
|
614
|
+
const char *name);
|
|
615
|
+
OPENSSL_EXPORT int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
|
|
616
|
+
unsigned long flags);
|
|
615
617
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
|
|
616
|
-
|
|
617
|
-
OPENSSL_EXPORT unsigned long X509_VERIFY_PARAM_get_flags(
|
|
618
|
-
|
|
619
|
-
OPENSSL_EXPORT int
|
|
620
|
-
|
|
621
|
-
OPENSSL_EXPORT
|
|
618
|
+
unsigned long flags);
|
|
619
|
+
OPENSSL_EXPORT unsigned long X509_VERIFY_PARAM_get_flags(
|
|
620
|
+
X509_VERIFY_PARAM *param);
|
|
621
|
+
OPENSSL_EXPORT int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param,
|
|
622
|
+
int purpose);
|
|
623
|
+
OPENSSL_EXPORT int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param,
|
|
624
|
+
int trust);
|
|
625
|
+
OPENSSL_EXPORT void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param,
|
|
626
|
+
int depth);
|
|
627
|
+
OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param,
|
|
628
|
+
time_t t);
|
|
622
629
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
|
|
623
|
-
|
|
624
|
-
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(
|
|
625
|
-
|
|
630
|
+
ASN1_OBJECT *policy);
|
|
631
|
+
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(
|
|
632
|
+
X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies);
|
|
626
633
|
|
|
627
634
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
|
|
628
|
-
|
|
635
|
+
const char *name,
|
|
636
|
+
size_t namelen);
|
|
629
637
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
|
|
630
|
-
|
|
631
|
-
|
|
638
|
+
const char *name,
|
|
639
|
+
size_t namelen);
|
|
632
640
|
OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
|
|
633
|
-
|
|
641
|
+
unsigned int flags);
|
|
634
642
|
OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
|
|
635
643
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
|
|
636
|
-
|
|
644
|
+
const char *email,
|
|
645
|
+
size_t emaillen);
|
|
637
646
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
|
|
638
|
-
|
|
639
|
-
|
|
647
|
+
const unsigned char *ip,
|
|
648
|
+
size_t iplen);
|
|
649
|
+
OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
|
|
650
|
+
const char *ipasc);
|
|
640
651
|
|
|
641
652
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
|
|
642
|
-
OPENSSL_EXPORT const char *X509_VERIFY_PARAM_get0_name(
|
|
653
|
+
OPENSSL_EXPORT const char *X509_VERIFY_PARAM_get0_name(
|
|
654
|
+
const X509_VERIFY_PARAM *param);
|
|
643
655
|
|
|
644
656
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
|
|
645
657
|
OPENSSL_EXPORT int X509_VERIFY_PARAM_get_count(void);
|
|
646
658
|
OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
|
|
647
|
-
OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(
|
|
659
|
+
OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(
|
|
660
|
+
const char *name);
|
|
648
661
|
OPENSSL_EXPORT void X509_VERIFY_PARAM_table_cleanup(void);
|
|
649
662
|
|
|
650
|
-
OPENSSL_EXPORT int X509_policy_check(X509_POLICY_TREE **ptree,
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
663
|
+
OPENSSL_EXPORT int X509_policy_check(X509_POLICY_TREE **ptree,
|
|
664
|
+
int *pexplicit_policy,
|
|
665
|
+
STACK_OF(X509) *certs,
|
|
666
|
+
STACK_OF(ASN1_OBJECT) *policy_oids,
|
|
667
|
+
unsigned int flags);
|
|
654
668
|
|
|
655
669
|
OPENSSL_EXPORT void X509_policy_tree_free(X509_POLICY_TREE *tree);
|
|
656
670
|
|
|
657
671
|
OPENSSL_EXPORT int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
|
|
658
|
-
OPENSSL_EXPORT X509_POLICY_LEVEL *
|
|
659
|
-
|
|
672
|
+
OPENSSL_EXPORT X509_POLICY_LEVEL *X509_policy_tree_get0_level(
|
|
673
|
+
const X509_POLICY_TREE *tree, int i);
|
|
660
674
|
|
|
661
|
-
OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *
|
|
662
|
-
|
|
675
|
+
OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(
|
|
676
|
+
const X509_POLICY_TREE *tree);
|
|
663
677
|
|
|
664
|
-
OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *
|
|
665
|
-
|
|
678
|
+
OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(
|
|
679
|
+
const X509_POLICY_TREE *tree);
|
|
666
680
|
|
|
667
681
|
OPENSSL_EXPORT int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
|
|
668
682
|
|
|
669
|
-
OPENSSL_EXPORT X509_POLICY_NODE *X509_policy_level_get0_node(
|
|
683
|
+
OPENSSL_EXPORT X509_POLICY_NODE *X509_policy_level_get0_node(
|
|
684
|
+
X509_POLICY_LEVEL *level, int i);
|
|
670
685
|
|
|
671
|
-
OPENSSL_EXPORT const ASN1_OBJECT *X509_policy_node_get0_policy(
|
|
686
|
+
OPENSSL_EXPORT const ASN1_OBJECT *X509_policy_node_get0_policy(
|
|
687
|
+
const X509_POLICY_NODE *node);
|
|
672
688
|
|
|
673
|
-
OPENSSL_EXPORT STACK_OF(POLICYQUALINFO) *
|
|
674
|
-
|
|
675
|
-
OPENSSL_EXPORT const X509_POLICY_NODE *
|
|
676
|
-
|
|
689
|
+
OPENSSL_EXPORT STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(
|
|
690
|
+
const X509_POLICY_NODE *node);
|
|
691
|
+
OPENSSL_EXPORT const X509_POLICY_NODE *X509_policy_node_get0_parent(
|
|
692
|
+
const X509_POLICY_NODE *node);
|
|
677
693
|
|
|
678
|
-
#ifdef
|
|
694
|
+
#ifdef __cplusplus
|
|
679
695
|
}
|
|
680
696
|
#endif
|
|
681
697
|
#endif
|