diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-31 16:07:44 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-31 16:11:49 +0200 |
commit | 5423a49bebea5c94474e3406232d9a65b2350b26 (patch) | |
tree | 17e87933a3674ab810feaa7ad1304e4349cad8b1 /lib/includes/gnutls/x509.h | |
parent | 7f9957b5c3610086751453edb46c4766b89758a9 (diff) | |
download | gnutls-tlsfeat-chain.tar.gz |
During PKIX chain verification check the TLSFeatures compliancetlsfeat-chain
This verifies whether a chain complies with RFC7366 p.4.2.2 requirements.
That is whether the issuer's features are a superset of the certificate
under verification.
This enhances gnutls_x509_crt_get_tlsfeatures() to allow appending
of TLSFeatures, and introduces gnutls_x509_tlsfeatures_check_crt().
Diffstat (limited to 'lib/includes/gnutls/x509.h')
-rw-r--r-- | lib/includes/gnutls/x509.h | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 5217942abd..41bb1da5e4 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -299,7 +299,9 @@ unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t n int gnutls_x509_name_constraints_init(gnutls_x509_name_constraints_t *nc); void gnutls_x509_name_constraints_deinit(gnutls_x509_name_constraints_t nc); -#define GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND 1 +#define GNUTLS_EXT_FLAG_APPEND 1 + +#define GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND GNUTLS_EXT_FLAG_APPEND int gnutls_x509_crt_get_name_constraints(gnutls_x509_crt_t crt, gnutls_x509_name_constraints_t nc, unsigned int flags, @@ -466,7 +468,13 @@ int gnutls_x509_crt_set_tlsfeatures(gnutls_x509_crt_t crt, gnutls_x509_tlsfeatures_t features); int gnutls_x509_crt_get_tlsfeatures(gnutls_x509_crt_t cert, - gnutls_x509_tlsfeatures_t * features); + gnutls_x509_tlsfeatures_t features, + unsigned int flags, + unsigned int *critical); + +unsigned gnutls_x509_tlsfeatures_check_crt(gnutls_x509_tlsfeatures_t feat, + gnutls_x509_crt_t crt); + #define GNUTLS_MAX_QUALIFIERS 8 @@ -1343,9 +1351,11 @@ int gnutls_x509_crq_get_extension_by_oid(gnutls_x509_crq_t crq, unsigned int *critical); int gnutls_x509_crq_get_tlsfeatures(gnutls_x509_crq_t crq, - gnutls_x509_tlsfeatures_t * features); + gnutls_x509_tlsfeatures_t features, + unsigned flags, + unsigned int *critical); int gnutls_x509_crq_set_tlsfeatures(gnutls_x509_crq_t crq, - gnutls_x509_tlsfeatures_t features); + gnutls_x509_tlsfeatures_t features); int gnutls_x509_crt_get_extension_by_oid2(gnutls_x509_crt_t cert, |