diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-04-12 20:30:08 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-04-12 20:30:08 +0000 |
| commit | b0d8ed94fe9e74afb49fdf5f11e4add29879c65c (patch) | |
| tree | b20167235628771046e940a82a906a6d0991ee4a /src/libstrongswan/crypto/ocsp.h | |
| parent | ea939d07c84d2a8e51215458063fc05e9c399290 (diff) | |
| download | vyos-strongswan-b0d8ed94fe9e74afb49fdf5f11e4add29879c65c.tar.gz vyos-strongswan-b0d8ed94fe9e74afb49fdf5f11e4add29879c65c.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.1.1)
Diffstat (limited to 'src/libstrongswan/crypto/ocsp.h')
| -rw-r--r-- | src/libstrongswan/crypto/ocsp.h | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/src/libstrongswan/crypto/ocsp.h b/src/libstrongswan/crypto/ocsp.h new file mode 100644 index 000000000..42059e1c6 --- /dev/null +++ b/src/libstrongswan/crypto/ocsp.h @@ -0,0 +1,86 @@ +/** + * @file ocsp.h + * + * @brief Interface of ocsp_t + * + */ + +/* Support of the Online Certificate Status Protocol (OCSP) Support + * Copyright (C) 2003 Christoph Gysin, Simon Zwahlen + * Copyright (C) 2007 Andreas Steffen + * Hochschule fuer Technik Rapperswil, Switzerland + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + */ + +#ifndef OCSP_H_ +#define OCSP_H_ + +typedef struct ocsp_t ocsp_t; + +#include <credential_store.h> +#include <utils/linked_list.h> + +#include "certinfo.h" + +/* constants */ +#define OCSP_BASIC_RESPONSE_VERSION 1 +#define OCSP_DEFAULT_VALID_TIME 120 /* validity of one-time response in seconds */ +#define OCSP_WARNING_INTERVAL 2 /* days */ + +/* OCSP response status */ +typedef enum { + STATUS_SUCCESSFUL = 0, + STATUS_MALFORMEDREQUEST = 1, + STATUS_INTERNALERROR = 2, + STATUS_TRYLATER = 3, + STATUS_SIGREQUIRED = 5, + STATUS_UNAUTHORIZED= 6 +} response_status; + +/** + * @brief Online Certficate Status Protocol (OCSP) + * + * @ingroup transforms + */ +struct ocsp_t { + + /** + * @brief Fetches the actual certificate status via OCSP + * + * @param uris linked list of ocsp uris + * @param certinfo certificate status info to be updated + * @param credentials credential store needed for trust path verification + */ + void (*fetch) (ocsp_t *this, certinfo_t *certinfo, credential_store_t *credentials); + + /** + * @brief Destroys the ocsp_t object. + * + * @param this ocsp object to destroy + */ + void (*destroy) (ocsp_t *this); + +}; + +/** + * @brief Create an ocsp_t object. + * + * @param cacert ca certificate + * @param uris linked list of ocsp uris + * @return created ocsp_t object + * + * @ingroup transforms + */ +ocsp_t *ocsp_create(x509_t *cacert, linked_list_t *uris); + +#endif /* OCSP_H_ */ |