1 files changed, 33 insertions, 5 deletions

diff --git a/src/libstrongswan/crypto/ca.h b/src/libstrongswan/crypto/ca.h
index c494a4468..ff6271b15 100644
--- a/src/libstrongswan/crypto/ca.h
+++ b/src/libstrongswan/crypto/ca.h
@@ -26,13 +26,15 @@
 typedef struct ca_info_t ca_info_t;
 
 #include <library.h>
-#include <chunk.h>
-
-#include <credential_store.h>
 
 #include "x509.h"
 #include "crl.h"
 
+#define MAX_CA_PATH_LEN		7
+
+/*forward declaration */
+struct credential_store_t;
+
 /**
  * @brief X.509 certification authority information record
  * 
@@ -81,6 +83,22 @@ struct ca_info_t {
 	bool (*is_crl_issuer) (ca_info_t *this, const crl_t *crl);
 
 	/**
+	 * @brief Checks if the ca certificate has the isCA flag set
+	 *
+	 * @param this			ca info object
+	 * @return				TRUE if the isCA flag is set
+	 */
+	bool (*is_ca) (ca_info_t *this);
+
+	/**
+	 * @brief Checks if the ca enforces a strict crl policy
+	 * 
+	 * @param this			ca info object
+	 * @return				TRUE if the crl policy is strict
+	 */
+	bool (*is_strict) (ca_info_t *this);
+
+	/**
 	 * @brief Merges info from a secondary ca info object
 	 * 
 	 * @param this			primary ca info object
@@ -113,6 +131,16 @@ struct ca_info_t {
 	bool (*has_certinfos) (ca_info_t *this);
 
 	/**
+	 * @brief Print the CA info onto the console
+	 * 
+	 * @param this			ca info object
+	 * @param out			output stream
+	 * @param utc			TRUE -  utc
+							FALSE - local time
+	 */
+	void (*list) (ca_info_t *this, FILE *out, bool utc);
+
+	/**
 	 * @brief List the CRL onto the console
 	 * 
 	 * @param this			ca info object
@@ -174,7 +202,7 @@ struct ca_info_t {
 	 * @param credentials	credential store needed for trust path verification
 	 * @return				certificate status
 	 */
-	cert_status_t (*verify_by_ocsp) (ca_info_t* this, certinfo_t* certinfo, credential_store_t* credentials);
+	cert_status_t (*verify_by_ocsp) (ca_info_t* this, certinfo_t* certinfo, struct credential_store_t* credentials);
 
 	/**
 	 * @brief Purge the OCSP certinfos of a ca info record
@@ -199,7 +227,7 @@ struct ca_info_t {
  * 
  * @ingroup crypto
  */
-void ca_info_set_options(bool cache, u_int interval);
+void ca_info_set_options(strict_t strict, bool cache, u_int interval);
 
 /**
  * @brief Create a ca info record