blob: 32853977075c764c05f29378ace1f145c2868c4f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
/* Support of X.509 certificate revocation lists (CRLs)
* Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* RCSID $Id: crl.h,v 1.4 2005/07/18 19:36:22 as Exp $
*/
#include "constants.h"
/* access structure for a revoked serial number */
typedef struct revokedCert revokedCert_t;
struct revokedCert{
revokedCert_t *next;
chunk_t userCertificate;
time_t revocationDate;
crl_reason_t revocationReason;
};
/* storage structure for an X.509 CRL */
typedef struct x509crl x509crl_t;
struct x509crl {
x509crl_t *next;
time_t installed;
generalName_t *distributionPoints;
chunk_t certificateList;
chunk_t tbsCertList;
u_int version;
/* signature */
int sigAlg;
chunk_t issuer;
time_t thisUpdate;
time_t nextUpdate;
revokedCert_t *revokedCertificates;
/* v2 extensions */
/* crlExtensions */
/* extension */
/* extnID */
/* critical */
/* extnValue */
chunk_t authKeyID;
chunk_t authKeySerialNumber;
chunk_t crlNumber;
/* signatureAlgorithm */
int algorithm;
chunk_t signature;
};
/* apply a strict CRL policy
* flag set in plutomain.c and used in ipsec_doi.c and rcv_whack.c
*/
extern bool strict_crl_policy;
/*
* cache the retrieved CRLs by storing them locally as a file
*/
extern bool cache_crls;
/*
* check periodically for expired crls
*/
extern long crl_check_interval;
/* used for initialization */
extern const x509crl_t empty_x509crl;
extern bool parse_x509crl(chunk_t blob, u_int level0, x509crl_t *crl);
extern void load_crls(void);
extern void check_crls(void);
extern bool insert_crl(chunk_t blob, chunk_t crl_uri, bool cache_crl);
extern cert_status_t verify_by_crl(const x509cert_t *cert, time_t *until
, time_t *revocationDate, crl_reason_t *revocationReason);
extern void list_crls(bool utc, bool strict);
extern void free_crls(void);
extern void free_crl(x509crl_t *crl);
|