Changeset 3106 for pjproject/trunk/pjlib/include/pj/ssl_sock.h
- Timestamp:
- Feb 24, 2010 5:43:34 AM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/pjlib/include/pj/ssl_sock.h
r2998 r3106 61 61 62 62 63 typedef enum pj_ssl_cert_verify_flag_t 64 { 65 /** 66 * No error in verification. 67 */ 68 PJ_SSL_CERT_ESUCCESS = 0, 69 70 /** 71 * The issuer certificate cannot be found. 72 */ 73 PJ_SSL_CERT_EISSUER_NOT_FOUND = (1 << 0), 74 75 /** 76 * The certificate is untrusted. 77 */ 78 PJ_SSL_CERT_EUNTRUSTED = (1 << 1), 79 80 /** 81 * The certificate has expired or not yet valid. 82 */ 83 PJ_SSL_CERT_EVALIDITY_PERIOD = (1 << 2), 84 85 /** 86 * One or more fields of the certificate cannot be decoded due to 87 * invalid format. 88 */ 89 PJ_SSL_CERT_EINVALID_FORMAT = (1 << 3), 90 91 /** 92 * The certificate cannot be used for the specified purpose. 93 */ 94 PJ_SSL_CERT_EINVALID_PURPOSE = (1 << 4), 95 96 /** 97 * The issuer info in the certificate does not match to the (candidate) 98 * issuer certificate, e.g: issuer name not match to subject name 99 * of (candidate) issuer certificate. 100 */ 101 PJ_SSL_CERT_EISSUER_MISMATCH = (1 << 5), 102 103 /** 104 * The CRL certificate cannot be found or cannot be read properly. 105 */ 106 PJ_SSL_CERT_ECRL_FAILURE = (1 << 6), 107 108 /** 109 * The certificate has been revoked. 110 */ 111 PJ_SSL_CERT_EREVOKED = (1 << 7), 112 113 /** 114 * The certificate chain length is too long. 115 */ 116 PJ_SSL_CERT_ECHAIN_TOO_LONG = (1 << 8), 117 118 /** 119 * The server identity does not match to any identities specified in 120 * the certificate, e.g: subjectAltName extension, subject common name. 121 * This flag will only be set by application as SSL socket does not 122 * perform server identity verification. 123 */ 124 PJ_SSL_CERT_EIDENTITY_NOT_MATCH = (1 << 30), 125 126 /** 127 * Unknown verification error. 128 */ 129 PJ_SSL_CERT_EUNKNOWN = (1 << 31) 130 131 } pj_ssl_cert_verify_flag_t; 132 133 134 typedef enum pj_ssl_cert_name_type 135 { 136 PJ_SSL_CERT_NAME_UNKNOWN = 0, 137 PJ_SSL_CERT_NAME_RFC822, 138 PJ_SSL_CERT_NAME_DNS, 139 PJ_SSL_CERT_NAME_URI, 140 PJ_SSL_CERT_NAME_IP 141 } pj_ssl_cert_name_type; 142 63 143 /** 64 144 * Describe structure of certificate info. 65 145 */ 66 146 typedef struct pj_ssl_cert_info { 67 pj_str_t subject; /**< Subject. */ 68 pj_str_t issuer; /**< Issuer. */ 69 unsigned version; /**< Certificate version. */ 70 pj_time_val validity_start; /**< Validity start. */ 71 pj_time_val validity_end; /**< Validity end. */ 72 pj_bool_t validity_use_gmt; /**< Flag if validity date/time 73 use GMT. */ 147 148 unsigned version; /**< Certificate version */ 149 150 pj_uint8_t serial_no[20]; /**< Serial number, array of 151 octets, first index is 152 MSB */ 153 154 struct { 155 pj_str_t cn; /**< Common name */ 156 pj_str_t info; /**< One line subject, fields 157 are separated by slash */ 158 } subject; /**< Subject */ 159 160 struct { 161 pj_str_t cn; /**< Common name */ 162 pj_str_t info; /**< One line subject, fields 163 are separated by slash.*/ 164 } issuer; /**< Issuer */ 165 166 struct { 167 pj_time_val start; /**< Validity start */ 168 pj_time_val end; /**< Validity end */ 169 pj_bool_t gmt; /**< Flag if validity date/time 170 use GMT */ 171 } validity; /**< Validity */ 172 173 struct { 174 unsigned cnt; /**< # of entry */ 175 struct { 176 pj_ssl_cert_name_type type; 177 /**< Name type */ 178 pj_str_t name; /**< The name */ 179 } *entry; /**< Subject alt name entry */ 180 } subj_alt_name; /**< Subject alternative 181 name extension */ 182 74 183 } pj_ssl_cert_info; 75 184 … … 92 201 const pj_str_t *privkey_pass, 93 202 pj_ssl_cert_t **p_cert); 203 204 205 /** 206 * Dump SSL certificate info. 207 * 208 * @param ci The certificate info. 209 * @param prefix Prefix string for each line. 210 * @param buf The buffer where certificate info will be printed on. 211 * @param buf_size The buffer size. 212 * 213 * @return PJ_SUCCESS when successful. 214 */ 215 PJ_DECL(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, 216 const char *prefix, 217 char *buf, 218 pj_size_t buf_size); 219 220 221 /** 222 * Get SSL certificate verification error messages from verification status. 223 * 224 * @param verify_status The SSL certificate verification status. 225 * @param error_strings Array of strings to receive the verification error 226 * messages. 227 * @param count On input it specifies maximum error messages should be 228 * retrieved. On output it specifies the number of error 229 * messages retrieved. 230 * 231 * @return PJ_SUCCESS when successful. 232 */ 233 PJ_DECL(pj_status_t) pj_ssl_cert_verify_error_st(pj_uint32_t verify_status, 234 const char *error_strings[], 235 unsigned *count); 94 236 95 237 … … 364 506 * Describes active local certificate info. 365 507 */ 366 pj_ssl_cert_info local_cert_info;508 pj_ssl_cert_info *local_cert_info; 367 509 368 510 /** 369 511 * Describes active remote certificate info. 370 512 */ 371 pj_ssl_cert_info remote_cert_info; 372 513 pj_ssl_cert_info *remote_cert_info; 514 515 /** 516 * Status of peer certificate verification. 517 */ 518 pj_uint32_t verify_status; 519 373 520 } pj_ssl_sock_info; 374 521 … … 524 671 525 672 /** 526 * When secure socket is acting as client (perform outgoing connection)527 * and it needs to verify server name (e.g: host or domain name) by528 * matching it to the name specified in the server certificate. This529 * setting is useful when the server is hosting multiple domains for530 * the same listening socket.673 * Server name indication. When secure socket is acting as client 674 * (perform outgoing connection) and the server may host multiple 675 * 'virtual' servers at a single underlying network address, setting 676 * this will allow client to tell the server a name of the server 677 * it is contacting. 531 678 * 532 679 * Default value is zero/not-set.
Note: See TracChangeset
for help on using the changeset viewer.