VirtualBox

source: vbox/trunk/src/libs/openssl-3.3.2/include/openssl/x509_vfy.h.in@ 108403

最後變更 在這個檔案從108403是 108206,由 vboxsync 提交於 6 週 前

openssl-3.3.2: Exported all files to OSE and removed .scm-settings ​bugref:10757
  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 38.8 KB
 
1/*
2 * {- join("\n * ", @autowarntext) -}
3 *
4 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12{-
13use OpenSSL::stackhash qw(generate_stack_macros);
14-}
15
16#ifndef OPENSSL_X509_VFY_H
17# define OPENSSL_X509_VFY_H
18# pragma once
19
20# include <openssl/macros.h>
21# ifndef OPENSSL_NO_DEPRECATED_3_0
22# define HEADER_X509_VFY_H
23# endif
24
25/*
26 * Protect against recursion, x509.h and x509_vfy.h each include the other.
27 */
28# ifndef OPENSSL_X509_H
29# include <openssl/x509.h>
30# endif
31
32# include <openssl/opensslconf.h>
33# include <openssl/lhash.h>
34# include <openssl/bio.h>
35# include <openssl/crypto.h>
36# include <openssl/symhacks.h>
37
38#ifdef __cplusplus
39extern "C" {
40#endif
41
42/*-
43SSL_CTX -> X509_STORE
44 -> X509_LOOKUP
45 ->X509_LOOKUP_METHOD
46 -> X509_LOOKUP
47 ->X509_LOOKUP_METHOD
48
49SSL -> X509_STORE_CTX
50 ->X509_STORE
51
52The X509_STORE holds the tables etc for verification stuff.
53A X509_STORE_CTX is used while validating a single certificate.
54The X509_STORE has X509_LOOKUPs for looking up certs.
55The X509_STORE then calls a function to actually verify the
56certificate chain.
57*/
58
59typedef enum {
60 X509_LU_NONE = 0,
61 X509_LU_X509, X509_LU_CRL
62} X509_LOOKUP_TYPE;
63
64#ifndef OPENSSL_NO_DEPRECATED_1_1_0
65#define X509_LU_RETRY -1
66#define X509_LU_FAIL 0
67#endif
68
69{-
70 generate_stack_macros("X509_LOOKUP")
71 .generate_stack_macros("X509_OBJECT")
72 .generate_stack_macros("X509_VERIFY_PARAM");
73-}
74
75/* This is used for a table of trust checking functions */
76typedef struct x509_trust_st {
77 int trust;
78 int flags;
79 int (*check_trust) (struct x509_trust_st *, X509 *, int);
80 char *name;
81 int arg1;
82 void *arg2;
83} X509_TRUST;
84{-
85 generate_stack_macros("X509_TRUST");
86-}
87
88/* standard trust ids */
89# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */
90# define X509_TRUST_COMPAT 1
91# define X509_TRUST_SSL_CLIENT 2
92# define X509_TRUST_SSL_SERVER 3
93# define X509_TRUST_EMAIL 4
94# define X509_TRUST_OBJECT_SIGN 5
95# define X509_TRUST_OCSP_SIGN 6
96# define X509_TRUST_OCSP_REQUEST 7
97# define X509_TRUST_TSA 8
98/* Keep these up to date! */
99# define X509_TRUST_MIN 1
100# define X509_TRUST_MAX 8
101
102/* trust_flags values */
103# define X509_TRUST_DYNAMIC (1U << 0)
104# define X509_TRUST_DYNAMIC_NAME (1U << 1)
105/* No compat trust if self-signed, preempts "DO_SS" */
106# define X509_TRUST_NO_SS_COMPAT (1U << 2)
107/* Compat trust if no explicit accepted trust EKUs */
108# define X509_TRUST_DO_SS_COMPAT (1U << 3)
109/* Accept "anyEKU" as a wildcard rejection OID and as a wildcard trust OID */
110# define X509_TRUST_OK_ANY_EKU (1U << 4)
111
112/* check_trust return codes */
113# define X509_TRUST_TRUSTED 1
114# define X509_TRUST_REJECTED 2
115# define X509_TRUST_UNTRUSTED 3
116
117int X509_TRUST_set(int *t, int trust);
118int X509_TRUST_get_count(void);
119X509_TRUST *X509_TRUST_get0(int idx);
120int X509_TRUST_get_by_id(int id);
121int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
122 const char *name, int arg1, void *arg2);
123void X509_TRUST_cleanup(void);
124int X509_TRUST_get_flags(const X509_TRUST *xp);
125char *X509_TRUST_get0_name(const X509_TRUST *xp);
126int X509_TRUST_get_trust(const X509_TRUST *xp);
127
128int X509_trusted(const X509 *x);
129int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
130int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj);
131void X509_trust_clear(X509 *x);
132void X509_reject_clear(X509 *x);
133STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x);
134STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x);
135
136int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
137 int);
138int X509_check_trust(X509 *x, int id, int flags);
139
140int X509_verify_cert(X509_STORE_CTX *ctx);
141int X509_STORE_CTX_verify(X509_STORE_CTX *ctx);
142STACK_OF(X509) *X509_build_chain(X509 *target, STACK_OF(X509) *certs,
143 X509_STORE *store, int with_self_signed,
144 OSSL_LIB_CTX *libctx, const char *propq);
145
146int X509_STORE_set_depth(X509_STORE *store, int depth);
147
148typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
149int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx);
150typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
151typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
152 X509_STORE_CTX *ctx, X509 *x);
153typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
154 X509 *x, X509 *issuer);
155typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
156typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
157 X509_CRL **crl, X509 *x);
158typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
159typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
160 X509_CRL *crl, X509 *x);
161typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
162typedef STACK_OF(X509)
163 *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
164 const X509_NAME *nm);
165typedef STACK_OF(X509_CRL)
166 *(*X509_STORE_CTX_lookup_crls_fn)(const X509_STORE_CTX *ctx,
167 const X509_NAME *nm);
168typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
169
170void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
171
172# define X509_STORE_CTX_set_app_data(ctx,data) \
173 X509_STORE_CTX_set_ex_data(ctx,0,data)
174# define X509_STORE_CTX_get_app_data(ctx) \
175 X509_STORE_CTX_get_ex_data(ctx,0)
176
177# define X509_L_FILE_LOAD 1
178# define X509_L_ADD_DIR 2
179# define X509_L_ADD_STORE 3
180# define X509_L_LOAD_STORE 4
181
182# define X509_LOOKUP_load_file(x,name,type) \
183 X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
184
185# define X509_LOOKUP_add_dir(x,name,type) \
186 X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
187
188# define X509_LOOKUP_add_store(x,name) \
189 X509_LOOKUP_ctrl((x),X509_L_ADD_STORE,(name),0,NULL)
190
191# define X509_LOOKUP_load_store(x,name) \
192 X509_LOOKUP_ctrl((x),X509_L_LOAD_STORE,(name),0,NULL)
193
194# define X509_LOOKUP_load_file_ex(x, name, type, libctx, propq) \
195X509_LOOKUP_ctrl_ex((x), X509_L_FILE_LOAD, (name), (long)(type), NULL,\
196 (libctx), (propq))
197
198# define X509_LOOKUP_load_store_ex(x, name, libctx, propq) \
199X509_LOOKUP_ctrl_ex((x), X509_L_LOAD_STORE, (name), 0, NULL, \
200 (libctx), (propq))
201
202# define X509_LOOKUP_add_store_ex(x, name, libctx, propq) \
203X509_LOOKUP_ctrl_ex((x), X509_L_ADD_STORE, (name), 0, NULL, \
204 (libctx), (propq))
205
206# define X509_V_OK 0
207# define X509_V_ERR_UNSPECIFIED 1
208# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
209# define X509_V_ERR_UNABLE_TO_GET_CRL 3
210# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
211# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
212# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
213# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
214# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
215# define X509_V_ERR_CERT_NOT_YET_VALID 9
216# define X509_V_ERR_CERT_HAS_EXPIRED 10
217# define X509_V_ERR_CRL_NOT_YET_VALID 11
218# define X509_V_ERR_CRL_HAS_EXPIRED 12
219# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
220# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
221# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
222# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
223# define X509_V_ERR_OUT_OF_MEM 17
224# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
225# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
226# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
227# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
228# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
229# define X509_V_ERR_CERT_REVOKED 23
230# define X509_V_ERR_NO_ISSUER_PUBLIC_KEY 24
231# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
232# define X509_V_ERR_INVALID_PURPOSE 26
233# define X509_V_ERR_CERT_UNTRUSTED 27
234# define X509_V_ERR_CERT_REJECTED 28
235
236/* These are 'informational' when looking for issuer cert */
237# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
238# define X509_V_ERR_AKID_SKID_MISMATCH 30
239# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
240# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
241# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
242# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
243# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
244# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
245# define X509_V_ERR_INVALID_NON_CA 37
246# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
247# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
248# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
249# define X509_V_ERR_INVALID_EXTENSION 41
250# define X509_V_ERR_INVALID_POLICY_EXTENSION 42
251# define X509_V_ERR_NO_EXPLICIT_POLICY 43
252# define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
253# define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
254# define X509_V_ERR_UNNESTED_RESOURCE 46
255# define X509_V_ERR_PERMITTED_VIOLATION 47
256# define X509_V_ERR_EXCLUDED_VIOLATION 48
257# define X509_V_ERR_SUBTREE_MINMAX 49
258/* The application is not happy */
259# define X509_V_ERR_APPLICATION_VERIFICATION 50
260# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
261# define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
262# define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
263# define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
264/* Another issuer check debug option */
265# define X509_V_ERR_PATH_LOOP 55
266/* Suite B mode algorithm violation */
267# define X509_V_ERR_SUITE_B_INVALID_VERSION 56
268# define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
269# define X509_V_ERR_SUITE_B_INVALID_CURVE 58
270# define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
271# define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
272# define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
273/* Host, email and IP check errors */
274# define X509_V_ERR_HOSTNAME_MISMATCH 62
275# define X509_V_ERR_EMAIL_MISMATCH 63
276# define X509_V_ERR_IP_ADDRESS_MISMATCH 64
277/* DANE TLSA errors */
278# define X509_V_ERR_DANE_NO_MATCH 65
279/* security level errors */
280# define X509_V_ERR_EE_KEY_TOO_SMALL 66
281# define X509_V_ERR_CA_KEY_TOO_SMALL 67
282# define X509_V_ERR_CA_MD_TOO_WEAK 68
283/* Caller error */
284# define X509_V_ERR_INVALID_CALL 69
285/* Issuer lookup error */
286# define X509_V_ERR_STORE_LOOKUP 70
287/* Certificate transparency */
288# define X509_V_ERR_NO_VALID_SCTS 71
289
290# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72
291/* OCSP status errors */
292# define X509_V_ERR_OCSP_VERIFY_NEEDED 73 /* Need OCSP verification */
293# define X509_V_ERR_OCSP_VERIFY_FAILED 74 /* Couldn't verify cert through OCSP */
294# define X509_V_ERR_OCSP_CERT_UNKNOWN 75 /* Certificate wasn't recognized by the OCSP responder */
295
296# define X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM 76
297# define X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH 77
298
299/* Errors in case a check in X509_V_FLAG_X509_STRICT mode fails */
300# define X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY 78
301# define X509_V_ERR_INVALID_CA 79
302# define X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA 80
303# define X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN 81
304# define X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA 82
305# define X509_V_ERR_ISSUER_NAME_EMPTY 83
306# define X509_V_ERR_SUBJECT_NAME_EMPTY 84
307# define X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER 85
308# define X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER 86
309# define X509_V_ERR_EMPTY_SUBJECT_ALT_NAME 87
310# define X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL 88
311# define X509_V_ERR_CA_BCONS_NOT_CRITICAL 89
312# define X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL 90
313# define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91
314# define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92
315# define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93
316# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94
317# define X509_V_ERR_RPK_UNTRUSTED 95
318
319/* Certificate verify flags */
320# ifndef OPENSSL_NO_DEPRECATED_1_1_0
321# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */
322# endif
323/* Use check time instead of current time */
324# define X509_V_FLAG_USE_CHECK_TIME 0x2
325/* Lookup CRLs */
326# define X509_V_FLAG_CRL_CHECK 0x4
327/* Lookup CRLs for whole chain */
328# define X509_V_FLAG_CRL_CHECK_ALL 0x8
329/* Ignore unhandled critical extensions */
330# define X509_V_FLAG_IGNORE_CRITICAL 0x10
331/* Disable workarounds for broken certificates */
332# define X509_V_FLAG_X509_STRICT 0x20
333/* Enable proxy certificate validation */
334# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
335/* Enable policy checking */
336# define X509_V_FLAG_POLICY_CHECK 0x80
337/* Policy variable require-explicit-policy */
338# define X509_V_FLAG_EXPLICIT_POLICY 0x100
339/* Policy variable inhibit-any-policy */
340# define X509_V_FLAG_INHIBIT_ANY 0x200
341/* Policy variable inhibit-policy-mapping */
342# define X509_V_FLAG_INHIBIT_MAP 0x400
343/* Notify callback that policy is OK */
344# define X509_V_FLAG_NOTIFY_POLICY 0x800
345/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
346# define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000
347/* Delta CRL support */
348# define X509_V_FLAG_USE_DELTAS 0x2000
349/* Check self-signed CA signature */
350# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
351/* Use trusted store first */
352# define X509_V_FLAG_TRUSTED_FIRST 0x8000
353/* Suite B 128 bit only mode: not normally used */
354# define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000
355/* Suite B 192 bit only mode */
356# define X509_V_FLAG_SUITEB_192_LOS 0x20000
357/* Suite B 128 bit mode allowing 192 bit algorithms */
358# define X509_V_FLAG_SUITEB_128_LOS 0x30000
359/* Allow partial chains if at least one certificate is in trusted store */
360# define X509_V_FLAG_PARTIAL_CHAIN 0x80000
361/*
362 * If the initial chain is not trusted, do not attempt to build an alternative
363 * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag
364 * will force the behaviour to match that of previous versions.
365 */
366# define X509_V_FLAG_NO_ALT_CHAINS 0x100000
367/* Do not check certificate/CRL validity against current time */
368# define X509_V_FLAG_NO_CHECK_TIME 0x200000
369
370# define X509_VP_FLAG_DEFAULT 0x1
371# define X509_VP_FLAG_OVERWRITE 0x2
372# define X509_VP_FLAG_RESET_FLAGS 0x4
373# define X509_VP_FLAG_LOCKED 0x8
374# define X509_VP_FLAG_ONCE 0x10
375
376/* Internal use: mask of policy related options */
377# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
378 | X509_V_FLAG_EXPLICIT_POLICY \
379 | X509_V_FLAG_INHIBIT_ANY \
380 | X509_V_FLAG_INHIBIT_MAP)
381
382int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
383 const X509_NAME *name);
384X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
385 X509_LOOKUP_TYPE type,
386 const X509_NAME *name);
387X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
388 X509_OBJECT *x);
389int X509_OBJECT_up_ref_count(X509_OBJECT *a);
390X509_OBJECT *X509_OBJECT_new(void);
391void X509_OBJECT_free(X509_OBJECT *a);
392X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a);
393X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
394int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
395X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
396int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
397X509_STORE *X509_STORE_new(void);
398void X509_STORE_free(X509_STORE *xs);
399int X509_STORE_lock(X509_STORE *xs);
400int X509_STORE_unlock(X509_STORE *xs);
401int X509_STORE_up_ref(X509_STORE *xs);
402STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
403STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *xs);
404STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
405STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
406 const X509_NAME *nm);
407STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
408 const X509_NAME *nm);
409int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
410int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
411int X509_STORE_set_trust(X509_STORE *xs, int trust);
412int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
413X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
414
415void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
416#define X509_STORE_set_verify_func(ctx, func) \
417 X509_STORE_set_verify((ctx),(func))
418void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
419 X509_STORE_CTX_verify_fn verify);
420X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
421void X509_STORE_set_verify_cb(X509_STORE *xs,
422 X509_STORE_CTX_verify_cb verify_cb);
423# define X509_STORE_set_verify_cb_func(ctx,func) \
424 X509_STORE_set_verify_cb((ctx),(func))
425X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
426void X509_STORE_set_get_issuer(X509_STORE *xs,
427 X509_STORE_CTX_get_issuer_fn get_issuer);
428X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
429void X509_STORE_set_check_issued(X509_STORE *xs,
430 X509_STORE_CTX_check_issued_fn check_issued);
431X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
432void X509_STORE_set_check_revocation(X509_STORE *xs,
433 X509_STORE_CTX_check_revocation_fn check_revocation);
434X509_STORE_CTX_check_revocation_fn
435 X509_STORE_get_check_revocation(const X509_STORE *xs);
436void X509_STORE_set_get_crl(X509_STORE *xs,
437 X509_STORE_CTX_get_crl_fn get_crl);
438X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
439void X509_STORE_set_check_crl(X509_STORE *xs,
440 X509_STORE_CTX_check_crl_fn check_crl);
441X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
442void X509_STORE_set_cert_crl(X509_STORE *xs,
443 X509_STORE_CTX_cert_crl_fn cert_crl);
444X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
445void X509_STORE_set_check_policy(X509_STORE *xs,
446 X509_STORE_CTX_check_policy_fn check_policy);
447X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
448void X509_STORE_set_lookup_certs(X509_STORE *xs,
449 X509_STORE_CTX_lookup_certs_fn lookup_certs);
450X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
451void X509_STORE_set_lookup_crls(X509_STORE *xs,
452 X509_STORE_CTX_lookup_crls_fn lookup_crls);
453#define X509_STORE_set_lookup_crls_cb(ctx, func) \
454 X509_STORE_set_lookup_crls((ctx), (func))
455X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
456void X509_STORE_set_cleanup(X509_STORE *xs,
457 X509_STORE_CTX_cleanup_fn cleanup);
458X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
459
460#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
461 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
462int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
463void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
464
465X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
466X509_STORE_CTX *X509_STORE_CTX_new(void);
467
468int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
469
470void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
471int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store,
472 X509 *target, STACK_OF(X509) *untrusted);
473int X509_STORE_CTX_init_rpk(X509_STORE_CTX *ctx, X509_STORE *trust_store,
474 EVP_PKEY* rpk);
475void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
476void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
477
478X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
479X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
480EVP_PKEY *X509_STORE_CTX_get0_rpk(const X509_STORE_CTX *ctx);
481STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(const X509_STORE_CTX *ctx);
482void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
483void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
484 X509_STORE_CTX_verify_cb verify);
485X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(const X509_STORE_CTX *ctx);
486X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
487X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(const X509_STORE_CTX *ctx);
488X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(const X509_STORE_CTX *ctx);
489X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
490void X509_STORE_CTX_set_get_crl(X509_STORE_CTX *ctx,
491 X509_STORE_CTX_get_crl_fn get_crl);
492X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(const X509_STORE_CTX *ctx);
493X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(const X509_STORE_CTX *ctx);
494X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(const X509_STORE_CTX *ctx);
495X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(const X509_STORE_CTX *ctx);
496X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(const X509_STORE_CTX *ctx);
497X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(const X509_STORE_CTX *ctx);
498X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
499
500#ifndef OPENSSL_NO_DEPRECATED_1_1_0
501# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain
502# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
503# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
504# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
505# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs
506# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls
507/* the following macro is misspelled; use X509_STORE_get1_certs instead */
508# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs
509/* the following macro is misspelled; use X509_STORE_get1_crls instead */
510# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
511#endif
512
513X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
514X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
515X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
516X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
517
518typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
519 long argl, char **ret);
520typedef int (*X509_LOOKUP_ctrl_ex_fn)(
521 X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret,
522 OSSL_LIB_CTX *libctx, const char *propq);
523
524typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
525 X509_LOOKUP_TYPE type,
526 const X509_NAME *name,
527 X509_OBJECT *ret);
528typedef int (*X509_LOOKUP_get_by_subject_ex_fn)(X509_LOOKUP *ctx,
529 X509_LOOKUP_TYPE type,
530 const X509_NAME *name,
531 X509_OBJECT *ret,
532 OSSL_LIB_CTX *libctx,
533 const char *propq);
534typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
535 X509_LOOKUP_TYPE type,
536 const X509_NAME *name,
537 const ASN1_INTEGER *serial,
538 X509_OBJECT *ret);
539typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
540 X509_LOOKUP_TYPE type,
541 const unsigned char* bytes,
542 int len,
543 X509_OBJECT *ret);
544typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
545 X509_LOOKUP_TYPE type,
546 const char *str,
547 int len,
548 X509_OBJECT *ret);
549
550X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
551void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
552
553int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
554 int (*new_item) (X509_LOOKUP *ctx));
555int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
556 (X509_LOOKUP *ctx);
557
558int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
559 void (*free_fn) (X509_LOOKUP *ctx));
560void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
561 (X509_LOOKUP *ctx);
562
563int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
564 int (*init) (X509_LOOKUP *ctx));
565int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
566 (X509_LOOKUP *ctx);
567
568int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
569 int (*shutdown) (X509_LOOKUP *ctx));
570int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
571 (X509_LOOKUP *ctx);
572
573int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
574 X509_LOOKUP_ctrl_fn ctrl_fn);
575X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
576
577int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
578 X509_LOOKUP_get_by_subject_fn fn);
579X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
580 const X509_LOOKUP_METHOD *method);
581
582int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method,
583 X509_LOOKUP_get_by_issuer_serial_fn fn);
584X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
585 const X509_LOOKUP_METHOD *method);
586
587int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
588 X509_LOOKUP_get_by_fingerprint_fn fn);
589X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
590 const X509_LOOKUP_METHOD *method);
591
592int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
593 X509_LOOKUP_get_by_alias_fn fn);
594X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
595 const X509_LOOKUP_METHOD *method);
596
597
598int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
599int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
600
601int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
602 X509_LOOKUP_TYPE type,
603 const X509_NAME *name, X509_OBJECT *ret);
604X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
605 X509_LOOKUP_TYPE type,
606 const X509_NAME *name);
607
608int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
609 long argl, char **ret);
610int X509_LOOKUP_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
611 char **ret, OSSL_LIB_CTX *libctx, const char *propq);
612
613int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
614int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
615 OSSL_LIB_CTX *libctx, const char *propq);
616int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
617int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
618int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type,
619 OSSL_LIB_CTX *libctx, const char *propq);
620
621X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
622void X509_LOOKUP_free(X509_LOOKUP *ctx);
623int X509_LOOKUP_init(X509_LOOKUP *ctx);
624int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
625 const X509_NAME *name, X509_OBJECT *ret);
626int X509_LOOKUP_by_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
627 const X509_NAME *name, X509_OBJECT *ret,
628 OSSL_LIB_CTX *libctx, const char *propq);
629int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
630 const X509_NAME *name,
631 const ASN1_INTEGER *serial,
632 X509_OBJECT *ret);
633int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
634 const unsigned char *bytes, int len,
635 X509_OBJECT *ret);
636int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
637 const char *str, int len, X509_OBJECT *ret);
638int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
639void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
640X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
641int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
642
643int X509_STORE_load_file(X509_STORE *xs, const char *file);
644int X509_STORE_load_path(X509_STORE *xs, const char *path);
645int X509_STORE_load_store(X509_STORE *xs, const char *store);
646int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
647int X509_STORE_set_default_paths(X509_STORE *xs);
648
649int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
650 OSSL_LIB_CTX *libctx, const char *propq);
651int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
652 OSSL_LIB_CTX *libctx, const char *propq);
653int X509_STORE_load_locations_ex(X509_STORE *xs,
654 const char *file, const char *dir,
655 OSSL_LIB_CTX *libctx, const char *propq);
656int X509_STORE_set_default_paths_ex(X509_STORE *xs,
657 OSSL_LIB_CTX *libctx, const char *propq);
658
659#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
660 CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
661int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data);
662void *X509_STORE_CTX_get_ex_data(const X509_STORE_CTX *ctx, int idx);
663int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx);
664void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
665int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx);
666void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
667X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
668void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
669X509 *X509_STORE_CTX_get0_current_issuer(const X509_STORE_CTX *ctx);
670X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx);
671X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx);
672STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx);
673STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx);
674void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target);
675void X509_STORE_CTX_set0_rpk(X509_STORE_CTX *ctx, EVP_PKEY *target);
676void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
677void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
678int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
679int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
680int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
681 int purpose, int trust);
682void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
683void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
684 time_t t);
685void X509_STORE_CTX_set_current_reasons(X509_STORE_CTX *ctx,
686 unsigned int current_reasons);
687
688X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(const X509_STORE_CTX *ctx);
689int X509_STORE_CTX_get_explicit_policy(const X509_STORE_CTX *ctx);
690int X509_STORE_CTX_get_num_untrusted(const X509_STORE_CTX *ctx);
691
692X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(const X509_STORE_CTX *ctx);
693void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
694int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
695
696/*
697 * Bridge opacity barrier between libcrypt and libssl, also needed to support
698 * offline testing in test/danetest.c
699 */
700void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
701#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0)
702
703/* X509_VERIFY_PARAM functions */
704
705X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
706void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
707int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
708 const X509_VERIFY_PARAM *from);
709int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
710 const X509_VERIFY_PARAM *from);
711int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
712int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
713 unsigned long flags);
714int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
715 unsigned long flags);
716unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param);
717int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
718int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
719void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
720void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level);
721time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
722void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
723int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
724 ASN1_OBJECT *policy);
725int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
726 STACK_OF(ASN1_OBJECT) *policies);
727
728int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
729 uint32_t flags);
730uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
731
732char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int idx);
733int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
734 const char *name, size_t namelen);
735int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
736 const char *name, size_t namelen);
737void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
738 unsigned int flags);
739unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param);
740char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param);
741void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *);
742char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param);
743int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
744 const char *email, size_t emaillen);
745char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param);
746int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
747 const unsigned char *ip, size_t iplen);
748int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
749 const char *ipasc);
750
751int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
752int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
753const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param);
754
755int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
756int X509_VERIFY_PARAM_get_count(void);
757const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
758const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
759void X509_VERIFY_PARAM_table_cleanup(void);
760
761/* Non positive return values are errors */
762#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */
763#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */
764#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */
765
766/*
767 * Positive return values form a bit mask, all but the first are internal to
768 * the library and don't appear in results from X509_policy_check().
769 */
770#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */
771#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */
772#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */
773
774int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
775 STACK_OF(X509) *certs,
776 STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
777
778void X509_policy_tree_free(X509_POLICY_TREE *tree);
779
780int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
781X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
782 int i);
783
784STACK_OF(X509_POLICY_NODE)
785 *X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
786
787STACK_OF(X509_POLICY_NODE)
788 *X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
789
790int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
791
792X509_POLICY_NODE *X509_policy_level_get0_node(const X509_POLICY_LEVEL *level,
793 int i);
794
795const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
796
797STACK_OF(POLICYQUALINFO)
798 *X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
799const X509_POLICY_NODE
800 *X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
801
802#ifdef __cplusplus
803}
804#endif
805#endif
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette