credmgr: introduce a hook function to catch trust chain validation errors

author: Martin Willi <martin@revosec.ch> 2013-07-09 11:55:32 +0200
committer: Martin Willi <martin@revosec.ch> 2013-07-18 16:00:30 +0200
commit: 4d7a762871f52dac5c7bd7808edc94a55dd40e1a (patch)
tree: a051510dbcf77c3490e3bd4c63c262c889c89073 /src/libstrongswan/credentials/cert_validator.h
parent: f7cff7fac45e7914dd742d4348be1b17b9e63e0c (diff)
download: strongswan-4d7a762871f52dac5c7bd7808edc94a55dd40e1a.tar.bz2
strongswan-4d7a762871f52dac5c7bd7808edc94a55dd40e1a.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/cert_validator.h b/src/libstrongswan/credentials/cert_validator.h
index 325fa0af3..6b28f35c1 100644
--- a/src/libstrongswan/credentials/cert_validator.h
+++ b/src/libstrongswan/credentials/cert_validator.h
@@ -53,6 +53,9 @@ struct cert_validator_t {
 	/**
 	 * Validate a subject certificate in relation to its issuer.
 	 *
+	 * If FALSE is returned, the validator should call_hook() on the
+	 * credential manager with an appropriate type and the certificate.
+	 *
 	 * @param subject		subject certificate to check
 	 * @param issuer		issuer of subject
 	 * @param online		whether to do online revocation checking
author	Martin Willi <martin@revosec.ch>	2013-07-09 11:55:32 +0200
committer	Martin Willi <martin@revosec.ch>	2013-07-18 16:00:30 +0200
commit	4d7a762871f52dac5c7bd7808edc94a55dd40e1a (patch)
tree	a051510dbcf77c3490e3bd4c63c262c889c89073 /src/libstrongswan/credentials/cert_validator.h
parent	f7cff7fac45e7914dd742d4348be1b17b9e63e0c (diff)
download	strongswan-4d7a762871f52dac5c7bd7808edc94a55dd40e1a.tar.bz2 strongswan-4d7a762871f52dac5c7bd7808edc94a55dd40e1a.tar.xz