diff options
| author | Martin Willi <martin@revosec.ch> | 2010-12-15 14:08:20 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2011-01-05 16:46:02 +0100 |
| commit | 20bd78106e8ea95c8030e935b0276366b5ecd1ab (patch) | |
| tree | 7a9e050dc2f16ac004ac6a71ad26835d4dac2f0f /src/libstrongswan/credentials | |
| parent | 1038d9fee53f4c678f41959a8492ee8d1965a815 (diff) | |
| download | strongswan-20bd78106e8ea95c8030e935b0276366b5ecd1ab.tar.bz2 strongswan-20bd78106e8ea95c8030e935b0276366b5ecd1ab.tar.xz | |
Added certificatePolicy support to x509 plugin
Diffstat (limited to 'src/libstrongswan/credentials')
| -rw-r--r-- | src/libstrongswan/credentials/builder.c | 1 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/builder.h | 2 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/certificates/x509.h | 20 |
3 files changed, 23 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index a6662ae7f..c780588c2 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -46,6 +46,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_PATHLEN", "BUILD_PERMITTED_NAME_CONSTRAINTS", "BUILD_EXCLUDED_NAME_CONSTRAINTS", + "BUILD_CERTIFICATE_POLICIES", "BUILD_X509_FLAG", "BUILD_REVOKED_ENUMERATOR", "BUILD_CHALLENGE_PWD", diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index b1420ac23..a2a3a4873 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -99,6 +99,8 @@ enum builder_part_t { BUILD_PERMITTED_NAME_CONSTRAINTS, /** excluded X509 name constraints, linked_list_t* of identification_t* */ BUILD_EXCLUDED_NAME_CONSTRAINTS, + /** certificatePolicy OIDs, linked_list_t* of x509_cert_policy_t* */ + BUILD_CERTIFICATE_POLICIES, /** enforce an additional X509 flag, x509_flag_t */ BUILD_X509_FLAG, /** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */ diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index ec6a33578..6f054f82a 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -27,6 +27,7 @@ #define X509_NO_PATH_LEN_CONSTRAINT -1 typedef struct x509_t x509_t; +typedef struct x509_cert_policy_t x509_cert_policy_t; typedef enum x509_flag_t x509_flag_t; /** @@ -54,6 +55,18 @@ enum x509_flag_t { }; /** + * X.509 certPolicy extension. + */ +struct x509_cert_policy_t { + /** OID of certPolicy */ + chunk_t oid; + /** Certification Practice Statement URI qualifier */ + char *cps_uri; + /** UserNotice Text qualifier */ + char *unotice_text; +}; + +/** * X.509 certificate interface. * * This interface adds additional methods to the certificate_t type to @@ -136,6 +149,13 @@ struct x509_t { * @return enumerator over subtrees as identification_t */ enumerator_t* (*create_name_constraint_enumerator)(x509_t *this, bool perm); + + /** + * Create an enumerator over certificate policies. + * + * @return enumerator over x509_cert_policy_t + */ + enumerator_t* (*create_cert_policy_enumerator)(x509_t *this); }; #endif /** X509_H_ @}*/ |