aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/credentials
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/credentials')
-rw-r--r--src/libstrongswan/credentials/builder.c1
-rw-r--r--src/libstrongswan/credentials/builder.h2
-rw-r--r--src/libstrongswan/credentials/certificates/x509.h18
3 files changed, 21 insertions, 0 deletions
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index c780588c2..cdf5c702d 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -47,6 +47,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
"BUILD_PERMITTED_NAME_CONSTRAINTS",
"BUILD_EXCLUDED_NAME_CONSTRAINTS",
"BUILD_CERTIFICATE_POLICIES",
+ "BUILD_POLICY_MAPPINGS",
"BUILD_X509_FLAG",
"BUILD_REVOKED_ENUMERATOR",
"BUILD_CHALLENGE_PWD",
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index a2a3a4873..f2b3f44f6 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -101,6 +101,8 @@ enum builder_part_t {
BUILD_EXCLUDED_NAME_CONSTRAINTS,
/** certificatePolicy OIDs, linked_list_t* of x509_cert_policy_t* */
BUILD_CERTIFICATE_POLICIES,
+ /** policyMapping OIDs, linked_list_t* of x509_policy_mapping_t* */
+ BUILD_POLICY_MAPPINGS,
/** enforce an additional X509 flag, x509_flag_t */
BUILD_X509_FLAG,
/** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index 6f054f82a..b0f361edb 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -28,6 +28,7 @@
typedef struct x509_t x509_t;
typedef struct x509_cert_policy_t x509_cert_policy_t;
+typedef struct x509_policy_mapping_t x509_policy_mapping_t;
typedef enum x509_flag_t x509_flag_t;
/**
@@ -67,6 +68,16 @@ struct x509_cert_policy_t {
};
/**
+ * X.509 policyMapping extension
+ */
+struct x509_policy_mapping_t {
+ /** OID of issuerDomainPolicy */
+ chunk_t issuer;
+ /** OID of subjectDomainPolicy */
+ chunk_t subject;
+};
+
+/**
* X.509 certificate interface.
*
* This interface adds additional methods to the certificate_t type to
@@ -156,6 +167,13 @@ struct x509_t {
* @return enumerator over x509_cert_policy_t
*/
enumerator_t* (*create_cert_policy_enumerator)(x509_t *this);
+
+ /**
+ * Create an enumerator over policy mappings.
+ *
+ * @return enumerator over x509_policy_mapping
+ */
+ enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this);
};
#endif /** X509_H_ @}*/
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 04:29:11 +0000