ocsp_8h_source.html

 /** OCSP Configuration

  *

  */

 typedef struct {

         bool            enable;                         //!< Enable OCSP checks

         char const      *cache_server;                  //!< Virtual server to restore retrieved OCSP status.

         bool            override_url;                   //!< Always use the configured OCSP URL even if the

                                                         //!< certificate contains one.

         char const      *url;

         bool            use_nonce;

         X509_STORE      *store;

         uint32_t        timeout;

         bool            softfail;

         bool            verifycert;


         fr_tls_cache_t  cache;                          //!< Cached cache section pointers.  Means we don't have

                                                         ///< to look them up at runtime.

 } fr_tls_ocsp_conf_t;


 #ifdef HAVE_OPENSSL_OCSP_H

         fr_tls_ocsp_conf_t      ocsp;                   //!< Configuration for validating client certificates

                                                         //!< with ocsp.

         fr_tls_ocsp_conf_t      staple;                 //!< Configuration for validating server certificates

                                                         //!< with ocsp.

 #endif


 /*

  *      tls/ocsp.c

  */

 int             fr_tls_ocsp_staple_cb(SSL *ssl, void *data);


 int             fr_tls_ocsp_check(request_t *request, SSL *ssl,

                                X509_STORE *store, X509 *issuer_cert, X509 *client_cert,

                                fr_tls_ocsp_conf_t *conf, bool staple_response);


 int             fr_tls_ocsp_state_cache_compile(fr_tls_cache_t *sections, CONF_SECTION *server_cs);


 int             fr_tls_ocsp_staple_cache_compile(fr_tls_cache_t *sections, CONF_SECTION *server_cs);

store
#define store(_store, _var)
Definition: atomic_queue.h:48

cf_section
A section grouping multiple CONF_PAIR.
Definition: cf_priv.h:101

uint32_t
unsigned int uint32_t
Definition: merged_model.c:33

request_t
Definition: merged_model.c:210

fr_tls_ocsp_conf_t::enable
bool enable
Enable OCSP checks.
Definition: ocsp.h:5

fr_tls_ocsp_check
int fr_tls_ocsp_check(request_t *request, SSL *ssl, X509_STORE *store, X509 *issuer_cert, X509 *client_cert, fr_tls_ocsp_conf_t *conf, bool staple_response)

fr_tls_ocsp_conf_t::verifycert
bool verifycert
Definition: ocsp.h:14

fr_tls_ocsp_conf_t::timeout
uint32_t timeout
Definition: ocsp.h:12

fr_tls_ocsp_state_cache_compile
int fr_tls_ocsp_state_cache_compile(fr_tls_cache_t *sections, CONF_SECTION *server_cs)

fr_tls_ocsp_conf_t::cache_server
char const  * cache_server
Virtual server to restore retrieved OCSP status.
Definition: ocsp.h:6

fr_tls_ocsp_conf_t::store
X509_STORE * store
Definition: ocsp.h:11

fr_tls_ocsp_conf_t::use_nonce
bool use_nonce
Definition: ocsp.h:10

fr_tls_ocsp_conf_t::url
char const  * url
Definition: ocsp.h:9

fr_tls_ocsp_conf_t::override_url
bool override_url
Always use the configured OCSP URL even if the certificate contains one.
Definition: ocsp.h:7

fr_tls_ocsp_staple_cb
int fr_tls_ocsp_staple_cb(SSL *ssl, void *data)

fr_tls_ocsp_staple_cache_compile
int fr_tls_ocsp_staple_cache_compile(fr_tls_cache_t *sections, CONF_SECTION *server_cs)

fr_tls_ocsp_conf_t::softfail
bool softfail
Definition: ocsp.h:13

fr_tls_ocsp_conf_t::cache
fr_tls_cache_t cache
Cached cache section pointers.
Definition: ocsp.h:17

fr_tls_ocsp_conf_t
OCSP Configuration.
Definition: ocsp.h:4

conf
static rs_t * conf
Definition: radsniff.c:53

data
static fr_slen_t data
Definition: value.h:1265