ocsp_8h_source.html

/** OCSP Configuration

 *

 */


typedef struct {

        bool            enable;                         //!< Enable OCSP checks

        char const      *cache_server;                  //!< Virtual server to restore retrieved OCSP status.

        bool            override_url;                   //!< Always use the configured OCSP URL even if the

                                                        //!< certificate contains one.

        char const      *url;

        bool            use_nonce;

        X509_STORE      *store;

        uint32_t        timeout;

        bool            softfail;

        bool            verifycert;


        fr_tls_cache_t  cache;                          //!< Cached cache section pointers.  Means we don't have

                                                        ///< to look them up at runtime.

} fr_tls_ocsp_conf_t;


#ifdef HAVE_OPENSSL_OCSP_H

        fr_tls_ocsp_conf_t      ocsp;                   //!< Configuration for validating client certificates

                                                        //!< with ocsp.

        fr_tls_ocsp_conf_t      staple;                 //!< Configuration for validating server certificates

                                                        //!< with ocsp.

#endif


/*

 *      tls/ocsp.c

 */

int             fr_tls_ocsp_staple_cb(SSL *ssl, void *data);


int             fr_tls_ocsp_check(request_t *request, SSL *ssl,

                               X509_STORE *store, X509 *issuer_cert, X509 *client_cert,

                               fr_tls_ocsp_conf_t *conf, bool staple_response);


int             fr_tls_ocsp_state_cache_compile(fr_tls_cache_t *sections, CONF_SECTION *server_cs);


int             fr_tls_ocsp_staple_cache_compile(fr_tls_cache_t *sections, CONF_SECTION *server_cs);

store
#define store(_store, _var)
Definition atomic_queue.h:48

cf_section
A section grouping multiple CONF_PAIR.
Definition cf_priv.h:101

uint32_t
unsigned int uint32_t
Definition merged_model.c:33

request_t
Definition merged_model.c:210

fr_tls_ocsp_conf_t::enable
bool enable
Enable OCSP checks.
Definition ocsp.h:5

fr_tls_ocsp_check
int fr_tls_ocsp_check(request_t *request, SSL *ssl, X509_STORE *store, X509 *issuer_cert, X509 *client_cert, fr_tls_ocsp_conf_t *conf, bool staple_response)

fr_tls_ocsp_conf_t::verifycert
bool verifycert
Definition ocsp.h:14

fr_tls_ocsp_conf_t::timeout
uint32_t timeout
Definition ocsp.h:12

fr_tls_ocsp_state_cache_compile
int fr_tls_ocsp_state_cache_compile(fr_tls_cache_t *sections, CONF_SECTION *server_cs)

fr_tls_ocsp_conf_t::cache_server
char const  * cache_server
Virtual server to restore retrieved OCSP status.
Definition ocsp.h:6

fr_tls_ocsp_conf_t::store
X509_STORE * store
Definition ocsp.h:11

fr_tls_ocsp_conf_t::use_nonce
bool use_nonce
Definition ocsp.h:10

fr_tls_ocsp_conf_t::url
char const  * url
Definition ocsp.h:9

fr_tls_ocsp_conf_t::override_url
bool override_url
Always use the configured OCSP URL even if the certificate contains one.
Definition ocsp.h:7

fr_tls_ocsp_staple_cb
int fr_tls_ocsp_staple_cb(SSL *ssl, void *data)

fr_tls_ocsp_staple_cache_compile
int fr_tls_ocsp_staple_cache_compile(fr_tls_cache_t *sections, CONF_SECTION *server_cs)

fr_tls_ocsp_conf_t::softfail
bool softfail
Definition ocsp.h:13

fr_tls_ocsp_conf_t::cache
fr_tls_cache_t cache
Cached cache section pointers.
Definition ocsp.h:17

fr_tls_ocsp_conf_t
OCSP Configuration.
Definition ocsp.h:4

conf
static rs_t * conf
Definition radsniff.c:53

data
static fr_slen_t data
Definition value.h:1265