The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
verify.h
Go to the documentation of this file.
1 #pragma once
2 /*
3  * This program is free software; you can redistribute it and/or modify
4  * it under the terms of the GNU General Public License as published by
5  * the Free Software Foundation; either version 2 of the License, or
6  * (at your option) any later version.
7  *
8  * This program is distributed in the hope that it will be useful,
9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11  * GNU General Public License for more details.
12  *
13  * You should have received a copy of the GNU General Public License
14  * along with this program; if not, write to the Free Software
15  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
16  */
17 #ifdef WITH_TLS
18 /**
19  * $Id: 18ee4f23654526ead1949e66139721e027bf2a3d $
20  *
21  * @file lib/tls/validate.h
22  * @brief Structures for session-resumption management.
23  *
24  * @copyright 2021 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
25  */
26 RCSIDH(validate_h, "$Id: 18ee4f23654526ead1949e66139721e027bf2a3d $")
27 
28 #include "openssl_user_macros.h"
29 
30 #include <openssl/ssl.h>
31 #include <openssl/err.h>
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 /** Certificate validation states
38  *
39  */
40 typedef enum {
41  FR_TLS_VALIDATION_INIT = 0, //!< OpenSSL hasn't requested certificate validation.
42  FR_TLS_VALIDATION_REQUESTED, //!< OpenSSL requested validation.
43  FR_TLS_VALIDATION_SUCCESS, //!< Certificate chain was validate.
44  FR_TLS_VALIDATION_FAILED //!< Certificate validation failed.
45 } fr_tls_validation_state_t;
46 
47 typedef enum {
48  FR_TLS_VERIFY_MODE_DISABLED = 0, //!< Don't convert any pairs for verification.
49  FR_TLS_VERIFY_MODE_LEAF = 0x01, //!< Convert the client certificate.
50  FR_TLS_VERIFY_MODE_ISSUER = 0x02, //!< Convert the issuer of the client certificate.
51  FR_TLS_VERIFY_MODE_UNTRUSTED = 0x04, //!< Convert any "untrusted" certificates.
52  FR_TLS_VERIFY_MODE_ALL = //!< Convert the entire certificate chain.
53  FR_TLS_VERIFY_MODE_LEAF |
54  FR_TLS_VERIFY_MODE_ISSUER |
55  FR_TLS_VERIFY_MODE_UNTRUSTED
56 } fr_tls_verify_mode_t;
57 
58 /** Certificate validation state
59  *
60  */
61 typedef struct {
62  rlm_rcode_t rcode;
63  fr_tls_validation_state_t state; //!< Whether OpenSSL has requested
64  ///< certificate validation.
65 
66  bool resumed; //!< Whether we're validating a resumed session.
67 } fr_tls_verify_t;
68 
69 #ifdef __cplusplus
70 }
71 #endif
72 
73 #include "session.h"
74 
75 #ifdef __cplusplus
76 extern "C" {
77 #endif
78 
79 int fr_tls_verify_cert_cb(int ok, X509_STORE_CTX *ctx);
80 
81 int fr_tls_verify_cert_chain(request_t *request, SSL *ssl);
82 
83 bool fr_tls_verify_cert_result(fr_tls_session_t *tls_session);
84 
85 void fr_tls_verify_cert_reset(fr_tls_session_t *tls_session);
86 
87 void fr_tls_verify_cert_request(fr_tls_session_t *tls_session, bool resumed);
88 
89 unlang_action_t fr_tls_verify_cert_pending_push(request_t *request, fr_tls_session_t *tls_session);
90 
91 #ifdef __cplusplus
92 }
93 #endif
94 #endif /* WITH_TLS */
unlang_action_t
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition: action.h:35
RCSIDH
#define RCSIDH(h, id)
Definition: build.h:445
request_t
Definition: merged_model.c:210
rlm_rcode_t
rlm_rcode_t
Return codes indicating the result of the module call.
Definition: rcode.h:40
Generated by   doxygen 1.9.1