The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
verify.h
Go to the documentation of this file.
1#pragma once
2/*
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
16 */
17#ifdef WITH_TLS
18/**
19 * $Id: 18ee4f23654526ead1949e66139721e027bf2a3d $
20 *
21 * @file lib/tls/validate.h
22 * @brief Structures for session-resumption management.
23 *
24 * @copyright 2021 Arran Cudbard-Bell (a.cudbardb@freeradius.org)
25 */
26RCSIDH(validate_h, "$Id: 18ee4f23654526ead1949e66139721e027bf2a3d $")
27
28#include "openssl_user_macros.h"
29
30#include <openssl/ssl.h>
31#include <openssl/err.h>
32
33#ifdef __cplusplus
34extern "C" {
35#endif
36
37/** Certificate validation states
38 *
39 */
40typedef enum {
41 FR_TLS_VALIDATION_INIT = 0, //!< OpenSSL hasn't requested certificate validation.
42 FR_TLS_VALIDATION_REQUESTED, //!< OpenSSL requested validation.
43 FR_TLS_VALIDATION_SUCCESS, //!< Certificate chain was validate.
44 FR_TLS_VALIDATION_FAILED //!< Certificate validation failed.
45} fr_tls_validation_state_t;
46
47typedef enum {
48 FR_TLS_VERIFY_MODE_DISABLED = 0, //!< Don't convert any pairs for verification.
49 FR_TLS_VERIFY_MODE_LEAF = 0x01, //!< Convert the client certificate.
50 FR_TLS_VERIFY_MODE_ISSUER = 0x02, //!< Convert the issuer of the client certificate.
51 FR_TLS_VERIFY_MODE_UNTRUSTED = 0x04, //!< Convert any "untrusted" certificates.
52 FR_TLS_VERIFY_MODE_ALL = //!< Convert the entire certificate chain.
53 FR_TLS_VERIFY_MODE_LEAF |
54 FR_TLS_VERIFY_MODE_ISSUER |
55 FR_TLS_VERIFY_MODE_UNTRUSTED
56} fr_tls_verify_mode_t;
57
58/** Certificate validation state
59 *
60 */
61typedef struct {
62 rlm_rcode_t rcode;
63 fr_tls_validation_state_t state; //!< Whether OpenSSL has requested
64 ///< certificate validation.
65
66 bool resumed; //!< Whether we're validating a resumed session.
67} fr_tls_verify_t;
68
69#ifdef __cplusplus
70}
71#endif
72
73#include "session.h"
74
75#ifdef __cplusplus
76extern "C" {
77#endif
78
79int fr_tls_verify_cert_cb(int ok, X509_STORE_CTX *ctx);
80
81int fr_tls_verify_cert_chain(request_t *request, SSL *ssl);
82
83bool fr_tls_verify_cert_result(fr_tls_session_t *tls_session);
84
85void fr_tls_verify_cert_reset(fr_tls_session_t *tls_session);
86
87void fr_tls_verify_cert_request(fr_tls_session_t *tls_session, bool resumed);
88
89unlang_action_t fr_tls_verify_cert_pending_push(request_t *request, fr_tls_session_t *tls_session);
90
91#ifdef __cplusplus
92}
93#endif
94#endif /* WITH_TLS */
unlang_action_t
Returned by unlang_op_t calls, determine the next action of the interpreter.
Definition action.h:35
#define RCSIDH(h, id)
Definition build.h:484
rlm_rcode_t
Return codes indicating the result of the module call.
Definition rcode.h:40