1 #ifndef _USUAL_TLS_TLS_CERT_H_
2 #define _USUAL_TLS_TLS_CERT_H_
3 
4 #define TLS_CERT_GNAME_DNS	1
5 #define TLS_CERT_GNAME_IPv4	2
6 #define TLS_CERT_GNAME_IPv6	3
7 #define TLS_CERT_GNAME_EMAIL	4
8 #define TLS_CERT_GNAME_URI	5
9 
10 #define TLS_KU_DIGITAL_SIGNATURE	(1 << 0)
11 #define TLS_KU_NON_REPUDIATION		(1 << 1)
12 #define TLS_KU_KEY_ENCIPHERMENT		(1 << 2)
13 #define TLS_KU_DATA_ENCIPHERMENT	(1 << 3)
14 #define TLS_KU_KEY_AGREEMENT		(1 << 4)
15 #define TLS_KU_KEY_CERT_SIGN		(1 << 5)
16 #define TLS_KU_CRL_SIGN			(1 << 6)
17 #define TLS_KU_ENCIPHER_ONLY		(1 << 7)
18 #define TLS_KU_DECIPHER_ONLY		(1 << 8)
19 
20 #define TLS_XKU_SSL_SERVER		(1 << 0)
21 #define TLS_XKU_SSL_CLIENT		(1 << 1)
22 #define TLS_XKU_SMIME			(1 << 2)
23 #define TLS_XKU_CODE_SIGN		(1 << 3)
24 #define TLS_XKU_OCSP_SIGN		(1 << 4)
25 #define TLS_XKU_SGC			(1 << 5)
26 #define TLS_XKU_TIMESTAMP		(1 << 6)
27 #define TLS_XKU_DVCS			(1 << 7)
28 
29 #define TLS_EXT_BASIC			(1 << 0)
30 #define TLS_EXT_KEY_USAGE		(1 << 1)
31 #define TLS_EXT_EXTENDED_KEY_USAGE	(1 << 2)
32 #define TLS_EXT_SUBJECT_ALT_NAME	(1 << 3)
33 
34 /*
35  * GeneralName
36  */
37 struct tls_cert_general_name {
38 	const void *name_value;
39 	int name_type;
40 };
41 
42 /*
43  * DistinguishedName
44  */
45 struct tls_cert_dname {
46 	const char *common_name;
47 	const char *country_name;
48 	const char *state_or_province_name;
49 	const char *locality_name;
50 	const char *street_address;
51 	const char *organization_name;
52 	const char *organizational_unit_name;
53 };
54 
55 struct tls_cert {
56 	/* Version number from cert: 0:v1, 1:v2, 2:v3 */
57 	int version;
58 
59 	/* did it pass verify?  useful when noverifycert is on. */
60 	int successful_verify;
61 
62 	/* DistringuishedName for subject */
63 	struct tls_cert_dname subject;
64 
65 	/* DistringuishedName for issuer */
66 	struct tls_cert_dname issuer;
67 
68 	/* decimal number */
69 	const char *serial;
70 
71 	/* Validity times */
72 	time_t not_before;
73 	time_t not_after;
74 
75 	uint32_t ext_set;
76 	uint32_t ext_crit;
77 
78 	/* BasicConstraints extension */
79 	int basic_constraints_ca;
80 	int basic_constraints_pathlen;
81 
82 	/* KeyUsage extension */
83 	uint32_t key_usage_flags;
84 
85 	/* ExtendedKeyUsage extension */
86 	uint32_t extended_key_usage_flags;
87 
88 	/* SubjectAltName extension */
89 	struct tls_cert_general_name *subject_alt_names;
90 	int subject_alt_name_count;
91 
92 	/* Fingerprint as raw hash */
93 	const unsigned char *fingerprint;
94 	size_t fingerprint_size;
95 };
96 
97 int tls_get_peer_cert(struct tls *ctx, struct tls_cert **cert_p, const char *fingerprint_algo);
98 void tls_cert_free(struct tls_cert *cert);
99 
100 #ifdef TLS_CERT_INTERNAL_FUNCS
101 int tls_parse_cert(struct tls *ctx, struct tls_cert **cert_p,
102 		   const char *fingerprint_algo, X509 *x509);
103 #endif
104 
105 #endif
106