1 #ifndef _USUAL_TLS_TLS_CERT_H_ 2 #define _USUAL_TLS_TLS_CERT_H_ 3 4 #define TLS_CERT_GNAME_DNS 1 5 #define TLS_CERT_GNAME_IPv4 2 6 #define TLS_CERT_GNAME_IPv6 3 7 #define TLS_CERT_GNAME_EMAIL 4 8 #define TLS_CERT_GNAME_URI 5 9 10 #define TLS_KU_DIGITAL_SIGNATURE (1 << 0) 11 #define TLS_KU_NON_REPUDIATION (1 << 1) 12 #define TLS_KU_KEY_ENCIPHERMENT (1 << 2) 13 #define TLS_KU_DATA_ENCIPHERMENT (1 << 3) 14 #define TLS_KU_KEY_AGREEMENT (1 << 4) 15 #define TLS_KU_KEY_CERT_SIGN (1 << 5) 16 #define TLS_KU_CRL_SIGN (1 << 6) 17 #define TLS_KU_ENCIPHER_ONLY (1 << 7) 18 #define TLS_KU_DECIPHER_ONLY (1 << 8) 19 20 #define TLS_XKU_SSL_SERVER (1 << 0) 21 #define TLS_XKU_SSL_CLIENT (1 << 1) 22 #define TLS_XKU_SMIME (1 << 2) 23 #define TLS_XKU_CODE_SIGN (1 << 3) 24 #define TLS_XKU_OCSP_SIGN (1 << 4) 25 #define TLS_XKU_SGC (1 << 5) 26 #define TLS_XKU_TIMESTAMP (1 << 6) 27 #define TLS_XKU_DVCS (1 << 7) 28 29 #define TLS_EXT_BASIC (1 << 0) 30 #define TLS_EXT_KEY_USAGE (1 << 1) 31 #define TLS_EXT_EXTENDED_KEY_USAGE (1 << 2) 32 #define TLS_EXT_SUBJECT_ALT_NAME (1 << 3) 33 34 /* 35 * GeneralName 36 */ 37 struct tls_cert_general_name { 38 const void *name_value; 39 int name_type; 40 }; 41 42 /* 43 * DistinguishedName 44 */ 45 struct tls_cert_dname { 46 const char *common_name; 47 const char *country_name; 48 const char *state_or_province_name; 49 const char *locality_name; 50 const char *street_address; 51 const char *organization_name; 52 const char *organizational_unit_name; 53 }; 54 55 struct tls_cert { 56 /* Version number from cert: 0:v1, 1:v2, 2:v3 */ 57 int version; 58 59 /* did it pass verify? useful when noverifycert is on. */ 60 int successful_verify; 61 62 /* DistringuishedName for subject */ 63 struct tls_cert_dname subject; 64 65 /* DistringuishedName for issuer */ 66 struct tls_cert_dname issuer; 67 68 /* decimal number */ 69 const char *serial; 70 71 /* Validity times */ 72 time_t not_before; 73 time_t not_after; 74 75 uint32_t ext_set; 76 uint32_t ext_crit; 77 78 /* BasicConstraints extension */ 79 int basic_constraints_ca; 80 int basic_constraints_pathlen; 81 82 /* KeyUsage extension */ 83 uint32_t key_usage_flags; 84 85 /* ExtendedKeyUsage extension */ 86 uint32_t extended_key_usage_flags; 87 88 /* SubjectAltName extension */ 89 struct tls_cert_general_name *subject_alt_names; 90 int subject_alt_name_count; 91 92 /* Fingerprint as raw hash */ 93 const unsigned char *fingerprint; 94 size_t fingerprint_size; 95 }; 96 97 int tls_get_peer_cert(struct tls *ctx, struct tls_cert **cert_p, const char *fingerprint_algo); 98 void tls_cert_free(struct tls_cert *cert); 99 100 #ifdef TLS_CERT_INTERNAL_FUNCS 101 int tls_parse_cert(struct tls *ctx, struct tls_cert **cert_p, 102 const char *fingerprint_algo, X509 *x509); 103 #endif 104 105 #endif 106