1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* 3 * This file is PRIVATE to SSL. 4 * 5 * This Source Code Form is subject to the terms of the Mozilla Public 6 * License, v. 2.0. If a copy of the MPL was not distributed with this 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 8 9 #ifndef __sslcert_h_ 10 #define __sslcert_h_ 11 12 #include "cert.h" 13 #include "secitem.h" 14 #include "keyhi.h" 15 16 /* This type is a bitvector that is indexed by SSLAuthType values. Note that 17 * the bit for ssl_auth_null(0) - the least significant bit - isn't used. */ 18 typedef PRUint16 sslAuthTypeMask; 19 PR_STATIC_ASSERT(sizeof(sslAuthTypeMask) * 8 >= ssl_auth_size); 20 21 typedef struct sslServerCertStr { 22 PRCList link; /* The linked list link */ 23 24 /* The auth types that this certificate provides. */ 25 sslAuthTypeMask authTypes; 26 /* For ssl_auth_ecdsa and ssl_auth_ecdh_*. This is only the named curve 27 * of the end-entity certificate key. The keys in other certificates in 28 * the chain aren't directly relevant to the operation of TLS (though it 29 * might make certificate validation difficult, libssl doesn't care). */ 30 const sslNamedGroupDef *namedCurve; 31 32 /* Configuration state for server sockets */ 33 CERTCertificate *serverCert; 34 CERTCertificateList *serverCertChain; 35 sslKeyPair *serverKeyPair; 36 unsigned int serverKeyBits; 37 /* Each certificate needs its own status. */ 38 SECItemArray *certStatusArray; 39 /* Serialized signed certificate timestamps to be sent to the client 40 ** in a TLS extension (server only). Each certificate needs its own 41 ** timestamps item. 42 */ 43 SECItem signedCertTimestamps; 44 } sslServerCert; 45 46 #define SSL_CERT_IS(c, t) ((c)->authTypes & (1 << (t))) 47 #define SSL_CERT_IS_ONLY(c, t) ((c)->authTypes == (1 << (t))) 48 #define SSL_CERT_IS_EC(c) \ 49 ((c)->authTypes & ((1 << ssl_auth_ecdsa) | \ 50 (1 << ssl_auth_ecdh_rsa) | \ 51 (1 << ssl_auth_ecdh_ecdsa))) 52 53 extern sslServerCert *ssl_NewServerCert(); 54 extern sslServerCert *ssl_CopyServerCert(const sslServerCert *oc); 55 extern const sslServerCert *ssl_FindServerCert( 56 const sslSocket *ss, SSLAuthType authType, 57 const sslNamedGroupDef *namedCurve); 58 extern void ssl_FreeServerCert(sslServerCert *sc); 59 60 #endif /* __sslcert_h_ */ 61