Changeset 2a1ffd6 in mod_gnutls for src/gnutls_ocsp.h


Ignore:
Timestamp:
May 31, 2016, 1:12:53 PM (3 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, master, upstream
Children:
64856fd
Parents:
d35b98e
Message:

Move trust list generation for OCSP to a separate function

The new function is supposed be used during server configuration
later, instead of recreating the trust list every time an OCSP
response is checked.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_ocsp.h

    rd35b98e r2a1ffd6  
    1919
    2020#include "gnutls/gnutls.h"
     21#include "gnutls/x509.h"
    2122#include "httpd.h"
    2223#include "http_config.h"
     
    2627                                         const char *arg);
    2728
     29/*
     30 * Create a trust list from a certificate chain (one or more
     31 * certificates).
     32 *
     33 * tl: This trust list will be initialized and filled with the
     34 * specified certificate(s)
     35 *
     36 * chain: certificate chain, must contain at least num certifictes
     37 *
     38 * num: number of certificates to load from chain
     39 *
     40 * Chain is supposed to be static (the trust chain of the server
     41 * certificate), so when gnutls_x509_trust_list_deinit() is called on
     42 * tl later, the "all" parameter should be zero.
     43 *
     44 * Returns GNUTLS_E_SUCCESS or a GnuTLS error code. In case of error
     45 * tl will be uninitialized.
     46 */
     47int mgs_create_ocsp_trust_list(gnutls_x509_trust_list_t *tl,
     48                               const gnutls_x509_crt_t *chain,
     49                               const int num);
     50
    2851int mgs_get_ocsp_response(gnutls_session_t session, void *ptr,
    2952                          gnutls_datum_t *ocsp_response);
Note: See TracChangeset for help on using the changeset viewer.