programs/pluto/certs.h

   1 /* Certificate support for IKE authentication
   2  * Copyright (C) 2002-2004 Andreas Steffen, Zuercher Hochschule Winterthur
   3  *
   4  * This program is free software; you can redistribute it and/or modify it
   5  * under the terms of the GNU General Public License as published by the
   6  * Free Software Foundation; either version 2 of the License, or (at your
   7  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   8  *
   9  * This program is distributed in the hope that it will be useful, but
  10  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  11  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * for more details.
  13  *
  14  * RCSID $Id: certs.h,v 1.7 2005/11/06 22:55:41 as Exp $
  15  */
  16
  17 #ifndef _CERTS_H
  18 #define _CERTS_H
  19
  20 #include "pkcs1.h"
  21 #include "x509.h"
  22 #include "pgp.h"
  23
  24 /* path definitions for private keys, end certs,
  25  * cacerts, attribute certs and crls
  26  */
  27 #define PRIVATE_KEY_PATH  "/etc/ipsec.d/private"
  28 #define HOST_CERT_PATH    "/etc/ipsec.d/certs"
  29 #define CA_CERT_PATH      "/etc/ipsec.d/cacerts"
  30 #define A_CERT_PATH       "/etc/ipsec.d/acerts"
  31 #define AA_CERT_PATH      "/etc/ipsec.d/aacerts"
  32 #define OCSP_CERT_PATH    "/etc/ipsec.d/ocspcerts"
  33 #define CRL_PATH          "/etc/ipsec.d/crls"
  34 #define REQ_PATH          "/etc/ipsec.d/reqs"
  35
  36 /* advance warning of imminent expiry of
  37  * cacerts, public keys, and crls
  38  */
  39 #define CA_CERT_WARNING_INTERVAL        30 /* days */
  40 #define OCSP_CERT_WARNING_INTERVAL      30 /* days */
  41 #define PUBKEY_WARNING_INTERVAL          7 /* days */
  42 #define CRL_WARNING_INTERVAL             7 /* days */
  43 #define ACERT_WARNING_INTERVAL           1 /* day */
  44
  45 /* certificate access structure
  46  * currently X.509 and OpenPGP certificates are supported
  47  */
  48 typedef struct {
  49     u_char type;
  50     union {
  51         x509cert_t *x509;
  52         pgpcert_t  *pgp;
  53     } u;
  54 } cert_t;
  55
  56 /* used for initialization */
  57 extern const cert_t empty_cert;
  58
  59 /*  do not send certificate requests
  60  *  flag set in plutomain.c and used in ipsec_doi.c
  61  */
  62 extern bool no_cr_send;
  63
  64 extern err_t load_rsa_private_key(const char* filename, prompt_pass_t *pass
  65     , RSA_private_key_t *key);
  66 extern chunk_t get_mycert(cert_t cert);
  67 extern bool load_coded_file(const char *filename, prompt_pass_t *pass
  68     , const char *type, chunk_t *blob, bool *pgp);
  69 extern bool load_cert(const char *filename, const char *label
  70     , cert_t *cert);
  71 extern bool load_host_cert(const char *filename, cert_t *cert);
  72 extern bool load_ca_cert(const char *filename, cert_t *cert);
  73 extern bool same_cert(const cert_t *a, const cert_t *b);
  74 extern void share_cert(cert_t cert);
  75 extern void release_cert(cert_t cert);
  76 extern void list_certs(bool utc);
  77
  78 #endif /* _CERTS_H */
  79
  80