]>
git.ipfire.org Git - thirdparty/strongswan.git/blob - programs/pluto/certs.h
1 /* Certificate support for IKE authentication
2 * Copyright (C) 2002-2004 Andreas Steffen, Zuercher Hochschule Winterthur
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * RCSID $Id: certs.h,v 1.7 2005/11/06 22:55:41 as Exp $
24 /* path definitions for private keys, end certs,
25 * cacerts, attribute certs and crls
27 #define PRIVATE_KEY_PATH "/etc/ipsec.d/private"
28 #define HOST_CERT_PATH "/etc/ipsec.d/certs"
29 #define CA_CERT_PATH "/etc/ipsec.d/cacerts"
30 #define A_CERT_PATH "/etc/ipsec.d/acerts"
31 #define AA_CERT_PATH "/etc/ipsec.d/aacerts"
32 #define OCSP_CERT_PATH "/etc/ipsec.d/ocspcerts"
33 #define CRL_PATH "/etc/ipsec.d/crls"
34 #define REQ_PATH "/etc/ipsec.d/reqs"
36 /* advance warning of imminent expiry of
37 * cacerts, public keys, and crls
39 #define CA_CERT_WARNING_INTERVAL 30 /* days */
40 #define OCSP_CERT_WARNING_INTERVAL 30 /* days */
41 #define PUBKEY_WARNING_INTERVAL 7 /* days */
42 #define CRL_WARNING_INTERVAL 7 /* days */
43 #define ACERT_WARNING_INTERVAL 1 /* day */
45 /* certificate access structure
46 * currently X.509 and OpenPGP certificates are supported
56 /* used for initialization */
57 extern const cert_t empty_cert
;
59 /* do not send certificate requests
60 * flag set in plutomain.c and used in ipsec_doi.c
62 extern bool no_cr_send
;
64 extern err_t
load_rsa_private_key(const char* filename
, prompt_pass_t
*pass
65 , RSA_private_key_t
*key
);
66 extern chunk_t
get_mycert(cert_t cert
);
67 extern bool load_coded_file(const char *filename
, prompt_pass_t
*pass
68 , const char *type
, chunk_t
*blob
, bool *pgp
);
69 extern bool load_cert(const char *filename
, const char *label
71 extern bool load_host_cert(const char *filename
, cert_t
*cert
);
72 extern bool load_ca_cert(const char *filename
, cert_t
*cert
);
73 extern bool same_cert(const cert_t
*a
, const cert_t
*b
);
74 extern void share_cert(cert_t cert
);
75 extern void release_cert(cert_t cert
);
76 extern void list_certs(bool utc
);