]> git.ipfire.org Git - thirdparty/openssl.git/blame - include/openssl/x509v3.h
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update source files for pre-3.0 deprecation
[thirdparty/openssl.git] / include / openssl / x509v3.h
CommitLineData
0f113f3e 1/*
6738bf14 2 * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
9aeaf1b4 3 *
48f4ad77 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
21dcbebc
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
58964a49 8 */
21dcbebc 9
ae4186b0
DMSP		 10#ifndef OPENSSL_X509V3_H
11# define OPENSSL_X509V3_H
d86167ec
DMSP		 12# pragma once
13
14# include <openssl/macros.h>
936c2b9e 15# ifndef OPENSSL_NO_DEPRECATED_3_0
d86167ec
DMSP		 16# define HEADER_X509V3_H
17# endif
9aeaf1b4 18
0f113f3e
MC		 19# include <openssl/bio.h>
20# include <openssl/x509.h>
21# include <openssl/conf.h>
52df25cf 22# include <openssl/x509v3err.h>
9aeaf1b4 23
82271cee
RL		 24#ifdef __cplusplus
25extern "C" {
26#endif
27
9aeaf1b4
DSH		 28/* Forward reference */
29struct v3_ext_method;
30struct v3_ext_ctx;
31
32/* Useful typedefs */
33
0f113f3e
MC		 34typedef void *(*X509V3_EXT_NEW)(void);
35typedef void (*X509V3_EXT_FREE) (void *);
36typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
9fdcc21f 37typedef int (*X509V3_EXT_I2D) (const void *, unsigned char **);
babb3798 38typedef STACK_OF(CONF_VALUE) *
0f113f3e
MC		 39 (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext,
40 STACK_OF(CONF_VALUE) *extlist);
41typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method,
42 struct v3_ext_ctx *ctx,
43 STACK_OF(CONF_VALUE) *values);
44typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method,
45 void *ext);
46typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method,
47 struct v3_ext_ctx *ctx, const char *str);
48typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext,
49 BIO *out, int indent);
50typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method,
51 struct v3_ext_ctx *ctx, const char *str);
9aeaf1b4
DSH		 52
53/* V3 extension structure */
54
55struct v3_ext_method {
0f113f3e
MC		 56 int ext_nid;
57 int ext_flags;
2aff7727 58/* If this is set the following four fields are ignored */
0f113f3e 59 ASN1_ITEM_EXP *it;
2aff7727 60/* Old style ASN1 calls */
0f113f3e
MC		 61 X509V3_EXT_NEW ext_new;
62 X509V3_EXT_FREE ext_free;
63 X509V3_EXT_D2I d2i;
64 X509V3_EXT_I2D i2d;
9aeaf1b4 65/* The following pair is used for string extensions */
0f113f3e
MC		 66 X509V3_EXT_I2S i2s;
67 X509V3_EXT_S2I s2i;
9aeaf1b4 68/* The following pair is used for multi-valued extensions */
0f113f3e
MC		 69 X509V3_EXT_I2V i2v;
70 X509V3_EXT_V2I v2i;
79a474e8 71/* The following are used for raw extensions */
0f113f3e
MC		 72 X509V3_EXT_I2R i2r;
73 X509V3_EXT_R2I r2i;
74 void *usr_data; /* Any extension specific data */
9aeaf1b4
DSH		 75};
76
1d48dd00 77typedef struct X509V3_CONF_METHOD_st {
34707951
F		 78 char *(*get_string) (void *db, const char *section, const char *value);
79 STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section);
0f113f3e
MC		 80 void (*free_string) (void *db, char *string);
81 void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
1d48dd00 82} X509V3_CONF_METHOD;
175b0942 83
9aeaf1b4 84/* Context specific info */
f317aa4c 85struct v3_ext_ctx {
0f113f3e
MC		 86# define CTX_TEST 0x1
87# define X509V3_CTX_REPLACE 0x2
88 int flags;
89 X509 *issuer_cert;
90 X509 *subject_cert;
91 X509_REQ *subject_req;
92 X509_CRL *crl;
93 X509V3_CONF_METHOD *db_meth;
94 void *db;
9aeaf1b4
DSH		 95/* Maybe more here */
96};
97
98typedef struct v3_ext_method X509V3_EXT_METHOD;
9aeaf1b4 99
85885715 100DEFINE_STACK_OF(X509V3_EXT_METHOD)
0d3b0afe 101
9aeaf1b4 102/* ext_flags values */
0f113f3e
MC		 103# define X509V3_EXT_DYNAMIC 0x1
104# define X509V3_EXT_CTX_DEP 0x2
105# define X509V3_EXT_MULTILINE 0x4
9aeaf1b4 106
c74f1eb9
DSH		 107typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
108
0490a86d 109typedef struct BASIC_CONSTRAINTS_st {
0f113f3e
MC		 110 int ca;
111 ASN1_INTEGER *pathlen;
9aeaf1b4
DSH		 112} BASIC_CONSTRAINTS;
113
0490a86d 114typedef struct PKEY_USAGE_PERIOD_st {
0f113f3e
MC		 115 ASN1_GENERALIZEDTIME *notBefore;
116 ASN1_GENERALIZEDTIME *notAfter;
0be9747b
DSH		 117} PKEY_USAGE_PERIOD;
118
a716d727 119typedef struct otherName_st {
0f113f3e
MC		 120 ASN1_OBJECT *type_id;
121 ASN1_TYPE *value;
a716d727
DSH		 122} OTHERNAME;
123
9d6b1ce6 124typedef struct EDIPartyName_st {
0f113f3e
MC		 125 ASN1_STRING *nameAssigner;
126 ASN1_STRING *partyName;
9d6b1ce6
DSH		 127} EDIPARTYNAME;
128
0490a86d 129typedef struct GENERAL_NAME_st {
0f113f3e
MC		 130# define GEN_OTHERNAME 0
131# define GEN_EMAIL 1
132# define GEN_DNS 2
133# define GEN_X400 3
134# define GEN_DIRNAME 4
135# define GEN_EDIPARTY 5
136# define GEN_URI 6
137# define GEN_IPADD 7
138# define GEN_RID 8
139 int type;
140 union {
141 char *ptr;
142 OTHERNAME *otherName; /* otherName */
143 ASN1_IA5STRING *rfc822Name;
144 ASN1_IA5STRING *dNSName;
145 ASN1_TYPE *x400Address;
146 X509_NAME *directoryName;
147 EDIPARTYNAME *ediPartyName;
148 ASN1_IA5STRING *uniformResourceIdentifier;
149 ASN1_OCTET_STRING *iPAddress;
150 ASN1_OBJECT *registeredID;
151 /* Old names */
152 ASN1_OCTET_STRING *ip; /* iPAddress */
153 X509_NAME *dirn; /* dirn */
154 ASN1_IA5STRING *ia5; /* rfc822Name, dNSName,
155 * uniformResourceIdentifier */
156 ASN1_OBJECT *rid; /* registeredID */
157 ASN1_TYPE *other; /* x400Address */
158 } d;
142fcca8
DSH		 159} GENERAL_NAME;
160
6d3724d3 161typedef struct ACCESS_DESCRIPTION_st {
0f113f3e
MC		 162 ASN1_OBJECT *method;
163 GENERAL_NAME *location;
6d3724d3
DSH		 164} ACCESS_DESCRIPTION;
165
9d6b1ce6
DSH		 166typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
167
168typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
169
ba67253d
RS		 170typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
171
85885715 172DEFINE_STACK_OF(GENERAL_NAME)
4a640fb6 173typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
85885715 174DEFINE_STACK_OF(GENERAL_NAMES)
f5fedc04 175
85885715 176DEFINE_STACK_OF(ACCESS_DESCRIPTION)
6d3724d3 177
d943e372 178typedef struct DIST_POINT_NAME_st {
0f113f3e
MC		 179 int type;
180 union {
181 GENERAL_NAMES *fullname;
182 STACK_OF(X509_NAME_ENTRY) *relativename;
183 } name;
3e727a3b 184/* If relativename then this contains the full distribution point name */
0f113f3e 185 X509_NAME *dpname;
d943e372 186} DIST_POINT_NAME;
4b96839f 187/* All existing reasons */
0f113f3e
MC		 188# define CRLDP_ALL_REASONS 0x807f
189
190# define CRL_REASON_NONE -1
191# define CRL_REASON_UNSPECIFIED 0
192# define CRL_REASON_KEY_COMPROMISE 1
193# define CRL_REASON_CA_COMPROMISE 2
194# define CRL_REASON_AFFILIATION_CHANGED 3
195# define CRL_REASON_SUPERSEDED 4
196# define CRL_REASON_CESSATION_OF_OPERATION 5
197# define CRL_REASON_CERTIFICATE_HOLD 6
198# define CRL_REASON_REMOVE_FROM_CRL 8
199# define CRL_REASON_PRIVILEGE_WITHDRAWN 9
200# define CRL_REASON_AA_COMPROMISE 10
d43c4497 201
edc54021 202struct DIST_POINT_st {
0f113f3e
MC		 203 DIST_POINT_NAME *distpoint;
204 ASN1_BIT_STRING *reasons;
205 GENERAL_NAMES *CRLissuer;
206 int dp_reasons;
edc54021 207};
d943e372 208
9d6b1ce6
DSH		 209typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
210
85885715 211DEFINE_STACK_OF(DIST_POINT)
d943e372 212
edc54021 213struct AUTHORITY_KEYID_st {
0f113f3e
MC		 214 ASN1_OCTET_STRING *keyid;
215 GENERAL_NAMES *issuer;
216 ASN1_INTEGER *serial;
edc54021 217};
f5fedc04 218
785cdf20 219/* Strong extranet structures */
142fcca8 220
0490a86d 221typedef struct SXNET_ID_st {
0f113f3e
MC		 222 ASN1_INTEGER *zone;
223 ASN1_OCTET_STRING *user;
785cdf20 224} SXNETID;
142fcca8 225
85885715 226DEFINE_STACK_OF(SXNETID)
cfdcfede
BL		 227
228typedef struct SXNET_st {
0f113f3e
MC		 229 ASN1_INTEGER *version;
230 STACK_OF(SXNETID) *ids;
cfdcfede
BL		 231} SXNET;
232
c83e523d 233typedef struct NOTICEREF_st {
0f113f3e
MC		 234 ASN1_STRING *organization;
235 STACK_OF(ASN1_INTEGER) *noticenos;
c83e523d
DSH		 236} NOTICEREF;
237
238typedef struct USERNOTICE_st {
0f113f3e
MC		 239 NOTICEREF *noticeref;
240 ASN1_STRING *exptext;
c83e523d
DSH		 241} USERNOTICE;
242
243typedef struct POLICYQUALINFO_st {
0f113f3e
MC		 244 ASN1_OBJECT *pqualid;
245 union {
246 ASN1_IA5STRING *cpsuri;
247 USERNOTICE *usernotice;
248 ASN1_TYPE *other;
249 } d;
c83e523d
DSH		 250} POLICYQUALINFO;
251
85885715 252DEFINE_STACK_OF(POLICYQUALINFO)
c83e523d
DSH		 253
254typedef struct POLICYINFO_st {
0f113f3e
MC		 255 ASN1_OBJECT *policyid;
256 STACK_OF(POLICYQUALINFO) *qualifiers;
c83e523d
DSH		 257} POLICYINFO;
258
9d6b1ce6
DSH		 259typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
260
85885715 261DEFINE_STACK_OF(POLICYINFO)
c83e523d 262
a1d12dae 263typedef struct POLICY_MAPPING_st {
0f113f3e
MC		 264 ASN1_OBJECT *issuerDomainPolicy;
265 ASN1_OBJECT *subjectDomainPolicy;
a1d12dae
DSH		 266} POLICY_MAPPING;
267
85885715 268DEFINE_STACK_OF(POLICY_MAPPING)
a1d12dae
DSH		 269
270typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
271
520b76ff 272typedef struct GENERAL_SUBTREE_st {
0f113f3e
MC		 273 GENERAL_NAME *base;
274 ASN1_INTEGER *minimum;
275 ASN1_INTEGER *maximum;
520b76ff
DSH		 276} GENERAL_SUBTREE;
277
85885715 278DEFINE_STACK_OF(GENERAL_SUBTREE)
520b76ff 279
e9746e03 280struct NAME_CONSTRAINTS_st {
0f113f3e
MC		 281 STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
282 STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
e9746e03 283};
520b76ff 284
f80153e2 285typedef struct POLICY_CONSTRAINTS_st {
0f113f3e
MC		 286 ASN1_INTEGER *requireExplicitPolicy;
287 ASN1_INTEGER *inhibitPolicyMapping;
f80153e2
DSH		 288} POLICY_CONSTRAINTS;
289
6951c23a 290/* Proxy certificate structures, see RFC 3820 */
0f113f3e
MC		 291typedef struct PROXY_POLICY_st {
292 ASN1_OBJECT *policyLanguage;
293 ASN1_OCTET_STRING *policy;
294} PROXY_POLICY;
295
296typedef struct PROXY_CERT_INFO_EXTENSION_st {
297 ASN1_INTEGER *pcPathLengthConstraint;
298 PROXY_POLICY *proxyPolicy;
299} PROXY_CERT_INFO_EXTENSION;
6951c23a
RL		 300
301DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
302DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
303
0f113f3e
MC		 304struct ISSUING_DIST_POINT_st {
305 DIST_POINT_NAME *distpoint;
306 int onlyuser;
307 int onlyCA;
308 ASN1_BIT_STRING *onlysomereasons;
309 int indirectCRL;
310 int onlyattr;
311};
6951c23a 312
4d50a2b4
DSH		 313/* Values in idp_flags field */
314/* IDP present */
0f113f3e 315# define IDP_PRESENT 0x1
4d50a2b4 316/* IDP values inconsistent */
0f113f3e 317# define IDP_INVALID 0x2
4d50a2b4 318/* onlyuser true */
0f113f3e 319# define IDP_ONLYUSER 0x4
4d50a2b4 320/* onlyCA true */
0f113f3e 321# define IDP_ONLYCA 0x8
4d50a2b4 322/* onlyattr true */
0f113f3e 323# define IDP_ONLYATTR 0x10
4d50a2b4 324/* indirectCRL true */
0f113f3e 325# define IDP_INDIRECT 0x20
4d50a2b4 326/* onlysomereasons present */
0f113f3e 327# define IDP_REASONS 0x40
4d50a2b4 328
37659ea4
BE		 329# define X509V3_conf_err(val) ERR_add_error_data(6, \
330 "section:", (val)->section, \
331 ",name:", (val)->name, ",value:", (val)->value)
9aeaf1b4 332
0f113f3e
MC		 333# define X509V3_set_ctx_test(ctx) \
334 X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
335# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
41b731f2 336
0f113f3e
MC		 337# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
338 0,0,0,0, \
339 0,0, \
340 (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
341 (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
342 NULL, NULL, \
343 table}
9aeaf1b4 344
0f113f3e
MC		 345# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
346 0,0,0,0, \
347 (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
348 (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
349 0,0,0,0, \
350 NULL}
9aeaf1b4 351
0f113f3e 352# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
673b102c
DSH		 353
354/* X509_PURPOSE stuff */
355
0f113f3e
MC		 356# define EXFLAG_BCONS 0x1
357# define EXFLAG_KUSAGE 0x2
358# define EXFLAG_XKUSAGE 0x4
359# define EXFLAG_NSCERT 0x8
673b102c 360
0f113f3e 361# define EXFLAG_CA 0x10
db50661f 362/* Really self issued not necessarily self signed */
0f113f3e
MC		 363# define EXFLAG_SI 0x20
364# define EXFLAG_V1 0x40
365# define EXFLAG_INVALID 0x80
2d60c923 366/* EXFLAG_SET is set to indicate that some values have been precomputed */
0f113f3e
MC		 367# define EXFLAG_SET 0x100
368# define EXFLAG_CRITICAL 0x200
369# define EXFLAG_PROXY 0x400
370
371# define EXFLAG_INVALID_POLICY 0x800
372# define EXFLAG_FRESHEST 0x1000
b1efb716 373/* Self signed */
0f113f3e
MC		 374# define EXFLAG_SS 0x2000
375
376# define KU_DIGITAL_SIGNATURE 0x0080
377# define KU_NON_REPUDIATION 0x0040
378# define KU_KEY_ENCIPHERMENT 0x0020
379# define KU_DATA_ENCIPHERMENT 0x0010
380# define KU_KEY_AGREEMENT 0x0008
381# define KU_KEY_CERT_SIGN 0x0004
382# define KU_CRL_SIGN 0x0002
383# define KU_ENCIPHER_ONLY 0x0001
384# define KU_DECIPHER_ONLY 0x8000
385
386# define NS_SSL_CLIENT 0x80
387# define NS_SSL_SERVER 0x40
388# define NS_SMIME 0x20
389# define NS_OBJSIGN 0x10
390# define NS_SSL_CA 0x04
391# define NS_SMIME_CA 0x02
392# define NS_OBJSIGN_CA 0x01
393# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
394
395# define XKU_SSL_SERVER 0x1
396# define XKU_SSL_CLIENT 0x2
397# define XKU_SMIME 0x4
398# define XKU_CODE_SIGN 0x8
399# define XKU_SGC 0x10
400# define XKU_OCSP_SIGN 0x20
401# define XKU_TIMESTAMP 0x40
402# define XKU_DVCS 0x80
403# define XKU_ANYEKU 0x100
404
405# define X509_PURPOSE_DYNAMIC 0x1
406# define X509_PURPOSE_DYNAMIC_NAME 0x2
79875776 407
673b102c 408typedef struct x509_purpose_st {
0f113f3e
MC		 409 int purpose;
410 int trust; /* Default trust ID */
411 int flags;
412 int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int);
413 char *name;
414 char *sname;
415 void *usr_data;
673b102c
DSH		 416} X509_PURPOSE;
417
0f113f3e
MC		 418# define X509_PURPOSE_SSL_CLIENT 1
419# define X509_PURPOSE_SSL_SERVER 2
420# define X509_PURPOSE_NS_SSL_SERVER 3
421# define X509_PURPOSE_SMIME_SIGN 4
422# define X509_PURPOSE_SMIME_ENCRYPT 5
423# define X509_PURPOSE_CRL_SIGN 6
424# define X509_PURPOSE_ANY 7
425# define X509_PURPOSE_OCSP_HELPER 8
426# define X509_PURPOSE_TIMESTAMP_SIGN 9
673b102c 427
0f113f3e
MC		 428# define X509_PURPOSE_MIN 1
429# define X509_PURPOSE_MAX 9
dd413410 430
8ca533e3
DSH		 431/* Flags for X509V3_EXT_print() */
432
0f113f3e 433# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
8ca533e3 434/* Return error for unknown extensions */
0f113f3e 435# define X509V3_EXT_DEFAULT 0
8ca533e3 436/* Print error for unknown extensions */
0f113f3e 437# define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
8ca533e3 438/* ASN1 parse unknown extensions */
0f113f3e 439# define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
8ca533e3 440/* BIO_dump unknown extensions */
0f113f3e 441# define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
8ca533e3 442
57d2f217
DSH		 443/* Flags for X509V3_add1_i2d */
444
0f113f3e
MC		 445# define X509V3_ADD_OP_MASK 0xfL
446# define X509V3_ADD_DEFAULT 0L
447# define X509V3_ADD_APPEND 1L
448# define X509V3_ADD_REPLACE 2L
449# define X509V3_ADD_REPLACE_EXISTING 3L
450# define X509V3_ADD_KEEP_EXISTING 4L
451# define X509V3_ADD_DELETE 5L
452# define X509V3_ADD_SILENT 0x10
57d2f217 453
85885715 454DEFINE_STACK_OF(X509_PURPOSE)
673b102c 455
2aff7727 456DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
9aeaf1b4 457
9d6b1ce6
DSH		 458DECLARE_ASN1_FUNCTIONS(SXNET)
459DECLARE_ASN1_FUNCTIONS(SXNETID)
785cdf20 460
0aa25a68
F		 461int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen);
462int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
0f113f3e 463 int userlen);
0aa25a68 464int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
0f113f3e 465 int userlen);
28a98809 466
0aa25a68 467ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
28a98809
DSH		 468ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
469ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
470
9d6b1ce6
DSH		 471DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
472
473DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
474
475DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
9fdcc21f 476DECLARE_ASN1_DUP_FUNCTION(GENERAL_NAME)
c7235be6
UM		 477int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
478
5d6383c8 479ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
0f113f3e
MC		 480 X509V3_CTX *ctx,
481 STACK_OF(CONF_VALUE) *nval);
5d6383c8 482STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
0f113f3e
MC		 483 ASN1_BIT_STRING *bits,
484 STACK_OF(CONF_VALUE) *extlist);
485char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
6452a139 486ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
13f74c66 487 X509V3_CTX *ctx, const char *str);
5d6383c8 488
0f113f3e
MC		 489STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
490 GENERAL_NAME *gen,
491 STACK_OF(CONF_VALUE) *ret);
2c15d426 492int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
175b0942 493
9d6b1ce6 494DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
0be9747b 495
ba404b5e 496STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
0f113f3e
MC		 497 GENERAL_NAMES *gen,
498 STACK_OF(CONF_VALUE) *extlist);
babb3798 499GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
0f113f3e 500 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
142fcca8 501
9d6b1ce6
DSH		 502DECLARE_ASN1_FUNCTIONS(OTHERNAME)
503DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
c7235be6 504int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
a5cdb7d5 505void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
5435a830 506void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype);
a5cdb7d5 507int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
0f113f3e 508 ASN1_OBJECT *oid, ASN1_TYPE *value);
5435a830 509int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen,
0f113f3e 510 ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
a716d727 511
0f113f3e 512char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
bf9d5e48 513 const ASN1_OCTET_STRING *ia5);
0f113f3e 514ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
bf9d5e48 515 X509V3_CTX *ctx, const char *str);
142fcca8 516
9d6b1ce6 517DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
095d2f0f 518int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a);
6d3724d3 519
ba67253d
RS		 520DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
521
9d6b1ce6
DSH		 522DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
523DECLARE_ASN1_FUNCTIONS(POLICYINFO)
524DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
525DECLARE_ASN1_FUNCTIONS(USERNOTICE)
526DECLARE_ASN1_FUNCTIONS(NOTICEREF)
6d3724d3 527
9d6b1ce6
DSH		 528DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
529DECLARE_ASN1_FUNCTIONS(DIST_POINT)
530DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
8eb72175 531DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
6d3724d3 532
3e727a3b
DSH		 533int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
534
e9746e03 535int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
5bd5dcd4 536int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc);
e9746e03 537
9d6b1ce6
DSH		 538DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
539DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
6d3724d3 540
a1d12dae 541DECLARE_ASN1_ITEM(POLICY_MAPPING)
ea3675b5 542DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
a1d12dae
DSH		 543DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
544
520b76ff
DSH		 545DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
546DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
547
548DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
549DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
550
f80153e2
DSH		 551DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
552DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
553
be86c7fc 554GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
0f113f3e 555 const X509V3_EXT_METHOD *method,
02e112a8 556 X509V3_CTX *ctx, int gen_type,
c8f717fe 557 const char *value, int is_nc);
be86c7fc 558
ae4186b0 559# ifdef OPENSSL_CONF_H
0f113f3e
MC		 560GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
561 X509V3_CTX *ctx, CONF_VALUE *cnf);
babb3798 562GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
0f113f3e
MC		 563 const X509V3_EXT_METHOD *method,
564 X509V3_CTX *ctx, CONF_VALUE *cnf,
565 int is_nc);
9aeaf1b4 566void X509V3_conf_free(CONF_VALUE *val);
b7a26e6d 567
0f113f3e 568X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
34707951
F		 569 const char *value);
570X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
571 const char *value);
572int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
0f113f3e 573 STACK_OF(X509_EXTENSION) **sk);
34707951 574int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
0f113f3e 575 X509 *cert);
34707951 576int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
0f113f3e 577 X509_REQ *req);
34707951 578int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
0f113f3e
MC		 579 X509_CRL *crl);
580
581X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
582 X509V3_CTX *ctx, int ext_nid,
34707951 583 const char *value);
3c1d6bbc 584X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
34707951 585 const char *name, const char *value);
3c1d6bbc 586int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
34707951 587 const char *section, X509 *cert);
3c1d6bbc 588int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
34707951 589 const char *section, X509_REQ *req);
3c1d6bbc 590int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
34707951 591 const char *section, X509_CRL *crl);
b7a26e6d 592
c8f717fe 593int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
0f113f3e 594 STACK_OF(CONF_VALUE) **extlist);
bf9d5e48
F		 595int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
596int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
b7a26e6d 597void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
3c1d6bbc 598void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
0f113f3e 599# endif
9aeaf1b4 600
c8f717fe
F		 601char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section);
602STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
41b731f2 603void X509V3_string_free(X509V3_CTX *ctx, char *str);
0f113f3e 604void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
1d48dd00 605void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
0f113f3e 606 X509_REQ *req, X509_CRL *crl, int flags);
1d48dd00 607
ba404b5e 608int X509V3_add_value(const char *name, const char *value,
0f113f3e 609 STACK_OF(CONF_VALUE) **extlist);
61f5b6f3 610int X509V3_add_value_uchar(const char *name, const unsigned char *value,
0f113f3e 611 STACK_OF(CONF_VALUE) **extlist);
ba404b5e 612int X509V3_add_value_bool(const char *name, int asn1_bool,
0f113f3e 613 STACK_OF(CONF_VALUE) **extlist);
bf9d5e48 614int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
0f113f3e 615 STACK_OF(CONF_VALUE) **extlist);
a6a283b3 616char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
2b91da96 617ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
bf9d5e48 618char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
0f113f3e 619char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
bf9d5e48 620 const ASN1_ENUMERATED *aint);
9aeaf1b4 621int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
397f7038 622int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
9aeaf1b4
DSH		 623int X509V3_EXT_add_alias(int nid_to, int nid_from);
624void X509V3_EXT_cleanup(void);
625
babb3798
BL		 626const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
627const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
9aeaf1b4 628int X509V3_add_standard_extensions(void);
535d79da 629STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
f5fedc04 630void *X509V3_EXT_d2i(X509_EXTENSION *ext);
84de54b9 631void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
0f113f3e 632 int *idx);
57d2f217 633
c8b41850 634X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
0f113f3e
MC		 635int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
636 int crit, unsigned long flags);
9aeaf1b4 637
00db8c60 638#ifndef OPENSSL_NO_DEPRECATED_1_1_0
14f051a0
RS		 639/* The new declarations are in crypto.h, but the old ones were here. */
640# define hex_to_string OPENSSL_buf2hexstr
641# define string_to_hex OPENSSL_hexstr2buf
642#endif
175b0942 643
ba404b5e 644void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
0f113f3e
MC		 645 int ml);
646int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
647 int indent);
984d6c60 648#ifndef OPENSSL_NO_STDIO
785cdf20 649int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
984d6c60 650#endif
5e6089f0
MC		 651int X509V3_extensions_print(BIO *out, const char *title,
652 const STACK_OF(X509_EXTENSION) *exts,
0f113f3e 653 unsigned long flag, int indent);
2c15d426 654
30b415b0 655int X509_check_ca(X509 *x);
673b102c 656int X509_check_purpose(X509 *x, int id, int ca);
f1558bb4 657int X509_supported_extension(X509_EXTENSION *ex);
926a56bf 658int X509_PURPOSE_set(int *p, int purpose);
2f043896 659int X509_check_issued(X509 *issuer, X509 *subject);
bc7535bc 660int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
9961cb77 661void X509_set_proxy_flag(X509 *x);
fe0169b0
RL		 662void X509_set_proxy_pathlen(X509 *x, long l);
663long X509_get_proxy_pathlen(X509 *x);
063f1f0c
DSH		 664
665uint32_t X509_get_extension_flags(X509 *x);
666uint32_t X509_get_key_usage(X509 *x);
667uint32_t X509_get_extended_key_usage(X509 *x);
d19a50c9 668const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
b383aa20 669const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
afdec13d
DMSP		 670const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);
671const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);
063f1f0c 672
d4cec6a1 673int X509_PURPOSE_get_count(void);
0f113f3e 674X509_PURPOSE *X509_PURPOSE_get0(int idx);
c8f717fe 675int X509_PURPOSE_get_by_sname(const char *sname);
d4cec6a1 676int X509_PURPOSE_get_by_id(int id);
dd413410 677int X509_PURPOSE_add(int id, int trust, int flags,
0f113f3e 678 int (*ck) (const X509_PURPOSE *, const X509 *, int),
c8f717fe
F		 679 const char *name, const char *sname, void *arg);
680char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
681char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
682int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
79875776 683void X509_PURPOSE_cleanup(void);
c8f717fe 684int X509_PURPOSE_get_id(const X509_PURPOSE *);
673b102c 685
c869da88
DSH		 686STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
687STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
688void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
689STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
a70da5b3
DSH		 690/* Flags for X509_check_* functions */
691
0f113f3e
MC		 692/*
693 * Always check subject name for host match even if subject alt names present
694 */
695# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1
397a8e74 696/* Disable wildcard matching for dnsName fields and common name. */
0f113f3e 697# define X509_CHECK_FLAG_NO_WILDCARDS 0x2
397a8e74 698/* Wildcards must not match a partial label. */
0f113f3e 699# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
397a8e74 700/* Allow (non-partial) wildcards to match multiple labels. */
0f113f3e 701# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
a09e4d24 702/* Constraint verifier subdomain patterns to match a single labels. */
0f113f3e 703# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
dd60efea
VD		 704/* Never check the subject CN */
705# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
a09e4d24
VD		 706/*
707 * Match reference identifiers starting with "." to any sub-domain.
708 * This is a non-public flag, turned on implicitly when the subject
709 * reference identity is a DNS name.
710 */
0f113f3e 711# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
a70da5b3 712
297c67fc 713int X509_check_host(X509 *x, const char *chk, size_t chklen,
0f113f3e 714 unsigned int flags, char **peername);
297c67fc 715int X509_check_email(X509 *x, const char *chk, size_t chklen,
0f113f3e 716 unsigned int flags);
a70da5b3 717int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
0f113f3e 718 unsigned int flags);
a70da5b3 719int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
a91dedca 720
4e5d3a7f 721ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
520b76ff 722ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
a7b1eed5 723int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
0f113f3e 724 unsigned long chtype);
a91dedca 725
ecf13991 726void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
85885715 727DEFINE_STACK_OF(X509_POLICY_NODE)
ecf13991 728
47bbaa5b 729#ifndef OPENSSL_NO_RFC3779
96ea4ae9 730typedef struct ASRange_st {
0f113f3e 731 ASN1_INTEGER *min, *max;
96ea4ae9
BL		 732} ASRange;
733
c73ad690
RS		 734# define ASIdOrRange_id 0
735# define ASIdOrRange_range 1
96ea4ae9
BL		 736
737typedef struct ASIdOrRange_st {
0f113f3e
MC		 738 int type;
739 union {
740 ASN1_INTEGER *id;
741 ASRange *range;
742 } u;
96ea4ae9
BL		 743} ASIdOrRange;
744
745typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
85885715 746DEFINE_STACK_OF(ASIdOrRange)
96ea4ae9 747
c73ad690
RS		 748# define ASIdentifierChoice_inherit 0
749# define ASIdentifierChoice_asIdsOrRanges 1
96ea4ae9
BL		 750
751typedef struct ASIdentifierChoice_st {
0f113f3e
MC		 752 int type;
753 union {
754 ASN1_NULL *inherit;
755 ASIdOrRanges *asIdsOrRanges;
756 } u;
96ea4ae9
BL		 757} ASIdentifierChoice;
758
759typedef struct ASIdentifiers_st {
0f113f3e 760 ASIdentifierChoice *asnum, *rdi;
96ea4ae9
BL		 761} ASIdentifiers;
762
763DECLARE_ASN1_FUNCTIONS(ASRange)
764DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
765DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
766DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
767
96ea4ae9 768typedef struct IPAddressRange_st {
0f113f3e 769 ASN1_BIT_STRING *min, *max;
96ea4ae9
BL		 770} IPAddressRange;
771
c73ad690
RS		 772# define IPAddressOrRange_addressPrefix 0
773# define IPAddressOrRange_addressRange 1
96ea4ae9
BL		 774
775typedef struct IPAddressOrRange_st {
0f113f3e
MC		 776 int type;
777 union {
778 ASN1_BIT_STRING *addressPrefix;
779 IPAddressRange *addressRange;
780 } u;
96ea4ae9
BL		 781} IPAddressOrRange;
782
783typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
85885715 784DEFINE_STACK_OF(IPAddressOrRange)
96ea4ae9 785
c73ad690
RS		 786# define IPAddressChoice_inherit 0
787# define IPAddressChoice_addressesOrRanges 1
96ea4ae9
BL		 788
789typedef struct IPAddressChoice_st {
0f113f3e
MC		 790 int type;
791 union {
792 ASN1_NULL *inherit;
793 IPAddressOrRanges *addressesOrRanges;
794 } u;
96ea4ae9
BL		 795} IPAddressChoice;
796
797typedef struct IPAddressFamily_st {
0f113f3e
MC		 798 ASN1_OCTET_STRING *addressFamily;
799 IPAddressChoice *ipAddressChoice;
96ea4ae9
BL		 800} IPAddressFamily;
801
802typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
85885715 803DEFINE_STACK_OF(IPAddressFamily)
96ea4ae9
BL		 804
805DECLARE_ASN1_FUNCTIONS(IPAddressRange)
806DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
807DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
808DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
809
810/*
811 * API tag for elements of the ASIdentifer SEQUENCE.
812 */
c73ad690
RS		 813# define V3_ASID_ASNUM 0
814# define V3_ASID_RDI 1
96ea4ae9
BL		 815
816/*
817 * AFI values, assigned by IANA. It'd be nice to make the AFI
818 * handling code totally generic, but there are too many little things
819 * that would need to be defined for other address families for it to
820 * be worth the trouble.
821 */
c73ad690
RS		 822# define IANA_AFI_IPV4 1
823# define IANA_AFI_IPV6 2
96ea4ae9
BL		 824
825/*
826 * Utilities to construct and extract values from RFC3779 extensions,
827 * since some of the encodings (particularly for IP address prefixes
828 * and ranges) are a bit tedious to work with directly.
829 */
9021a5df
RS		 830int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
831int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
832 ASN1_INTEGER *min, ASN1_INTEGER *max);
833int X509v3_addr_add_inherit(IPAddrBlocks *addr,
834 const unsigned afi, const unsigned *safi);
835int X509v3_addr_add_prefix(IPAddrBlocks *addr,
836 const unsigned afi, const unsigned *safi,
837 unsigned char *a, const int prefixlen);
838int X509v3_addr_add_range(IPAddrBlocks *addr,
839 const unsigned afi, const unsigned *safi,
840 unsigned char *min, unsigned char *max);
841unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
842int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
843 unsigned char *min, unsigned char *max,
844 const int length);
96ea4ae9
BL		 845
846/*
847 * Canonical forms.
848 */
9021a5df
RS		 849int X509v3_asid_is_canonical(ASIdentifiers *asid);
850int X509v3_addr_is_canonical(IPAddrBlocks *addr);
851int X509v3_asid_canonize(ASIdentifiers *asid);
852int X509v3_addr_canonize(IPAddrBlocks *addr);
96ea4ae9
BL		 853
854/*
855 * Tests for inheritance and containment.
856 */
9021a5df
RS		 857int X509v3_asid_inherits(ASIdentifiers *asid);
858int X509v3_addr_inherits(IPAddrBlocks *addr);
859int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
860int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
96ea4ae9
BL		 861
862/*
863 * Check whether RFC 3779 extensions nest properly in chains.
864 */
9021a5df
RS		 865int X509v3_asid_validate_path(X509_STORE_CTX *);
866int X509v3_addr_validate_path(X509_STORE_CTX *);
867int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
868 ASIdentifiers *ext,
869 int allow_inheritance);
870int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
871 IPAddrBlocks *ext, int allow_inheritance);
96ea4ae9 872
47bbaa5b 873#endif /* OPENSSL_NO_RFC3779 */
9021a5df 874
fa743582
RS		 875DEFINE_STACK_OF(ASN1_STRING)
876
877/*
878 * Admission Syntax
879 */
880typedef struct NamingAuthority_st NAMING_AUTHORITY;
881typedef struct ProfessionInfo_st PROFESSION_INFO;
882typedef struct Admissions_st ADMISSIONS;
883typedef struct AdmissionSyntax_st ADMISSION_SYNTAX;
884DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
885DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
886DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
887DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
888DEFINE_STACK_OF(ADMISSIONS)
889DEFINE_STACK_OF(PROFESSION_INFO)
890typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
891
892const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
893 const NAMING_AUTHORITY *n);
894const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
895 const NAMING_AUTHORITY *n);
896const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
897 const NAMING_AUTHORITY *n);
898void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n,
899 ASN1_OBJECT* namingAuthorityId);
900void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n,
901 ASN1_IA5STRING* namingAuthorityUrl);
902void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n,
903 ASN1_STRING* namingAuthorityText);
904
905const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(
906 const ADMISSION_SYNTAX *as);
907void ADMISSION_SYNTAX_set0_admissionAuthority(
908 ADMISSION_SYNTAX *as, GENERAL_NAME *aa);
909const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
910 const ADMISSION_SYNTAX *as);
911void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
912 ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a);
913const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a);
914void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa);
915const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a);
916void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na);
917const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a);
918void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi);
919const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(
920 const PROFESSION_INFO *pi);
921void PROFESSION_INFO_set0_addProfessionInfo(
922 PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos);
923const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(
924 const PROFESSION_INFO *pi);
925void PROFESSION_INFO_set0_namingAuthority(
926 PROFESSION_INFO *pi, NAMING_AUTHORITY *na);
927const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(
928 const PROFESSION_INFO *pi);
929void PROFESSION_INFO_set0_professionItems(
930 PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as);
931const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(
932 const PROFESSION_INFO *pi);
933void PROFESSION_INFO_set0_professionOIDs(
934 PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po);
935const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
936 const PROFESSION_INFO *pi);
937void PROFESSION_INFO_set0_registrationNumber(
938 PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
939
0cd0a820 940# ifdef __cplusplus
9aeaf1b4 941}
0cd0a820 942# endif
9aeaf1b4 943#endif
A mirror of the official openssl repository