programs/pluto/crl.h

   1 /* Support of X.509 certificate revocation lists (CRLs)
   2  * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
   3  *
   4  * This program is free software; you can redistribute it and/or modify it
   5  * under the terms of the GNU General Public License as published by the
   6  * Free Software Foundation; either version 2 of the License, or (at your
   7  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   8  *
   9  * This program is distributed in the hope that it will be useful, but
  10  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  11  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * for more details.
  13  *
  14  * RCSID $Id: crl.h,v 1.4 2005/07/18 19:36:22 as Exp $
  15  */
  16
  17 #include "constants.h"
  18
  19 /* access structure for a revoked serial number */
  20
  21 typedef struct revokedCert revokedCert_t;
  22
  23 struct revokedCert{
  24   revokedCert_t *next;
  25   chunk_t       userCertificate;
  26   time_t        revocationDate;
  27   crl_reason_t  revocationReason;
  28 };
  29
  30 /* storage structure for an X.509 CRL */
  31
  32 typedef struct x509crl x509crl_t;
  33
  34 struct x509crl {
  35   x509crl_t     *next;
  36   time_t         installed;
  37   generalName_t *distributionPoints;
  38   chunk_t        certificateList;
  39   chunk_t          tbsCertList;
  40   u_int              version;
  41                  /*  signature */
  42   int                  sigAlg;
  43   chunk_t            issuer;
  44   time_t             thisUpdate;
  45   time_t             nextUpdate;
  46   revokedCert_t      *revokedCertificates;
  47                 /*   v2 extensions */
  48                 /*   crlExtensions */
  49                 /*     extension */
  50                 /*       extnID */
  51                 /*       critical */
  52                 /*       extnValue */
  53   chunk_t                authKeyID;
  54   chunk_t                authKeySerialNumber;
  55
  56                 /* signatureAlgorithm */
  57   int                algorithm;
  58   chunk_t          signature;
  59 };
  60
  61 /* apply a strict CRL policy
  62  * flag set in plutomain.c and used in ipsec_doi.c and rcv_whack.c
  63  */
  64 extern bool strict_crl_policy;
  65
  66 /*
  67  * cache the retrieved CRLs by storing them locally as a file
  68  */
  69 extern bool cache_crls;
  70
  71 /*
  72  * check periodically for expired crls
  73  */
  74 extern long crl_check_interval;
  75
  76 /* used for initialization */
  77 extern const x509crl_t  empty_x509crl;
  78
  79 extern bool parse_x509crl(chunk_t blob, u_int level0, x509crl_t *crl);
  80 extern void load_crls(void);
  81 extern void check_crls(void);
  82 extern bool insert_crl(chunk_t blob, chunk_t crl_uri, bool cache_crl);
  83 extern cert_status_t verify_by_crl(const x509cert_t *cert, time_t *until
  84     , time_t *revocationDate, crl_reason_t *revocationReason);
  85 extern void list_crls(bool utc, bool strict);
  86 extern void free_crls(void);
  87 extern void free_crl(x509crl_t *crl);