1 /* Support of X.509 certificate revocation lists (CRLs)
2 * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * RCSID $Id: crl.h,v 1.4 2005/07/18 19:36:22 as Exp $
17 #include "constants.h"
19 /* access structure for a revoked serial number */
21 typedef struct revokedCert revokedCert_t
;
25 chunk_t userCertificate
;
26 time_t revocationDate
;
27 crl_reason_t revocationReason
;
30 /* storage structure for an X.509 CRL */
32 typedef struct x509crl x509crl_t
;
37 generalName_t
*distributionPoints
;
38 chunk_t certificateList
;
46 revokedCert_t
*revokedCertificates
;
54 chunk_t authKeySerialNumber
;
56 /* signatureAlgorithm */
61 /* apply a strict CRL policy
62 * flag set in plutomain.c and used in ipsec_doi.c and rcv_whack.c
64 extern bool strict_crl_policy
;
67 * cache the retrieved CRLs by storing them locally as a file
69 extern bool cache_crls
;
72 * check periodically for expired crls
74 extern long crl_check_interval
;
76 /* used for initialization */
77 extern const x509crl_t empty_x509crl
;
79 extern bool parse_x509crl(chunk_t blob
, u_int level0
, x509crl_t
*crl
);
80 extern void load_crls(void);
81 extern void check_crls(void);
82 extern bool insert_crl(chunk_t blob
, chunk_t crl_uri
, bool cache_crl
);
83 extern cert_status_t
verify_by_crl(const x509cert_t
*cert
, time_t *until
84 , time_t *revocationDate
, crl_reason_t
*revocationReason
);
85 extern void list_crls(bool utc
, bool strict
);
86 extern void free_crls(void);
87 extern void free_crl(x509crl_t
*crl
);