multi->locked_cert_hash_set = cert_hash_copy (chs);
}
-#ifdef ENABLE_X509_TRACK
-
-void
-x509_track_add (const struct x509_track **ll_head, const char *name, int msglevel, struct gc_arena *gc)
-{
- struct x509_track *xt;
- ALLOC_OBJ_CLEAR_GC (xt, struct x509_track, gc);
- if (*name == '+')
- {
- xt->flags |= XT_FULL_CHAIN;
- ++name;
- }
- xt->name = name;
- xt->nid = OBJ_txt2nid(name);
- if (xt->nid != NID_undef)
- {
- xt->next = *ll_head;
- *ll_head = xt;
- }
- else
- msg(msglevel, "x509_track: no such attribute '%s'", name);
-}
-
-#endif
-
/*
* Returns the string associated with the given certificate type.
*/
*/
static void
verify_cert_set_env(struct env_set *es, x509_cert_t *peer_cert, int cert_depth,
- const char *subject, const char *common_name,
- const struct x509_track *x509_track)
+ const char *subject, const char *common_name
+#ifdef ENABLE_X509_TRACK
+ , const struct x509_track *x509_track
+#endif
+ )
{
char envname[64];
session->verify_maxlevel = max_int (session->verify_maxlevel, cert_depth);
/* export certificate values to the environment */
- verify_cert_set_env(opt->es, cert, cert_depth, subject, common_name, opt->x509_track);
+ verify_cert_set_env(opt->es, cert, cert_depth, subject, common_name
+#ifdef ENABLE_X509_TRACK
+ , opt->x509_track
+#endif
+ );
/* export current untrusted IP */
setenv_untrusted (session);
*
* X509_{cert_depth}_{name}={value}
*
- * @param xt
* @param es Environment set to save variables in
* @param cert_depth Depth of the certificate
* @param cert Certificate to set the environment for
*/
-void x509_setenv_track (const struct x509_track *xt, struct env_set *es,
- const int depth, x509_cert_t *x509);
+void x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *cert);
+
+#ifdef ENABLE_X509_TRACK
+
+/*
+ * Start tracking the given attribute.
+ *
+ * The tracked attributes are stored in ll_head.
+ *
+ * @param ll_head The x509_track to store tracked atttributes in
+ * @param name Name of the attribute to track
+ * @param msglevel Message level for errors
+ * @param gc Garbage collection arena for temp data
+ *
+ */
+void x509_track_add (const struct x509_track **ll_head, const char *name,
+ int msglevel, struct gc_arena *gc);
/*
* Save X509 fields to environment, using the naming convention:
*
- * X509_{cert_depth}_{name}={value}
+ * X509_{cert_depth}_{name}={value}
+ *
+ * This function differs from setenv_x509 below in the following ways:
*
+ * (1) Only explicitly named attributes in xt are saved, per usage
+ * of --x509-track program options.
+ * (2) Only the level 0 cert info is saved unless the XT_FULL_CHAIN
+ * flag is set in xt->flags (corresponds with prepending a '+'
+ * to the name when specified by --x509-track program option).
+ * (3) This function supports both X509 subject name fields as
+ * well as X509 V3 extensions.
+ *
+ * @param xt
* @param es Environment set to save variables in
* @param cert_depth Depth of the certificate
* @param cert Certificate to set the environment for
*/
-void x509_setenv (struct env_set *es, int cert_depth, x509_cert_t *cert);
+void x509_setenv_track (const struct x509_track *xt, struct env_set *es,
+ const int depth, x509_cert_t *x509);
+
+#endif
/*
* Check X.509 Netscape certificate type field, if available.
#ifdef ENABLE_X509_TRACK
-/*
- * setenv_x509_track function -- save X509 fields to environment,
- * using the naming convention:
- *
- * X509_{cert_depth}_{name}={value}
- *
- * This function differs from setenv_x509 below in the following ways:
- *
- * (1) Only explicitly named attributes in xt are saved, per usage
- * of --x509-track program options.
- * (2) Only the level 0 cert info is saved unless the XT_FULL_CHAIN
- * flag is set in xt->flags (corresponds with prepending a '+'
- * to the name when specified by --x509-track program option).
- * (3) This function supports both X509 subject name fields as
- * well as X509 V3 extensions.
- */
+
+void
+x509_track_add (const struct x509_track **ll_head, const char *name, int msglevel, struct gc_arena *gc)
+{
+ struct x509_track *xt;
+ ALLOC_OBJ_CLEAR_GC (xt, struct x509_track, gc);
+ if (*name == '+')
+ {
+ xt->flags |= XT_FULL_CHAIN;
+ ++name;
+ }
+ xt->name = name;
+ xt->nid = OBJ_txt2nid(name);
+ if (xt->nid != NID_undef)
+ {
+ xt->next = *ll_head;
+ *ll_head = xt;
+ }
+ else
+ msg(msglevel, "x509_track: no such attribute '%s'", name);
+}
/* worker method for setenv_x509_track */
static void
/*
* Enable x509-track feature?
*/
-#if defined(USE_CRYPTO) && defined(USE_SSL)
+#if defined(USE_CRYPTO) && defined(USE_SSL) && defined USE_OPENSSL
#define ENABLE_X509_TRACK
#endif
projects / thirdparty / openvpn.git / commitdiff
