From: Adriaan de Jong <dejong@fox-it.com>
Date: Thu, 30 Jun 2011 13:11:47 +0000 (+0200)
Subject: Cleaned up ssl.h
X-Git-Tag: v2.3-alpha1~113
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9fb45319cba1f99ffe5538243a4e735191504cc8;p=thirdparty%2Fopenvpn.git

Cleaned up ssl.h

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
---

diff --git a/ssl.h b/ssl.h
index 417cac9d3..aa6abc714 100644
--- a/ssl.h
+++ b/ssl.h
@@ -32,13 +32,6 @@
 
 #if defined(USE_CRYPTO) && defined(USE_SSL)
 
-#include <openssl/ssl.h>
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-#include <openssl/x509v3.h>
-
 #include "basic.h"
 #include "common.h"
 #include "crypto.h"
@@ -99,7 +92,6 @@
 /*
  * Various timeouts
  */
- 
 #define TLS_MULTI_REFRESH 15    /* call tls_multi_process once every n seconds */
 #define TLS_MULTI_HORIZON 2     /* call tls_multi_process frequently for n seconds after
 				   every packet sent/received action */
@@ -386,13 +378,30 @@ void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf);
 
 /** @} name Functions for managing security parameter state for data channel packets */
 
+/*
+ * Setup private key file password. If auth_file is given, use the
+ * credentials stored in the file.
+ */
 void pem_password_setup (const char *auth_file);
-int pem_password_callback (char *buf, int size, int rwflag, void *u);
+
+/*
+ * Setup authentication username and password. If auth_file is given, use the
+ * credentials stored in the file.
+ */
 void auth_user_pass_setup (const char *auth_file, const struct static_challenge_info *sc_info);
+
+/*
+ * Ensure that no caching is performed on authentication information
+ */
 void ssl_set_auth_nocache (void);
-void ssl_set_auth_token (const char *token);
+
+/*
+ * Purge any stored authentication information, both for key files and tunnel
+ * authentication. If PCKS #11 is enabled, purge authentication for that too.
+ */
 void ssl_purge_auth (const bool auth_user_pass_only);
 
+void ssl_set_auth_token (const char *token);
 
 #ifdef ENABLE_CLIENT_CR
 /*
@@ -404,10 +413,6 @@ void ssl_purge_auth_challenge (void);
 void ssl_put_auth_challenge (const char *cr_str);
 #endif
 
-void tls_set_verify_command (const char *cmd);
-void tls_set_crl_verify (const char *crl);
-void tls_set_verify_x509name (const char *x509name);
-
 /*
  * Reserve any extra space required on frames.
  */