* to transport credentials during the authentication process.
*/
enum auth_rule_t {
-
/** identity to use for IKEv2 authentication exchange, identification_t* */
AUTH_RULE_IDENTITY,
/** authentication class, auth_class_t */
*
* RFC4739 defines multiple authentication rounds. This class defines such
* a round from a configuration perspective, either for the local or the remote
- * peer. Local config are called "rulesets", as they define how we authenticate.
- * Remote peer configs are called "constraits", they define what is needed to
+ * peer. Local configs are called "rulesets". They define how we authenticate.
+ * Remote peer configs are called "constraits". They define what is needed to
* complete the authentication round successfully.
*
* @verbatim
@endverbatim
*
- * Values for each items are either pointers (casted to void*) or short
+ * Values for each item are either pointers (casted to void*) or short
* integers (use uintptr_t cast).
*/
struct auth_cfg_t {
void (*add)(auth_cfg_t *this, auth_rule_t rule, ...);
/**
- * Get an rule value.
+ * Get a rule value.
*
* @param rule rule type
* @return bool if item has been found
enumerator_t* (*create_enumerator)(auth_cfg_t *this);
/**
- * Replace an rule at enumerator position.
+ * Replace a rule at enumerator position.
*
- * @param pos enumerator position position
+ * @param pos enumerator position
* @param rule rule type
* @param ... associated value to rule
*/
* Check if a used config fulfills a set of configured constraints.
*
* @param constraints required authorization rules
- * @param log_error wheter to log compliance errors
+ * @param log_error whether to log compliance errors
* @return TRUE if this complies with constraints
*/
bool (*complies)(auth_cfg_t *this, auth_cfg_t *constraints, bool log_error);
/**
* Purge all rules in a config.
*
- * @param keep_ca wheter to keep AUTH_RULE_CA_CERT entries
+ * @param keep_ca whether to keep AUTH_RULE_CA_CERT entries
*/
void (*purge)(auth_cfg_t *this, bool keep_ca);
/**
* Check two configs for equality.
*
- * @param other other config to compaire against this
+ * @param other other config to compare against this
* @return TRUE if auth infos identical
*/
bool (*equals)(auth_cfg_t *this, auth_cfg_t *other);
/**
- * Clone a authentication config, including all rules.
+ * Clone an authentication config, including all rules.
*
* @return cloned configuration
*/
/**
* Constructor function to build credentials.
*
- * Any added parts are cloned/refcounted by the builder implementation, a
- * caller may need to free the passed ressources themself.
+ * Any added parts are cloned/refcounted by the builder implementation.
+ * Callers may need to free the passed ressources themselves.
*
* @param subtype constructor specific subtype, e.g. a certificate_type_t
* @param args list of builder part types, followed by parts, BUILD_END
*
* @param subject subject certificate to check
* @param issuer issuer of subject
- * @param online wheter to do online revocation checking
+ * @param online whether to do online revocation checking
* @param pathlen the current length of the path bottom-up
* @param anchor is issuer trusted root anchor
* @param auth container for resulting authentication info
/**
* Encoding type of a fingerprint/credential.
*
- * Fingerprints have have the KEYID_*, public keys the PUBKEY_* and
+ * Fingerprints have the KEYID_*, public keys the PUBKEY_* and
* private keys the PRIVKEY_* prefix.
*/
enum cred_encoding_type_t {
* The variable argument list takes builder_part_t types followed
* by the type specific value. The list must be terminated using BUILD_END.
* All passed parts get cloned/refcounted by the builder functions,
- * so free up allocated ressources after successful and unsuccessful
+ * so free up allocated resources after successful and unsuccessful
* invocations.
*
* @param type credential type to build
}
/**
- * Check if an helper contains a certificate as trust anchor
+ * Check if a helper contains a certificate as trust anchor
*/
static bool auth_contains_cacert(auth_cfg_t *auth, certificate_t *cert)
{
}
/**
- * find a private key of a give certificate
+ * find a private key of a given certificate
*/
static private_key_t *get_private_by_cert(private_credential_manager_t *this,
certificate_t *cert, key_type_t type)
* Manages credentials using credential_sets.
*
* The credential manager is the entry point of the credential framework. It
- * uses so called "sets" to access credentials in a modular fashion, these
+ * uses so called "sets" to access credentials in a modular fashion. These
* are implemented through the credential_set_t interface.
* The manager additionally does trust chain verification and trust status
- * chaching. A set may call the managers methods if it needs credentials itself,
- * the manager uses recursive locking.
+ * caching. A set may call the managers methods if it needs credentials itself.
+ * The manager uses recursive locking.
*
* @verbatim
@endverbatim
*
- * The credential manager uses rwlocks for performance reasons, credential
- * sets must be fully thread save.
+ * The credential manager uses rwlocks for performance reasons. Credential
+ * sets must be fully thread-safe.
*/
struct credential_manager_t {
*
* The enumerator enumerates over:
* shared_key_t*, id_match_t me, id_match_t other
- * But must accepts values for the id_matches.
+ * But must accept values for the id_matches.
*
* @param type kind of requested shared key
* @param first first subject between key is shared
*
* @param type kind of requested shared key
* @param me own identity
- * @param other peers identity
+ * @param other peer identity
* @return shared_key_t, NULL if none found
*/
shared_key_t *(*get_shared)(credential_manager_t *this, shared_key_type_t type,
*
* The get_private() method gets a secret private key identified by either
* the keyid itself or an id the key belongs to.
- * The auth parameter contains additional information, such as receipients
+ * The auth parameter contains additional information, such as recipients
* trusted CA certs. Auth gets filled with subject and CA certificates
* needed to validate a created signature.
*
/**
* Create an enumerator over trusted public keys.
*
- * This method gets a an enumerator over trusted public keys to verify a
+ * This method creates an enumerator over trusted public keys to verify a
* signature created by id. The auth parameter contains additional
* authentication infos, e.g. peer and intermediate certificates.
* The resulting enumerator enumerates over public_key_t *, auth_cfg_t *,
key_type_t type, identification_t *id, auth_cfg_t *auth);
/**
- * Cache a certificate by invoking cache_cert() on all registerd sets.
+ * Cache a certificate by invoking cache_cert() on all registered sets.
*
* @param cert certificate to cache
*/
/**
* Check if a given subject certificate is issued by an issuer certificate.
*
- * This operation does signature verification, but uses the credential
- * managers cache for to speed up the operation.
+ * This operation does signature verification using the credential
+ * manager's cache to speed up the operation.
*
* @param subject subject certificate to check
* @param issuer issuer certificate that potentially has signed subject
*
* To add a credential set for the current trustchain verification
* operation, sets may be added for the calling thread only. This
- * does not require a write lock and is therefore a much less expensive
+ * does not require a write lock and is therefore a much cheaper
* operation.
*
* @param set set to register
* A credential set enumerator may not block the credential set, i.e. multiple
* threads must be able to hold multiple enumerators, as the credential manager
* is higly parallelized. The best way to achieve this is by using shared
- * read locks for the enumerators only. Otherwiese deadlocks will occur.
+ * read locks for the enumerators only. Otherwise deadlocks will occur.
* The writing cache_cert() routine is called by the manager only if no
* enumerator is alive, so it is save to use a write lock there.
*/
/**
* Cache a certificate in the credential set.
*
- * The caching policy is implementation dependent, the sets may cache the
+ * The caching policy is implementation dependent. The sets may cache the
* certificate in-memory, persistent on disk or not at all.
*
* @param cert certificate to cache
projects / thirdparty / strongswan.git / commitdiff
