Don't export verify-high structs internally.

diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index b0efe32d40da244fb712a5e7453fee6c676d6a43..31eb1c07fd7bac0a873d6f19cfca033d68fb7f28 100644 (file)
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -20,7 +20,6 @@
  *
  */
 
-
 #include <gnutls_int.h>
 #include <gnutls_errors.h>
 #include <libtasn1.h>
@@ -34,6 +33,31 @@
 #include <common.h>
 #include "verify-high.h"
 
+struct named_cert_st {
+  gnutls_x509_crt_t cert;
+  uint8_t name[MAX_NAME_SIZE];
+  unsigned int name_size;
+};
+
+struct node_st {
+  /* The trusted certificates */
+  gnutls_x509_crt_t *trusted_cas;
+  unsigned int trusted_ca_size;
+
+  struct named_cert_st *named_certs;
+  unsigned int named_cert_size;
+
+  /* The trusted CRLs */
+  gnutls_x509_crl_t *crls;
+  unsigned int crl_size;
+};
+
+struct gnutls_x509_trust_list_st {
+  int size;
+  struct node_st *node;
+};
+
+#define INIT_HASH 0x33a1
 #define DEFAULT_SIZE 503
 
 /**
@@ -595,3 +619,39 @@ gnutls_x509_trust_list_verify_named_crt(gnutls_x509_trust_list_t list,
 
     return 0;
 }
+
+int
+_gnutls_trustlist_inlist_p (gnutls_x509_trust_list_t list,
+                           gnutls_x509_crt_t cert)
+{
+  gnutls_datum_t dn;
+  int ret, i;
+  uint32_t hash;
+
+  ret = gnutls_x509_crt_get_raw_dn (cert, &dn);
+  if (ret < 0)
+    {
+      gnutls_assert();
+      return ret;
+    }
+
+  hash = _gnutls_bhash(dn.data, dn.size, INIT_HASH);
+  hash %= list->size;
+
+  _gnutls_free_datum (&dn);
+
+  for (i = 0; i < list->node[hash].trusted_ca_size; i++)
+    {
+      ret = check_if_same_cert (cert, list->node[hash].trusted_cas[i]);
+      if (ret < 0)
+       {
+         gnutls_assert ();
+         return ret;
+       }
+
+      if (ret == 1)
+       return 1;
+    }
+
+  return 0;
+}

diff --git a/lib/x509/verify-high.h b/lib/x509/verify-high.h
index c241b08581b613de49740bda69f13ecfdd6eb9ed..5272806802e59af4c133fdebf1bc0cd9eb479e13 100644 (file)
--- a/lib/x509/verify-high.h
+++ b/lib/x509/verify-high.h
@@ -1,25 +1,24 @@
-struct named_cert_st {
-  gnutls_x509_crt_t cert;
-  uint8_t name[MAX_NAME_SIZE];
-  unsigned int name_size;
-};
+/*
+ * Copyright (C) 2011 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
 
-struct node_st {
-  /* The trusted certificates */
-  gnutls_x509_crt_t *trusted_cas;
-  unsigned int trusted_ca_size;
-
-  struct named_cert_st *named_certs;
-  unsigned int named_cert_size;
-
-  /* The trusted CRLs */
-  gnutls_x509_crl_t *crls;
-  unsigned int crl_size;
-};
-
-struct gnutls_x509_trust_list_st {
-  int size;
-  struct node_st *node;
-};
-
-#define INIT_HASH 0x33a1
+int _gnutls_trustlist_inlist_p (gnutls_x509_trust_list_t list,
+                               gnutls_x509_crt_t cert);