#define LIFETIME_TRESHOLD 10*24*60*60 //10 days
static STACK_OF(X509)* my_sk_X509_dup(glb_ctx *cc, STACK_OF(X509) *stack);
-extern int proxy_verify_cert_chain(X509 * ucert, STACK_OF(X509) * cert_chain, proxy_verify_desc * pvd);
-extern proxy_verify_desc *pvd_setup_initializers(char *cadir,
+extern int proxy_verify_cert_chain(X509 * ucert, STACK_OF(X509) * cert_chain, canl_proxy_verify_desc * pvd);
+extern canl_proxy_verify_desc *canl_pvd_setup_initializers(char *cadir,
unsigned int flags);
extern void pvd_destroy_initializers(void *data);
extern canl_error map_verify_result(unsigned long ssl_err,
char *cadir)
{
int ret = 0;
- proxy_verify_desc *pvd = NULL; /* verification context */
+ canl_proxy_verify_desc *pvd = NULL; /* verification context */
- pvd = pvd_setup_initializers(cadir, 0);
+ pvd = canl_pvd_setup_initializers(cadir, 0);
ret = proxy_verify_cert_chain(ucert, cert_chain, pvd);
pvd_destroy_initializers(pvd);
if (ret)
{
int ret = 0, depth = 0, i = 0;
STACK_OF(X509) *certstack;
- proxy_verify_desc *pvd = NULL; /* verification context */
+ canl_proxy_verify_desc *pvd = NULL; /* verification context */
unsigned long ssl_err = 0;
canl_error canl_err = 0;
- pvd = pvd_setup_initializers(cadir, 0);
+ pvd = canl_pvd_setup_initializers(cadir, 0);
X509_STORE_CTX_set_ex_data(store_ctx, PVD_STORE_EX_DATA_IDX, (void *)pvd);
#ifdef X509_V_FLAG_ALLOW_PROXY_CERTS
X509_STORE_CTX_set_flags(store_ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
return 0;
}
-proxy_verify_desc *pvd_setup_initializers(char *cadir, unsigned int pvxd_flags)
+canl_proxy_verify_desc *canl_pvd_setup_initializers(char *cadir, unsigned int pvxd_flags)
{
- proxy_verify_ctx_desc *pvxd = NULL;
- proxy_verify_desc *pvd = NULL;
+ canl_proxy_verify_ctx_desc *pvxd = NULL;
+ canl_proxy_verify_desc *pvd = NULL;
char *ca_cert_dirn = NULL;
int err = 0;
- pvd = (proxy_verify_desc*) malloc(sizeof(proxy_verify_desc));
- pvxd = (proxy_verify_ctx_desc *)malloc(sizeof(proxy_verify_ctx_desc));
+ pvd = (canl_proxy_verify_desc*) malloc(sizeof(canl_proxy_verify_desc));
+ pvxd = (canl_proxy_verify_ctx_desc *)malloc(sizeof(canl_proxy_verify_ctx_desc));
pvd->cert_store = NULL;
return NULL;
}
- proxy_verify_ctx_init(pvxd);
- proxy_verify_init(pvd, pvxd);
+ canl_proxy_verify_ctx_init(pvxd);
+ canl_proxy_verify_init(pvd, pvxd);
/* If cadir is not specified, do the best as to get the
standard CA certificates directory name */
void pvd_destroy_initializers(void *data)
{
- proxy_verify_desc *pvd = (proxy_verify_desc *)data;
+ canl_proxy_verify_desc *pvd = (canl_proxy_verify_desc *)data;
if (pvd) {
if (pvd->pvxd)
- proxy_verify_ctx_release(pvd->pvxd);
+ canl_proxy_verify_ctx_release(pvd->pvxd);
free(pvd->pvxd);
pvd->pvxd = NULL;
- proxy_verify_release(pvd);
+ canl_proxy_verify_release(pvd);
/* X509_STORE_CTX_free segfaults if passed a NULL store_ctx */
if (pvd->cert_store)
char *ca_file;
char *crl_dir;
cert_key_store *cert_key;
- proxy_verify_desc *pvd_ctx;
+ canl_proxy_verify_desc *pvd_ctx;
} mech_glb_ctx;
int do_set_ctx_own_cert_file(glb_ctx *cc, mech_glb_ctx *m_ctx,
static int setup_SSL_proxy_handler(glb_ctx *cc, SSL_CTX *ssl, char *cadir,
int leave_pvd);
-extern proxy_verify_desc *pvd_setup_initializers(char *cadir, int flags);
+extern canl_proxy_verify_desc *canl_pvd_setup_initializers(char *cadir, int flags);
extern void pvd_destroy_initializers(void *data);
#ifdef DEBUG
static int setup_SSL_proxy_handler(glb_ctx *cc, SSL_CTX *ssl, char *cadir,
int leave_pvd)
{
- proxy_verify_desc *new_pvd = NULL;
+ canl_proxy_verify_desc *new_pvd = NULL;
mech_glb_ctx *m_ctx = (mech_glb_ctx *)cc->mech_ctx;
- new_pvd = pvd_setup_initializers(cadir, m_ctx->flags);
+ new_pvd = canl_pvd_setup_initializers(cadir, m_ctx->flags);
if (new_pvd){
SSL_CTX_set_ex_data(ssl, PVD_SSL_EX_DATA_IDX, new_pvd);
if (!leave_pvd)
**********************************************************************/
void
-proxy_verify_init(
- proxy_verify_desc * pvd,
- proxy_verify_ctx_desc * pvxd)
+canl_proxy_verify_init(
+ canl_proxy_verify_desc * pvd,
+ canl_proxy_verify_ctx_desc * pvxd)
{
pvd->magicnum = PVD_MAGIC_NUMBER; /* used for debuging */
}
/**********************************************************************
-Function: proxy_verify_ctx_init()
+Function: canl_proxy_verify_ctx_init()
Description:
**********************************************************************/
void
-proxy_verify_ctx_init(
- proxy_verify_ctx_desc * pvxd)
+canl_proxy_verify_ctx_init(
+ canl_proxy_verify_ctx_desc * pvxd)
{
pvxd->magicnum = PVXD_MAGIC_NUMBER; /* used for debuging */
**********************************************************************/
void
-proxy_verify_release(
- proxy_verify_desc * pvd)
+canl_proxy_verify_release(
+ canl_proxy_verify_desc * pvd)
{
pvd->cert_chain = NULL;
pvd->pvxd = NULL;
}
/**********************************************************************
-Function: proxy_verify_ctx_release()
+Function: canl_proxy_verify_ctx_release()
Description:
**********************************************************************/
void
-proxy_verify_ctx_release(
- proxy_verify_ctx_desc * pvxd)
+canl_proxy_verify_ctx_release(
+ canl_proxy_verify_ctx_desc * pvxd)
{
if (pvxd->certdir)
{
#endif
SSL * ssl = NULL;
SSL_CTX * ssl_ctx = NULL;
- proxy_verify_desc * pvd;
+ canl_proxy_verify_desc * pvd;
int itsaproxy = 0;
int i;
int ret;
/*
* If we are being called recursivly to check delegate
* cert chains, or being called by the grid-proxy-init,
- * a pointer to a proxy_verify_desc will be
+ * a pointer to a canl_proxy_verify_desc will be
* pased in the store. If we are being called by SSL,
* by a roundabout process, the app_data of the ctx points at
* the SSL. We have saved a pointer to the context handle
* in the SSL, and its magic number should be PVD_MAGIC_NUMBER
*/
- if (!(pvd = (proxy_verify_desc *)
+ if (!(pvd = (canl_proxy_verify_desc *)
X509_STORE_CTX_get_ex_data(ctx,
PVD_STORE_EX_DATA_IDX)))
{
ssl = (SSL *)X509_STORE_CTX_get_app_data(ctx);
if (ssl) {
ssl_ctx = SSL_get_SSL_CTX(ssl);
- pvd = (proxy_verify_desc *)SSL_CTX_get_ex_data(ssl_ctx,
+ pvd = (canl_proxy_verify_desc *)SSL_CTX_get_ex_data(ssl_ctx,
PVD_SSL_EX_DATA_IDX);
}
}
proxy_verify_cert_chain(
X509 * ucert,
STACK_OF(X509) * cert_chain,
- proxy_verify_desc * pvd)
+ canl_proxy_verify_desc * pvd)
{
int retval = 0;
X509_STORE * cert_store = NULL;
Type definitions
**********************************************************************/
-/* proxy_verify_ctx_desc - common to all verifys */
+/* canl_proxy_verify_ctx_desc - common to all verifys */
-typedef struct proxy_verify_ctx_desc_struct {
+typedef struct canl_proxy_verify_ctx_desc_struct {
int magicnum ;
char * certdir;
time_t goodtill;
unsigned int flags; //OCSP flags etc.
-} proxy_verify_ctx_desc ;
+} canl_proxy_verify_ctx_desc ;
-/* proxy_verify_desc - allows for recursive verifys with delegation */
+/* canl_proxy_verify_desc - allows for recursive verifys with delegation */
-typedef struct proxy_verify_desc_struct proxy_verify_desc;
+typedef struct canl_proxy_verify_desc_struct canl_proxy_verify_desc;
-struct proxy_verify_desc_struct {
+struct canl_proxy_verify_desc_struct {
int magicnum;
- proxy_verify_desc * previous;
- proxy_verify_ctx_desc * pvxd;
+ canl_proxy_verify_desc * previous;
+ canl_proxy_verify_ctx_desc * pvxd;
int flags;
X509_STORE_CTX * cert_store;
int recursive_depth;
unsigned long * hSession);
void
-proxy_verify_init(
- proxy_verify_desc * pvd,
- proxy_verify_ctx_desc * pvxd);
+canl_proxy_verify_init(
+ canl_proxy_verify_desc * pvd,
+ canl_proxy_verify_ctx_desc * pvxd);
void
-proxy_verify_release(
- proxy_verify_desc * pvd);
+canl_proxy_verify_release(
+ canl_proxy_verify_desc * pvd);
void
-proxy_verify_ctx_init(
- proxy_verify_ctx_desc *pvxd);
+canl_proxy_verify_ctx_init(
+ canl_proxy_verify_ctx_desc *pvxd);
void
-proxy_verify_ctx_release(
- proxy_verify_ctx_desc *pvxd);
+canl_proxy_verify_ctx_release(
+ canl_proxy_verify_ctx_desc *pvxd);
int
proxy_check_proxy_name(
int
proxy_verify_certchain(
STACK_OF(X509) * certchain,
- proxy_verify_desc * ppvd);
+ canl_proxy_verify_desc * ppvd);
int
proxy_verify_callback(
git://scientific.zcu.cz / jra1mw.git / commitdiff