root / src / pluto / certs.h @ 209f52cb63c6bc5eabb4433fb9013633bfa66f37
History | View | Annotate | Download (2.7 KB)
| 1 | /* Certificate support for IKE authentication
|
|---|---|
| 2 | * Copyright (C) 2002-2009 Andreas Steffen |
| 3 | * |
| 4 | * HSR - Hochschule fuer Technik Rapperswil |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify it |
| 7 | * under the terms of the GNU General Public License as published by the |
| 8 | * Free Software Foundation; either version 2 of the License, or (at your |
| 9 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. |
| 10 | * |
| 11 | * This program is distributed in the hope that it will be useful, but |
| 12 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY |
| 13 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 14 | * for more details. |
| 15 | */ |
| 16 | |
| 17 | #ifndef _CERTS_H
|
| 18 | #define _CERTS_H
|
| 19 | |
| 20 | #include <credentials/keys/private_key.h> |
| 21 | #include <credentials/certificates/certificate.h> |
| 22 | #include <credentials/certificates/x509.h> |
| 23 | |
| 24 | #include <freeswan.h> |
| 25 | |
| 26 | #include "defs.h" |
| 27 | |
| 28 | /* path definitions for private keys, end certs,
|
| 29 | * cacerts, attribute certs and crls |
| 30 | */ |
| 31 | #define PRIVATE_KEY_PATH IPSEC_CONFDIR "/ipsec.d/private" |
| 32 | #define HOST_CERT_PATH IPSEC_CONFDIR "/ipsec.d/certs" |
| 33 | #define CA_CERT_PATH IPSEC_CONFDIR "/ipsec.d/cacerts" |
| 34 | #define A_CERT_PATH IPSEC_CONFDIR "/ipsec.d/acerts" |
| 35 | #define AA_CERT_PATH IPSEC_CONFDIR "/ipsec.d/aacerts" |
| 36 | #define OCSP_CERT_PATH IPSEC_CONFDIR "/ipsec.d/ocspcerts" |
| 37 | #define CRL_PATH IPSEC_CONFDIR "/ipsec.d/crls" |
| 38 | #define REQ_PATH IPSEC_CONFDIR "/ipsec.d/reqs" |
| 39 | |
| 40 | /* advance warning of imminent expiry of
|
| 41 | * cacerts, public keys, and crls |
| 42 | */ |
| 43 | #define CA_CERT_WARNING_INTERVAL 30 /* days */ |
| 44 | #define OCSP_CERT_WARNING_INTERVAL 30 /* days */ |
| 45 | #define PUBKEY_WARNING_INTERVAL 7 /* days */ |
| 46 | #define CRL_WARNING_INTERVAL 7 /* days */ |
| 47 | #define ACERT_WARNING_INTERVAL 1 /* day */ |
| 48 | |
| 49 | /* access structure for a pluto certificate */
|
| 50 | |
| 51 | typedef struct cert_t cert_t; |
| 52 | |
| 53 | struct cert_t {
|
| 54 | certificate_t *cert; |
| 55 | cert_t *next; |
| 56 | int count;
|
| 57 | bool smartcard;
|
| 58 | }; |
| 59 | |
| 60 | /* used for initialization */
|
| 61 | extern const cert_t cert_empty; |
| 62 | |
| 63 | /* do not send certificate requests
|
| 64 | * flag set in plutomain.c and used in ipsec_doi.c |
| 65 | */ |
| 66 | extern bool no_cr_send; |
| 67 | |
| 68 | extern private_key_t* load_private_key(char* filename, prompt_pass_t *pass, |
| 69 | key_type_t type); |
| 70 | extern cert_t* load_cert(char *filename, const char *label, x509_flag_t flags); |
| 71 | extern cert_t* load_host_cert(char *filename); |
| 72 | extern cert_t* load_ca_cert(char *filename); |
| 73 | extern cert_t* cert_add(cert_t *cert);
|
| 74 | extern void cert_free(cert_t *cert); |
| 75 | extern void cert_share(cert_t *cert); |
| 76 | extern void cert_release(cert_t *cert); |
| 77 | extern void cert_list(bool utc); |
| 78 | extern cert_t* get_x509cert(identification_t *issuer, chunk_t keyid, cert_t* chain);
|
| 79 | |
| 80 | #endif /* _CERTS_H */ |
| 81 | |
| 82 |