1 /* 2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 module deimos.openssl.x509_vfy; 11 12 import core.stdc.time; 13 14 import deimos.openssl._d_util; 15 import deimos.openssl.asn1:ASN1_OBJECT, stack_st_ASN1_OBJECT; 16 17 public import deimos.openssl.opensslconf; 18 public import deimos.openssl.lhash; 19 public import deimos.openssl.bio; 20 public import deimos.openssl.crypto; 21 public import deimos.openssl.symhacks; 22 23 extern (C): 24 nothrow: 25 26 /* 27 * Protect against recursion, x509.h and x509_vfy.h each include the other. 28 */ 29 30 /*- 31 SSL_CTX -> X509_STORE 32 -> X509_LOOKUP 33 ->X509_LOOKUP_METHOD 34 -> X509_LOOKUP 35 ->X509_LOOKUP_METHOD 36 37 SSL -> X509_STORE_CTX 38 ->X509_STORE 39 40 The X509_STORE holds the tables etc for verification stuff. 41 A X509_STORE_CTX is used while validating a single certificate. 42 The X509_STORE has X509_LOOKUPs for looking up certs. 43 The X509_STORE then calls a function to actually verify the 44 certificate chain. 45 */ 46 47 enum X509_LOOKUP_TYPE 48 { 49 X509_LU_NONE = 0, 50 X509_LU_X509 = 1, 51 X509_LU_CRL = 2 52 } 53 54 enum X509_LU_RETRY = -1; 55 enum X509_LU_FAIL = 0; 56 57 struct stack_st_X509_LOOKUP; 58 alias sk_X509_LOOKUP_compfunc = int function(const(X509_LOOKUP*)* a, const(X509_LOOKUP*)* b); 59 alias sk_X509_LOOKUP_freefunc = void function(X509_LOOKUP* a); 60 alias sk_X509_LOOKUP_copyfunc = x509_lookup_st* function(const(X509_LOOKUP)* a); 61 int sk_X509_LOOKUP_num(const(stack_st_X509_LOOKUP)* sk); 62 X509_LOOKUP* sk_X509_LOOKUP_value(const(stack_st_X509_LOOKUP)* sk, int idx); 63 stack_st_X509_LOOKUP* sk_X509_LOOKUP_new(sk_X509_LOOKUP_compfunc compare); 64 stack_st_X509_LOOKUP* sk_X509_LOOKUP_new_null(); 65 void sk_X509_LOOKUP_free(stack_st_X509_LOOKUP* sk); 66 void sk_X509_LOOKUP_zero(stack_st_X509_LOOKUP* sk); 67 X509_LOOKUP* sk_X509_LOOKUP_delete(stack_st_X509_LOOKUP* sk, int i); 68 X509_LOOKUP* sk_X509_LOOKUP_delete_ptr(stack_st_X509_LOOKUP* sk, X509_LOOKUP* ptr); 69 int sk_X509_LOOKUP_push(stack_st_X509_LOOKUP* sk, X509_LOOKUP* ptr); 70 int sk_X509_LOOKUP_unshift(stack_st_X509_LOOKUP* sk, X509_LOOKUP* ptr); 71 X509_LOOKUP* sk_X509_LOOKUP_pop(stack_st_X509_LOOKUP* sk); 72 X509_LOOKUP* sk_X509_LOOKUP_shift(stack_st_X509_LOOKUP* sk); 73 void sk_X509_LOOKUP_pop_free(stack_st_X509_LOOKUP* sk, sk_X509_LOOKUP_freefunc freefunc); 74 int sk_X509_LOOKUP_insert(stack_st_X509_LOOKUP* sk, X509_LOOKUP* ptr, int idx); 75 X509_LOOKUP* sk_X509_LOOKUP_set(stack_st_X509_LOOKUP* sk, int idx, X509_LOOKUP* ptr); 76 int sk_X509_LOOKUP_find(stack_st_X509_LOOKUP* sk, X509_LOOKUP* ptr); 77 int sk_X509_LOOKUP_find_ex(stack_st_X509_LOOKUP* sk, X509_LOOKUP* ptr); 78 void sk_X509_LOOKUP_sort(stack_st_X509_LOOKUP* sk); 79 int sk_X509_LOOKUP_is_sorted(const(stack_st_X509_LOOKUP)* sk); 80 stack_st_X509_LOOKUP* sk_X509_LOOKUP_dup(const(stack_st_X509_LOOKUP)* sk); 81 stack_st_X509_LOOKUP* sk_X509_LOOKUP_deep_copy(const(stack_st_X509_LOOKUP)* sk, sk_X509_LOOKUP_copyfunc copyfunc, sk_X509_LOOKUP_freefunc freefunc); 82 sk_X509_LOOKUP_compfunc sk_X509_LOOKUP_set_cmp_func(stack_st_X509_LOOKUP* sk, sk_X509_LOOKUP_compfunc compare); 83 struct stack_st_X509_OBJECT; 84 alias sk_X509_OBJECT_compfunc = int function(const(X509_OBJECT*)* a, const(X509_OBJECT*)* b); 85 alias sk_X509_OBJECT_freefunc = void function(X509_OBJECT* a); 86 alias sk_X509_OBJECT_copyfunc = x509_object_st* function(const(X509_OBJECT)* a); 87 int sk_X509_OBJECT_num(const(stack_st_X509_OBJECT)* sk); 88 X509_OBJECT* sk_X509_OBJECT_value(const(stack_st_X509_OBJECT)* sk, int idx); 89 stack_st_X509_OBJECT* sk_X509_OBJECT_new(sk_X509_OBJECT_compfunc compare); 90 stack_st_X509_OBJECT* sk_X509_OBJECT_new_null(); 91 void sk_X509_OBJECT_free(stack_st_X509_OBJECT* sk); 92 void sk_X509_OBJECT_zero(stack_st_X509_OBJECT* sk); 93 X509_OBJECT* sk_X509_OBJECT_delete(stack_st_X509_OBJECT* sk, int i); 94 X509_OBJECT* sk_X509_OBJECT_delete_ptr(stack_st_X509_OBJECT* sk, X509_OBJECT* ptr); 95 int sk_X509_OBJECT_push(stack_st_X509_OBJECT* sk, X509_OBJECT* ptr); 96 int sk_X509_OBJECT_unshift(stack_st_X509_OBJECT* sk, X509_OBJECT* ptr); 97 X509_OBJECT* sk_X509_OBJECT_pop(stack_st_X509_OBJECT* sk); 98 X509_OBJECT* sk_X509_OBJECT_shift(stack_st_X509_OBJECT* sk); 99 void sk_X509_OBJECT_pop_free(stack_st_X509_OBJECT* sk, sk_X509_OBJECT_freefunc freefunc); 100 int sk_X509_OBJECT_insert(stack_st_X509_OBJECT* sk, X509_OBJECT* ptr, int idx); 101 X509_OBJECT* sk_X509_OBJECT_set(stack_st_X509_OBJECT* sk, int idx, X509_OBJECT* ptr); 102 int sk_X509_OBJECT_find(stack_st_X509_OBJECT* sk, X509_OBJECT* ptr); 103 int sk_X509_OBJECT_find_ex(stack_st_X509_OBJECT* sk, X509_OBJECT* ptr); 104 void sk_X509_OBJECT_sort(stack_st_X509_OBJECT* sk); 105 int sk_X509_OBJECT_is_sorted(const(stack_st_X509_OBJECT)* sk); 106 stack_st_X509_OBJECT* sk_X509_OBJECT_dup(const(stack_st_X509_OBJECT)* sk); 107 stack_st_X509_OBJECT* sk_X509_OBJECT_deep_copy(const(stack_st_X509_OBJECT)* sk, sk_X509_OBJECT_copyfunc copyfunc, sk_X509_OBJECT_freefunc freefunc); 108 sk_X509_OBJECT_compfunc sk_X509_OBJECT_set_cmp_func(stack_st_X509_OBJECT* sk, sk_X509_OBJECT_compfunc compare); 109 struct stack_st_X509_VERIFY_PARAM; 110 alias sk_X509_VERIFY_PARAM_compfunc = int function(const(X509_VERIFY_PARAM*)* a, const(X509_VERIFY_PARAM*)* b); 111 alias sk_X509_VERIFY_PARAM_freefunc = void function(X509_VERIFY_PARAM* a); 112 alias sk_X509_VERIFY_PARAM_copyfunc = X509_VERIFY_PARAM_st* function(const(X509_VERIFY_PARAM)* a); 113 int sk_X509_VERIFY_PARAM_num(const(stack_st_X509_VERIFY_PARAM)* sk); 114 X509_VERIFY_PARAM* sk_X509_VERIFY_PARAM_value(const(stack_st_X509_VERIFY_PARAM)* sk, int idx); 115 stack_st_X509_VERIFY_PARAM* sk_X509_VERIFY_PARAM_new(sk_X509_VERIFY_PARAM_compfunc compare); 116 stack_st_X509_VERIFY_PARAM* sk_X509_VERIFY_PARAM_new_null(); 117 void sk_X509_VERIFY_PARAM_free(stack_st_X509_VERIFY_PARAM* sk); 118 void sk_X509_VERIFY_PARAM_zero(stack_st_X509_VERIFY_PARAM* sk); 119 X509_VERIFY_PARAM* sk_X509_VERIFY_PARAM_delete(stack_st_X509_VERIFY_PARAM* sk, int i); 120 X509_VERIFY_PARAM* sk_X509_VERIFY_PARAM_delete_ptr(stack_st_X509_VERIFY_PARAM* sk, X509_VERIFY_PARAM* ptr); 121 int sk_X509_VERIFY_PARAM_push(stack_st_X509_VERIFY_PARAM* sk, X509_VERIFY_PARAM* ptr); 122 int sk_X509_VERIFY_PARAM_unshift(stack_st_X509_VERIFY_PARAM* sk, X509_VERIFY_PARAM* ptr); 123 X509_VERIFY_PARAM* sk_X509_VERIFY_PARAM_pop(stack_st_X509_VERIFY_PARAM* sk); 124 X509_VERIFY_PARAM* sk_X509_VERIFY_PARAM_shift(stack_st_X509_VERIFY_PARAM* sk); 125 void sk_X509_VERIFY_PARAM_pop_free(stack_st_X509_VERIFY_PARAM* sk, sk_X509_VERIFY_PARAM_freefunc freefunc); 126 int sk_X509_VERIFY_PARAM_insert(stack_st_X509_VERIFY_PARAM* sk, X509_VERIFY_PARAM* ptr, int idx); 127 X509_VERIFY_PARAM* sk_X509_VERIFY_PARAM_set(stack_st_X509_VERIFY_PARAM* sk, int idx, X509_VERIFY_PARAM* ptr); 128 int sk_X509_VERIFY_PARAM_find(stack_st_X509_VERIFY_PARAM* sk, X509_VERIFY_PARAM* ptr); 129 int sk_X509_VERIFY_PARAM_find_ex(stack_st_X509_VERIFY_PARAM* sk, X509_VERIFY_PARAM* ptr); 130 void sk_X509_VERIFY_PARAM_sort(stack_st_X509_VERIFY_PARAM* sk); 131 int sk_X509_VERIFY_PARAM_is_sorted(const(stack_st_X509_VERIFY_PARAM)* sk); 132 stack_st_X509_VERIFY_PARAM* sk_X509_VERIFY_PARAM_dup(const(stack_st_X509_VERIFY_PARAM)* sk); 133 stack_st_X509_VERIFY_PARAM* sk_X509_VERIFY_PARAM_deep_copy(const(stack_st_X509_VERIFY_PARAM)* sk, sk_X509_VERIFY_PARAM_copyfunc copyfunc, sk_X509_VERIFY_PARAM_freefunc freefunc); 134 sk_X509_VERIFY_PARAM_compfunc sk_X509_VERIFY_PARAM_set_cmp_func(stack_st_X509_VERIFY_PARAM* sk, sk_X509_VERIFY_PARAM_compfunc compare); 135 136 int X509_STORE_set_depth(X509_STORE* store, int depth); 137 138 alias X509_STORE_CTX_verify_cb = int function(int, X509_STORE_CTX*); 139 alias X509_STORE_CTX_verify_fn = int function(X509_STORE_CTX*); 140 alias X509_STORE_CTX_get_issuer_fn = int function( 141 X509** issuer, 142 X509_STORE_CTX* ctx, 143 X509* x); 144 alias X509_STORE_CTX_check_issued_fn = int function( 145 X509_STORE_CTX* ctx, 146 X509* x, 147 X509* issuer); 148 alias X509_STORE_CTX_check_revocation_fn = int function(X509_STORE_CTX* ctx); 149 alias X509_STORE_CTX_get_crl_fn = int function( 150 X509_STORE_CTX* ctx, 151 X509_CRL** crl, 152 X509* x); 153 alias X509_STORE_CTX_check_crl_fn = int function(X509_STORE_CTX* ctx, X509_CRL* crl); 154 alias X509_STORE_CTX_cert_crl_fn = int function( 155 X509_STORE_CTX* ctx, 156 X509_CRL* crl, 157 X509* x); 158 alias X509_STORE_CTX_check_policy_fn = int function(X509_STORE_CTX* ctx); 159 160 struct stack_st_X509; 161 alias X509_STORE_CTX_lookup_certs_fn = stack_st_X509* function( 162 X509_STORE_CTX* ctx, 163 X509_NAME* nm); 164 165 /* These are 'informational' when looking for issuer cert */ 166 167 struct stack_st_X509_CRL; 168 alias X509_STORE_CTX_lookup_crls_fn = stack_st_X509_CRL* function( 169 X509_STORE_CTX* ctx, 170 X509_NAME* nm); 171 alias X509_STORE_CTX_cleanup_fn = int function(X509_STORE_CTX* ctx); 172 void X509_STORE_CTX_set_depth(X509_STORE_CTX* ctx, int depth); 173 174 extern (D) auto X509_STORE_CTX_set_app_data(T0, T1)(auto ref T0 ctx, auto ref T1 data) 175 { 176 return X509_STORE_CTX_set_ex_data(ctx, 0, data); 177 } 178 179 extern (D) auto X509_STORE_CTX_get_app_data(T)(auto ref T ctx) 180 { 181 return X509_STORE_CTX_get_ex_data(ctx, 0); 182 } 183 184 enum X509_L_FILE_LOAD = 1; 185 enum X509_L_ADD_DIR = 2; 186 187 extern (D) auto X509_LOOKUP_load_file(T0, T1, T2)(auto ref T0 x, auto ref T1 name, auto ref T2 type) 188 { 189 return X509_LOOKUP_ctrl(x, X509_L_FILE_LOAD, name, cast(c_long) type, NULL); 190 } 191 192 extern (D) auto X509_LOOKUP_add_dir(T0, T1, T2)(auto ref T0 x, auto ref T1 name, auto ref T2 type) 193 { 194 return X509_LOOKUP_ctrl(x, X509_L_ADD_DIR, name, cast(c_long) type, NULL); 195 } 196 197 enum X509_V_OK = 0; 198 enum X509_V_ERR_UNSPECIFIED = 1; 199 enum X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2; 200 enum X509_V_ERR_UNABLE_TO_GET_CRL = 3; 201 enum X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE = 4; 202 enum X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE = 5; 203 enum X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY = 6; 204 enum X509_V_ERR_CERT_SIGNATURE_FAILURE = 7; 205 enum X509_V_ERR_CRL_SIGNATURE_FAILURE = 8; 206 enum X509_V_ERR_CERT_NOT_YET_VALID = 9; 207 enum X509_V_ERR_CERT_HAS_EXPIRED = 10; 208 enum X509_V_ERR_CRL_NOT_YET_VALID = 11; 209 enum X509_V_ERR_CRL_HAS_EXPIRED = 12; 210 enum X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 13; 211 enum X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 14; 212 enum X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD = 15; 213 enum X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 16; 214 enum X509_V_ERR_OUT_OF_MEM = 17; 215 enum X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 18; 216 enum X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = 19; 217 enum X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = 20; 218 enum X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = 21; 219 enum X509_V_ERR_CERT_CHAIN_TOO_LONG = 22; 220 enum X509_V_ERR_CERT_REVOKED = 23; 221 enum X509_V_ERR_INVALID_CA = 24; 222 enum X509_V_ERR_PATH_LENGTH_EXCEEDED = 25; 223 enum X509_V_ERR_INVALID_PURPOSE = 26; 224 enum X509_V_ERR_CERT_UNTRUSTED = 27; 225 enum X509_V_ERR_CERT_REJECTED = 28; 226 enum X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29; 227 enum X509_V_ERR_AKID_SKID_MISMATCH = 30; 228 enum X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH = 31; 229 enum X509_V_ERR_KEYUSAGE_NO_CERTSIGN = 32; 230 enum X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER = 33; 231 enum X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION = 34; 232 enum X509_V_ERR_KEYUSAGE_NO_CRL_SIGN = 35; 233 enum X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION = 36; 234 enum X509_V_ERR_INVALID_NON_CA = 37; 235 enum X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED = 38; 236 enum X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE = 39; 237 enum X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED = 40; 238 enum X509_V_ERR_INVALID_EXTENSION = 41; 239 enum X509_V_ERR_INVALID_POLICY_EXTENSION = 42; 240 enum X509_V_ERR_NO_EXPLICIT_POLICY = 43; 241 enum X509_V_ERR_DIFFERENT_CRL_SCOPE = 44; 242 enum X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE = 45; 243 enum X509_V_ERR_UNNESTED_RESOURCE = 46; 244 enum X509_V_ERR_PERMITTED_VIOLATION = 47; 245 enum X509_V_ERR_EXCLUDED_VIOLATION = 48; 246 enum X509_V_ERR_SUBTREE_MINMAX = 49; 247 /* The application is not happy */ 248 enum X509_V_ERR_APPLICATION_VERIFICATION = 50; 249 enum X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE = 51; 250 enum X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX = 52; 251 enum X509_V_ERR_UNSUPPORTED_NAME_SYNTAX = 53; 252 enum X509_V_ERR_CRL_PATH_VALIDATION_ERROR = 54; 253 /* Another issuer check debug option */ 254 enum X509_V_ERR_PATH_LOOP = 55; 255 /* Suite B mode algorithm violation */ 256 enum X509_V_ERR_SUITE_B_INVALID_VERSION = 56; 257 enum X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 57; 258 enum X509_V_ERR_SUITE_B_INVALID_CURVE = 58; 259 enum X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 59; 260 enum X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 60; 261 enum X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 61; 262 /* Host, email and IP check errors */ 263 enum X509_V_ERR_HOSTNAME_MISMATCH = 62; 264 enum X509_V_ERR_EMAIL_MISMATCH = 63; 265 enum X509_V_ERR_IP_ADDRESS_MISMATCH = 64; 266 /* DANE TLSA errors */ 267 enum X509_V_ERR_DANE_NO_MATCH = 65; 268 /* security level errors */ 269 enum X509_V_ERR_EE_KEY_TOO_SMALL = 66; 270 enum X509_V_ERR_CA_KEY_TOO_SMALL = 67; 271 enum X509_V_ERR_CA_MD_TOO_WEAK = 68; 272 /* Caller error */ 273 enum X509_V_ERR_INVALID_CALL = 69; 274 /* Issuer lookup error */ 275 enum X509_V_ERR_STORE_LOOKUP = 70; 276 /* Certificate transparency */ 277 enum X509_V_ERR_NO_VALID_SCTS = 71; 278 279 enum X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION = 72; 280 281 /* Certificate verify flags */ 282 283 enum X509_V_FLAG_CB_ISSUER_CHECK = 0x0; /* Deprecated */ 284 285 /* Use check time instead of current time */ 286 enum X509_V_FLAG_USE_CHECK_TIME = 0x2; 287 /* Lookup CRLs */ 288 enum X509_V_FLAG_CRL_CHECK = 0x4; 289 /* Lookup CRLs for whole chain */ 290 enum X509_V_FLAG_CRL_CHECK_ALL = 0x8; 291 /* Ignore unhandled critical extensions */ 292 enum X509_V_FLAG_IGNORE_CRITICAL = 0x10; 293 /* Disable workarounds for broken certificates */ 294 enum X509_V_FLAG_X509_STRICT = 0x20; 295 /* Enable proxy certificate validation */ 296 enum X509_V_FLAG_ALLOW_PROXY_CERTS = 0x40; 297 /* Enable policy checking */ 298 enum X509_V_FLAG_POLICY_CHECK = 0x80; 299 /* Policy variable require-explicit-policy */ 300 enum X509_V_FLAG_EXPLICIT_POLICY = 0x100; 301 /* Policy variable inhibit-any-policy */ 302 enum X509_V_FLAG_INHIBIT_ANY = 0x200; 303 /* Policy variable inhibit-policy-mapping */ 304 enum X509_V_FLAG_INHIBIT_MAP = 0x400; 305 /* Notify callback that policy is OK */ 306 enum X509_V_FLAG_NOTIFY_POLICY = 0x800; 307 /* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ 308 enum X509_V_FLAG_EXTENDED_CRL_SUPPORT = 0x1000; 309 /* Delta CRL support */ 310 enum X509_V_FLAG_USE_DELTAS = 0x2000; 311 /* Check self-signed CA signature */ 312 enum X509_V_FLAG_CHECK_SS_SIGNATURE = 0x4000; 313 /* Use trusted store first */ 314 enum X509_V_FLAG_TRUSTED_FIRST = 0x8000; 315 /* Suite B 128 bit only mode: not normally used */ 316 enum X509_V_FLAG_SUITEB_128_LOS_ONLY = 0x10000; 317 /* Suite B 192 bit only mode */ 318 enum X509_V_FLAG_SUITEB_192_LOS = 0x20000; 319 /* Suite B 128 bit mode allowing 192 bit algorithms */ 320 enum X509_V_FLAG_SUITEB_128_LOS = 0x30000; 321 /* Allow partial chains if at least one certificate is in trusted store */ 322 enum X509_V_FLAG_PARTIAL_CHAIN = 0x80000; 323 /* 324 * If the initial chain is not trusted, do not attempt to build an alternative 325 * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag 326 * will force the behaviour to match that of previous versions. 327 */ 328 enum X509_V_FLAG_NO_ALT_CHAINS = 0x100000; 329 /* Do not check certificate/CRL validity against current time */ 330 enum X509_V_FLAG_NO_CHECK_TIME = 0x200000; 331 332 enum X509_VP_FLAG_DEFAULT = 0x1; 333 enum X509_VP_FLAG_OVERWRITE = 0x2; 334 enum X509_VP_FLAG_RESET_FLAGS = 0x4; 335 enum X509_VP_FLAG_LOCKED = 0x8; 336 enum X509_VP_FLAG_ONCE = 0x10; 337 338 /* Internal use: mask of policy related options */ 339 enum X509_V_FLAG_POLICY_MASK = X509_V_FLAG_POLICY_CHECK | X509_V_FLAG_EXPLICIT_POLICY | X509_V_FLAG_INHIBIT_ANY | X509_V_FLAG_INHIBIT_MAP; 340 341 int X509_OBJECT_idx_by_subject( 342 stack_st_X509_OBJECT* h, 343 X509_LOOKUP_TYPE type, 344 X509_NAME* name); 345 X509_OBJECT* X509_OBJECT_retrieve_by_subject( 346 stack_st_X509_OBJECT* h, 347 X509_LOOKUP_TYPE type, 348 X509_NAME* name); 349 X509_OBJECT* X509_OBJECT_retrieve_match( 350 stack_st_X509_OBJECT* h, 351 X509_OBJECT* x); 352 int X509_OBJECT_up_ref_count(X509_OBJECT* a); 353 X509_OBJECT* X509_OBJECT_new(); 354 void X509_OBJECT_free(X509_OBJECT* a); 355 X509_LOOKUP_TYPE X509_OBJECT_get_type(const(X509_OBJECT)* a); 356 X509* X509_OBJECT_get0_X509(const(X509_OBJECT)* a); 357 X509_CRL* X509_OBJECT_get0_X509_CRL(X509_OBJECT* a); 358 X509_STORE* X509_STORE_new(); 359 void X509_STORE_free(X509_STORE* v); 360 int X509_STORE_lock(X509_STORE* ctx); 361 int X509_STORE_unlock(X509_STORE* ctx); 362 int X509_STORE_up_ref(X509_STORE* v); 363 stack_st_X509_OBJECT* X509_STORE_get0_objects(X509_STORE* v); 364 365 stack_st_X509* X509_STORE_CTX_get1_certs(X509_STORE_CTX* st, X509_NAME* nm); 366 stack_st_X509_CRL* X509_STORE_CTX_get1_crls(X509_STORE_CTX* st, X509_NAME* nm); 367 int X509_STORE_set_flags(X509_STORE* ctx, c_ulong flags); 368 int X509_STORE_set_purpose(X509_STORE* ctx, int purpose); 369 int X509_STORE_set_trust(X509_STORE* ctx, int trust); 370 int X509_STORE_set1_param(X509_STORE* ctx, X509_VERIFY_PARAM* pm); 371 X509_VERIFY_PARAM* X509_STORE_get0_param(X509_STORE* ctx); 372 373 void X509_STORE_set_verify(X509_STORE* ctx, X509_STORE_CTX_verify_fn verify); 374 alias X509_STORE_set_verify_func = X509_STORE_set_verify; 375 void X509_STORE_CTX_set_verify( 376 X509_STORE_CTX* ctx, 377 X509_STORE_CTX_verify_fn verify); 378 X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE* ctx); 379 void X509_STORE_set_verify_cb( 380 X509_STORE* ctx, 381 X509_STORE_CTX_verify_cb verify_cb); 382 alias X509_STORE_set_verify_cb_func = X509_STORE_set_verify_cb; 383 X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE* ctx); 384 void X509_STORE_set_get_issuer( 385 X509_STORE* ctx, 386 X509_STORE_CTX_get_issuer_fn get_issuer); 387 X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE* ctx); 388 void X509_STORE_set_check_issued( 389 X509_STORE* ctx, 390 X509_STORE_CTX_check_issued_fn check_issued); 391 X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE* ctx); 392 void X509_STORE_set_check_revocation( 393 X509_STORE* ctx, 394 X509_STORE_CTX_check_revocation_fn check_revocation); 395 X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE* ctx); 396 void X509_STORE_set_get_crl(X509_STORE* ctx, X509_STORE_CTX_get_crl_fn get_crl); 397 X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE* ctx); 398 void X509_STORE_set_check_crl( 399 X509_STORE* ctx, 400 X509_STORE_CTX_check_crl_fn check_crl); 401 X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE* ctx); 402 void X509_STORE_set_cert_crl( 403 X509_STORE* ctx, 404 X509_STORE_CTX_cert_crl_fn cert_crl); 405 X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE* ctx); 406 void X509_STORE_set_check_policy( 407 X509_STORE* ctx, 408 X509_STORE_CTX_check_policy_fn check_policy); 409 X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE* ctx); 410 void X509_STORE_set_lookup_certs( 411 X509_STORE* ctx, 412 X509_STORE_CTX_lookup_certs_fn lookup_certs); 413 X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE* ctx); 414 void X509_STORE_set_lookup_crls( 415 X509_STORE* ctx, 416 X509_STORE_CTX_lookup_crls_fn lookup_crls); 417 alias X509_STORE_set_lookup_crls_cb = X509_STORE_set_lookup_crls; 418 X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE* ctx); 419 void X509_STORE_set_cleanup(X509_STORE* ctx, X509_STORE_CTX_cleanup_fn cleanup); 420 X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE* ctx); 421 422 extern (D) auto X509_STORE_get_ex_new_index(T0, T1, T2, T3, T4)(auto ref T0 l, auto ref T1 p, auto ref T2 newf, auto ref T3 dupf, auto ref T4 freef) 423 { 424 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef); 425 } 426 427 int X509_STORE_set_ex_data(X509_STORE* ctx, int idx, void* data); 428 void* X509_STORE_get_ex_data(X509_STORE* ctx, int idx); 429 430 X509_STORE_CTX* X509_STORE_CTX_new(); 431 432 int X509_STORE_CTX_get1_issuer(X509** issuer, X509_STORE_CTX* ctx, X509* x); 433 434 void X509_STORE_CTX_free(X509_STORE_CTX* ctx); 435 int X509_STORE_CTX_init( 436 X509_STORE_CTX* ctx, 437 X509_STORE* store, 438 X509* x509, 439 stack_st_X509* chain); 440 void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX* ctx, stack_st_X509* sk); 441 void X509_STORE_CTX_cleanup(X509_STORE_CTX* ctx); 442 443 X509_STORE* X509_STORE_CTX_get0_store(X509_STORE_CTX* ctx); 444 X509* X509_STORE_CTX_get0_cert(X509_STORE_CTX* ctx); 445 stack_st_X509* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX* ctx); 446 void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX* ctx, stack_st_X509* sk); 447 void X509_STORE_CTX_set_verify_cb( 448 X509_STORE_CTX* ctx, 449 X509_STORE_CTX_verify_cb verify); 450 X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX* ctx); 451 X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX* ctx); 452 X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX* ctx); 453 X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX* ctx); 454 X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX* ctx); 455 X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX* ctx); 456 X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX* ctx); 457 X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX* ctx); 458 X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX* ctx); 459 X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX* ctx); 460 X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX* ctx); 461 X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX* ctx); 462 463 alias X509_STORE_CTX_get_chain = X509_STORE_CTX_get0_chain; 464 alias X509_STORE_CTX_set_chain = X509_STORE_CTX_set0_untrusted; 465 alias X509_STORE_CTX_trusted_stack = X509_STORE_CTX_set0_trusted_stack; 466 alias X509_STORE_get_by_subject = X509_STORE_CTX_get_by_subject; 467 alias X509_STORE_get1_cert = X509_STORE_CTX_get1_certs; 468 alias X509_STORE_get1_crl = X509_STORE_CTX_get1_crls; 469 470 X509_LOOKUP* X509_STORE_add_lookup(X509_STORE* v, X509_LOOKUP_METHOD* m); 471 X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(); 472 X509_LOOKUP_METHOD* X509_LOOKUP_file(); 473 474 int X509_STORE_add_cert(X509_STORE* ctx, X509* x); 475 int X509_STORE_add_crl(X509_STORE* ctx, X509_CRL* x); 476 477 int X509_STORE_CTX_get_by_subject( 478 X509_STORE_CTX* vs, 479 X509_LOOKUP_TYPE type, 480 X509_NAME* name, 481 X509_OBJECT* ret); 482 X509_OBJECT* X509_STORE_CTX_get_obj_by_subject( 483 X509_STORE_CTX* vs, 484 X509_LOOKUP_TYPE type, 485 X509_NAME* name); 486 487 int X509_LOOKUP_ctrl( 488 X509_LOOKUP* ctx, 489 int cmd, 490 const(char)* argc, 491 c_long argl, 492 char** ret); 493 494 int X509_load_cert_file(X509_LOOKUP* ctx, const(char)* file, int type); 495 int X509_load_crl_file(X509_LOOKUP* ctx, const(char)* file, int type); 496 int X509_load_cert_crl_file(X509_LOOKUP* ctx, const(char)* file, int type); 497 498 X509_LOOKUP* X509_LOOKUP_new(X509_LOOKUP_METHOD* method); 499 void X509_LOOKUP_free(X509_LOOKUP* ctx); 500 int X509_LOOKUP_init(X509_LOOKUP* ctx); 501 int X509_LOOKUP_by_subject( 502 X509_LOOKUP* ctx, 503 X509_LOOKUP_TYPE type, 504 X509_NAME* name, 505 X509_OBJECT* ret); 506 int X509_LOOKUP_by_issuer_serial( 507 X509_LOOKUP* ctx, 508 X509_LOOKUP_TYPE type, 509 X509_NAME* name, 510 ASN1_INTEGER* serial, 511 X509_OBJECT* ret); 512 int X509_LOOKUP_by_fingerprint( 513 X509_LOOKUP* ctx, 514 X509_LOOKUP_TYPE type, 515 const(ubyte)* bytes, 516 int len, 517 X509_OBJECT* ret); 518 int X509_LOOKUP_by_alias( 519 X509_LOOKUP* ctx, 520 X509_LOOKUP_TYPE type, 521 const(char)* str, 522 int len, 523 X509_OBJECT* ret); 524 int X509_LOOKUP_shutdown(X509_LOOKUP* ctx); 525 526 int X509_STORE_load_locations( 527 X509_STORE* ctx, 528 const(char)* file, 529 const(char)* dir); 530 int X509_STORE_set_default_paths(X509_STORE* ctx); 531 532 extern (D) auto X509_STORE_CTX_get_ex_new_index(T0, T1, T2, T3, T4)(auto ref T0 l, auto ref T1 p, auto ref T2 newf, auto ref T3 dupf, auto ref T4 freef) 533 { 534 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef); 535 } 536 537 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX* ctx, int idx, void* data); 538 void* X509_STORE_CTX_get_ex_data(X509_STORE_CTX* ctx, int idx); 539 int X509_STORE_CTX_get_error(X509_STORE_CTX* ctx); 540 void X509_STORE_CTX_set_error(X509_STORE_CTX* ctx, int s); 541 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX* ctx); 542 void X509_STORE_CTX_set_error_depth(X509_STORE_CTX* ctx, int depth); 543 X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX* ctx); 544 void X509_STORE_CTX_set_current_cert(X509_STORE_CTX* ctx, X509* x); 545 X509* X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX* ctx); 546 X509_CRL* X509_STORE_CTX_get0_current_crl(X509_STORE_CTX* ctx); 547 X509_STORE_CTX* X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX* ctx); 548 stack_st_X509* X509_STORE_CTX_get0_chain(X509_STORE_CTX* ctx); 549 stack_st_X509* X509_STORE_CTX_get1_chain(X509_STORE_CTX* ctx); 550 void X509_STORE_CTX_set_cert(X509_STORE_CTX* c, X509* x); 551 void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX* c, stack_st_X509* sk); 552 void X509_STORE_CTX_set0_crls(X509_STORE_CTX* c, stack_st_X509_CRL* sk); 553 int X509_STORE_CTX_set_purpose(X509_STORE_CTX* ctx, int purpose); 554 int X509_STORE_CTX_set_trust(X509_STORE_CTX* ctx, int trust); 555 int X509_STORE_CTX_purpose_inherit( 556 X509_STORE_CTX* ctx, 557 int def_purpose, 558 int purpose, 559 int trust); 560 void X509_STORE_CTX_set_flags(X509_STORE_CTX* ctx, c_ulong flags); 561 void X509_STORE_CTX_set_time(X509_STORE_CTX* ctx, c_ulong flags, time_t t); 562 563 X509_POLICY_TREE* X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX* ctx); 564 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX* ctx); 565 int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX* ctx); 566 567 X509_VERIFY_PARAM* X509_STORE_CTX_get0_param(X509_STORE_CTX* ctx); 568 void X509_STORE_CTX_set0_param(X509_STORE_CTX* ctx, X509_VERIFY_PARAM* param); 569 int X509_STORE_CTX_set_default(X509_STORE_CTX* ctx, const(char)* name); 570 571 /* 572 * Bridge opacity barrier between libcrypt and libssl, also needed to support 573 * offline testing in test/danetest.c 574 */ 575 void X509_STORE_CTX_set0_dane(X509_STORE_CTX* ctx, SSL_DANE* dane); 576 enum DANE_FLAG_NO_DANE_EE_NAMECHECKS = 1L << 0; 577 578 /* X509_VERIFY_PARAM functions */ 579 580 X509_VERIFY_PARAM* X509_VERIFY_PARAM_new(); 581 void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM* param); 582 int X509_VERIFY_PARAM_inherit( 583 X509_VERIFY_PARAM* to, 584 const(X509_VERIFY_PARAM)* from); 585 int X509_VERIFY_PARAM_set1( 586 X509_VERIFY_PARAM* to, 587 const(X509_VERIFY_PARAM)* from); 588 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM* param, const(char)* name); 589 int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM* param, c_ulong flags); 590 int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM* param, c_ulong flags); 591 c_ulong X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM* param); 592 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM* param, int purpose); 593 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM* param, int trust); 594 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM* param, int depth); 595 void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM* param, int auth_level); 596 time_t X509_VERIFY_PARAM_get_time(const(X509_VERIFY_PARAM)* param); 597 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM* param, time_t t); 598 int X509_VERIFY_PARAM_add0_policy( 599 X509_VERIFY_PARAM* param, 600 ASN1_OBJECT* policy); 601 int X509_VERIFY_PARAM_set1_policies( 602 X509_VERIFY_PARAM* param, 603 stack_st_ASN1_OBJECT* policies); 604 605 int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM* param, uint flags); 606 uint X509_VERIFY_PARAM_get_inh_flags(const(X509_VERIFY_PARAM)* param); 607 608 int X509_VERIFY_PARAM_set1_host( 609 X509_VERIFY_PARAM* param, 610 const(char)* name, 611 size_t namelen); 612 int X509_VERIFY_PARAM_add1_host( 613 X509_VERIFY_PARAM* param, 614 const(char)* name, 615 size_t namelen); 616 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM* param, uint flags); 617 char* X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM*); 618 void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM*, X509_VERIFY_PARAM*); 619 int X509_VERIFY_PARAM_set1_email( 620 X509_VERIFY_PARAM* param, 621 const(char)* email, 622 size_t emaillen); 623 int X509_VERIFY_PARAM_set1_ip( 624 X509_VERIFY_PARAM* param, 625 const(ubyte)* ip, 626 size_t iplen); 627 int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM* param, const(char)* ipasc); 628 629 int X509_VERIFY_PARAM_get_depth(const(X509_VERIFY_PARAM)* param); 630 int X509_VERIFY_PARAM_get_auth_level(const(X509_VERIFY_PARAM)* param); 631 const(char)* X509_VERIFY_PARAM_get0_name(const(X509_VERIFY_PARAM)* param); 632 633 int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM* param); 634 int X509_VERIFY_PARAM_get_count(); 635 const(X509_VERIFY_PARAM)* X509_VERIFY_PARAM_get0(int id); 636 const(X509_VERIFY_PARAM)* X509_VERIFY_PARAM_lookup(const(char)* name); 637 void X509_VERIFY_PARAM_table_cleanup(); 638 639 /* Non positive return values are errors */ 640 enum X509_PCY_TREE_FAILURE = -2; /* Failure to satisfy explicit policy */ 641 enum X509_PCY_TREE_INVALID = -1; /* Inconsistent or invalid extensions */ 642 enum X509_PCY_TREE_INTERNAL = 0; /* Internal error, most likely malloc */ 643 644 /* 645 * Positive return values form a bit mask, all but the first are internal to 646 * the library and don't appear in results from X509_policy_check(). 647 */ 648 enum X509_PCY_TREE_VALID = 1; /* The policy tree is valid */ 649 enum X509_PCY_TREE_EMPTY = 2; /* The policy tree is empty */ 650 enum X509_PCY_TREE_EXPLICIT = 4; /* Explicit policy required */ 651 652 int X509_policy_check( 653 X509_POLICY_TREE** ptree, 654 int* pexplicit_policy, 655 stack_st_X509* certs, 656 stack_st_ASN1_OBJECT* policy_oids, 657 uint flags); 658 659 void X509_policy_tree_free(X509_POLICY_TREE* tree); 660 661 int X509_policy_tree_level_count(const(X509_POLICY_TREE)* tree); 662 X509_POLICY_LEVEL* X509_policy_tree_get0_level( 663 const(X509_POLICY_TREE)* tree, 664 int i); 665 666 struct stack_st_X509_POLICY_NODE; 667 stack_st_X509_POLICY_NODE* X509_policy_tree_get0_policies( 668 const(X509_POLICY_TREE)* tree); 669 670 stack_st_X509_POLICY_NODE* X509_policy_tree_get0_user_policies( 671 const(X509_POLICY_TREE)* tree); 672 673 int X509_policy_level_node_count(X509_POLICY_LEVEL* level); 674 675 X509_POLICY_NODE* X509_policy_level_get0_node(X509_POLICY_LEVEL* level, int i); 676 677 const(ASN1_OBJECT)* X509_policy_node_get0_policy(const(X509_POLICY_NODE)* node); 678 679 struct stack_st_POLICYQUALINFO; 680 stack_st_POLICYQUALINFO* X509_policy_node_get0_qualifiers( 681 const(X509_POLICY_NODE)* node); 682 const(X509_POLICY_NODE)* X509_policy_node_get0_parent( 683 const(X509_POLICY_NODE)* node); 684