diff options
Diffstat (limited to 'include/netsurf')
-rw-r--r-- | include/netsurf/browser_window.h | 8 | ||||
-rw-r--r-- | include/netsurf/misc.h | 5 | ||||
-rw-r--r-- | include/netsurf/ssl_certs.h | 71 |
3 files changed, 63 insertions, 21 deletions
diff --git a/include/netsurf/browser_window.h b/include/netsurf/browser_window.h index 7b2f652e6..e8faa1877 100644 --- a/include/netsurf/browser_window.h +++ b/include/netsurf/browser_window.h @@ -42,7 +42,7 @@ struct form_control; struct nsurl; struct rect; struct redraw_context; -struct ssl_cert_info; +struct cert_chain; enum content_debug; /** @@ -784,11 +784,9 @@ browser_window_page_info_state browser_window_get_page_info_state( * If there is no chain available, this will return NSERROR_NOT_FOUND * * \param bw The browser window - * \param num Pointer to be filled out with chain length - * \param chain Pointer to be filled out with chain base + * \param chain Pointer to be filled out with certificate chain * \return Whether or not the chain is available */ -nserror browser_window_get_ssl_chain(struct browser_window *bw, size_t *num, - struct ssl_cert_info **chain); +nserror browser_window_get_ssl_chain(struct browser_window *bw, struct cert_chain **chain); #endif diff --git a/include/netsurf/misc.h b/include/netsurf/misc.h index 8a7953192..cc0b78dbb 100644 --- a/include/netsurf/misc.h +++ b/include/netsurf/misc.h @@ -27,7 +27,7 @@ struct form_control; struct gui_window; -struct ssl_cert_info; +struct cert_chain; struct nsurl; /** @@ -81,8 +81,7 @@ struct gui_misc_table { * \return NSERROR_OK on sucess else error and cb never called */ nserror (*cert_verify)(struct nsurl *url, - const struct ssl_cert_info *certs, - unsigned long num, + const struct cert_chain *chain, nserror (*cb)(bool proceed, void *pw), void *cbpw); diff --git a/include/netsurf/ssl_certs.h b/include/netsurf/ssl_certs.h index 0444678a8..1aaf485a7 100644 --- a/include/netsurf/ssl_certs.h +++ b/include/netsurf/ssl_certs.h @@ -48,22 +48,67 @@ typedef enum { /** Always the max known ssl certificate error type */ #define SSL_CERT_ERR_MAX_KNOWN SSL_CERT_ERR_HOSTNAME_MISMATCH +/** maximum number of X509 certificates in chain for TLS connection */ +#define MAX_CERT_DEPTH 10 + /** - * ssl certificate information for certificate error message + * X509 certificate chain */ -struct ssl_cert_info { - long version; /**< Certificate version */ - char not_before[32]; /**< Valid from date */ - char not_after[32]; /**< Valid to date */ - int sig_type; /**< Signature type */ - char serialnum[64]; /**< Serial number */ - char issuer[256]; /**< Issuer details */ - char subject[256]; /**< Subject details */ - int cert_type; /**< Certificate type */ - ssl_cert_err err; /**< Whatever is wrong with this certificate */ +struct cert_chain { + /** + * the number of certificates in the chain + * */ + size_t depth; + struct { + /** + * Whatever is wrong with this certificate + */ + ssl_cert_err err; + + /** + * data in Distinguished Encoding Rules (DER) format + */ + uint8_t *der; + + /** + * DER length + */ + size_t der_length; + } certs[MAX_CERT_DEPTH]; }; -/** maximum number of X509 certificates in chain for TLS connection */ -#define MAX_SSL_CERTS 10 +/** + * create new certificate chain + * + * \param dpth the depth to set in the new chain. + * \param chain_out A pointer to recive the new chain. + * \return NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion + */ +nserror cert_chain_alloc(size_t depth, struct cert_chain **chain_out); + +/** + * duplicate a certificate chain + * + * \param src The certificate chain to copy from + * \param dst_out A pointer to recive the duplicated chain + * \return NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion + */ +nserror cert_chain_dup(const struct cert_chain *src, struct cert_chain **dst_out); + +/** + * free a certificate chain + * + * \param chain The certificate chain to free + * \return NSERROR_OK on success + */ +nserror cert_chain_free(struct cert_chain *chain); + +/** + * total number of data bytes in a chain + * + * \param chain The chain to size + * \return the number of bytes used by the chain + */ +size_t cert_chain_size(const struct cert_chain *chain); #endif /* NETSURF_SSL_CERTS_H_ */ |