From 0c34d06494afe217ace7460c66df800d457dd2e8 Mon Sep 17 00:00:00 2001
From: Vincent Sanders <vince@kyllikki.org>
Date: Sun, 23 Feb 2020 16:06:52 +0000
Subject: Keep the complete certificate chain from a fetch

Instead of extracting information from the X509 certificate chain in
the fetcher the entire chain is propagated in Distinguished Encoding
Rules (DER) format.

This allows all the information contained in a certificate chain to be
retained which can subsequently be presented to the user
---
 content/llcache.h | 35 ++++++++++++++++-------------------
 1 file changed, 16 insertions(+), 19 deletions(-)

(limited to 'content/llcache.h')

diff --git a/content/llcache.h b/content/llcache.h
index 8d2411e0a..514272f29 100644
--- a/content/llcache.h
+++ b/content/llcache.h
@@ -30,7 +30,7 @@
 #include "utils/errors.h"
 #include "utils/nsurl.h"
 
-struct ssl_cert_info;
+struct cert_chain;
 struct fetch_multipart_data;
 
 /** Handle for low-level cache object */
@@ -83,26 +83,23 @@ typedef enum {
  * and must be copied if it is desirable to retain.
  */
 typedef struct {
-	llcache_event_type type;	/**< Type of event */
+	llcache_event_type type;            /**< Type of event */
 	union {
 		struct {
-			const uint8_t *buf;	/**< Buffer of data */
-			size_t len;	/**< Length of buffer, in bytes */
-		} data;			/**< Received data */
+			const uint8_t *buf; /**< Buffer of data */
+			size_t len;	    /**< Byte length of buffer */
+		} data;                     /**< Received data */
 		struct {
-			nserror code;		/**< The error code */
-			const char *msg;	/**< Error message */
+			nserror code;       /**< The error code */
+			const char *msg;    /**< Error message */
 		} error;
-		const char *progress_msg;	/**< Progress message */
+		const char *progress_msg;   /**< Progress message */
 		struct {
-			nsurl *from;	/**< Redirect origin */
-			nsurl *to;	/**< Redirect target */
-		} redirect;		/**< Fetch URL redirect occured */
-		struct {
-			const struct ssl_cert_info *certs; /**< The chain */
-			size_t num;		/**< Number of certs in chain */
-		} certs;
-	} data;				/**< Event data */
+			nsurl *from;	    /**< Redirect origin */
+			nsurl *to;	    /**< Redirect target */
+		} redirect;                 /**< Fetch URL redirect occured */
+		const struct cert_chain *chain;    /**< Certificate chain */
+	} data;				    /**< Event data */
 } llcache_event;
 
 /**
@@ -171,17 +168,17 @@ struct llcache_parameters {
 	size_t hysteresis; /**< The hysteresis around the target size */
 
 	/** The minimum lifetime to consider sending objects to backing store.*/
-	int minimum_lifetime; 
+	int minimum_lifetime;
 
 	/** The minimum bandwidth to allow the backing store to
 	 * use in bytes/second
 	 */
-	size_t minimum_bandwidth; 
+	size_t minimum_bandwidth;
 
 	/** The maximum bandwidth to allow the backing store to use in
 	 * bytes/second
 	 */
-	size_t maximum_bandwidth; 
+	size_t maximum_bandwidth;
 
 	/** The time quantum over which to calculate the bandwidth values
 	 */
-- 
cgit v1.2.3