cert

cert

Types and Values

Description

Functions

Types and Values

MAX_OCSP_RESPONSES

#define MAX_OCSP_RESPONSES 8

certs_st

typedef struct {
	gnutls_pcert_st *cert_list; /* a certificate chain */
	unsigned int cert_list_length; /* its length */
	gnutls_str_array_t names; /* the names in the first certificate */

	gnutls_status_request_ocsp_func ocsp_func;
	void *ocsp_func_ptr; /* corresponding OCSP response function + ptr */

	gnutls_ocsp_data_st ocsp_data[MAX_OCSP_RESPONSES];
	unsigned int ocsp_data_length;

	/* the private key corresponding to certificate */
	gnutls_privkey_t pkey;
} certs_st;

certificate_credentials_st

typedef struct {
	gnutls_dh_params_t dh_params;
	unsigned deinit_dh_params; /* if the internal values are set */
	gnutls_sec_param_t dh_sec_param; /* used in RFC7919 negotiation */

	/* this callback is used to retrieve the DH or RSA
	 * parameters.
	 */
	gnutls_params_function *params_func;

	certs_st *certs;
	unsigned ncerts; /* the number of certs */

	/* contains sorted index values for certs. Sorted in a way
	 * that RSA-PSS keys always take precedence over plain RSA keys
	 * to ensure that we use only RSA-PSS keys if present for RSA-PSS
	 * operations. We keep indexes to certs structures above.
	 */
	unsigned int *sorted_cert_idx;

	/* X509 specific stuff */
	gnutls_x509_trust_list_t tlist;
	unsigned flags; /* gnutls_certificate_flags */
	unsigned int verify_flags; /* flags to be used at
					 * certificate verification.
					 */
	unsigned int verify_depth;
	unsigned int verify_bits;

	/* It's a mess here. However we need to keep the old 3 functions
	 * for compatibility */
	gnutls_certificate_retrieve_function *legacy_cert_cb1; /* deprecated */
	gnutls_certificate_retrieve_function2 *legacy_cert_cb2;
	gnutls_certificate_retrieve_function3 *get_cert_callback3;

	gnutls_certificate_verify_function *verify_callback;

	struct pin_info_st pin;
	/* temporarily hold the PIN if set_key_file2() is used with a PIN */
	char pin_tmp[GNUTLS_PKCS11_MAX_PIN_LEN];

	/* OCSP */
	gnutls_status_request_ocsp_func glob_ocsp_func;
	void *glob_ocsp_func_ptr; /* corresponding OCSP response function */

	/* This is only used by server to indicate whether this
	 * credentials can be used for signing in TLS 1.3. */
	bool tls13_ok;
} certificate_credentials_st;