1 /* Copyright (C) 2014 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
9 * In addition, as a special exception, the copyright holders give
10 * permission to link the code of portions of this program with the
11 * OpenSSL library under certain conditions as described in each
12 * individual source file, and distribute linked combinations
15 * You must obey the GNU General Public License in all respects
16 * for all of the code used other than OpenSSL. If you modify
17 * file(s) with this exception, you may extend this exception to your
18 * version of the file(s), but you are not obligated to do so. If you
19 * do not wish to do so, delete this exception statement from your
20 * version. If you delete this exception statement from all source
21 * files in the program, then also delete it here.
28 #ifdef LIBOPENSSL_ENABLED
30 #include <openssl/ssl.h>
31 #include <openssl/x509v3.h>
34 #define VERIFY_FALSE 0
35 #define VERIFY_ERROR -1
37 #define DNS_MAX_LABELS 127
38 #define DNS_MAX_LABEL_LEN 63
40 typedef struct label_t {
41 char text[DNS_MAX_LABEL_LEN + 1];
46 int check_x509_cert(const SSL *ssl, const char *manager);
47 int check_subject_alt_names(X509 *cert, const char *manager);
48 int check_subject_cn(X509 *cert, const char *manager);
49 int check_hostname(ASN1_STRING *cert_astr, const char *manager);
50 int check_ipaddr(const ASN1_STRING *cert_astr, const char *manager);
51 int label_array(const char *domain_name, label result[DNS_MAX_LABELS]);
52 int label_valid(const label *label);
53 int label_match(const label *label1, const label *label2);
54 char *asn1_to_cstr(ASN1_STRING *astr);
56 #endif /* LIBOPENSSL_ENABLED */
57 #endif /* _CHECK_CERT_H */