X-Git-Url: https://vcs.fsf.org/?p=exim.git;a=blobdiff_plain;f=src%2Fsrc%2Fdanessl.h;h=1d6439e2f3482862ec6831f2dfbfa270077b6f88;hp=5b1584da246cf3cdc0206ba215b420c1943cc8f0;hb=1f0be89381a057aaaaa4ecd4890d4597b7f6ce80;hpb=a1bccd48f3956b50a13a34f5aed4b72c658c61af

diff --git a/src/src/danessl.h b/src/src/danessl.h
index 5b1584da2..1d6439e2f 100644
--- a/src/src/danessl.h
+++ b/src/src/danessl.h
@@ -1,5 +1,9 @@
-#ifndef HEADER_SSL_DANE_H
-#define HEADER_SSL_DANE_H
+/*
+ *  Author: Viktor Dukhovni
+ *  License: THIS CODE IS IN THE PUBLIC DOMAIN.
+ */
+#ifndef HEADER_DANESSL_H
+#define HEADER_DANESSL_H
 
 #include <stdint.h>
 #include <openssl/ssl.h>
@@ -8,24 +12,36 @@
  * Certificate usages:
  * https://tools.ietf.org/html/rfc6698#section-2.1.1
  */
-#define SSL_DANE_USAGE_LIMIT_ISSUER     0
-#define SSL_DANE_USAGE_LIMIT_LEAF       1
-#define SSL_DANE_USAGE_TRUSTED_CA       2
-#define SSL_DANE_USAGE_FIXED_LEAF       3
-#define SSL_DANE_USAGE_LAST             SSL_DANE_USAGE_FIXED_LEAF
+#define DANESSL_USAGE_PKIX_TA	0
+#define DANESSL_USAGE_PKIX_EE	1
+#define DANESSL_USAGE_DANE_TA	2
+#define DANESSL_USAGE_DANE_EE	3
+#define DANESSL_USAGE_LAST		DANESSL_USAGE_DANE_EE
 
 /*-
  * Selectors:
  * https://tools.ietf.org/html/rfc6698#section-2.1.2
  */
-#define SSL_DANE_SELECTOR_CERT          0
-#define SSL_DANE_SELECTOR_SPKI          1
-#define SSL_DANE_SELECTOR_LAST          SSL_DANE_SELECTOR_SPKI
+#define DANESSL_SELECTOR_CERT		0
+#define DANESSL_SELECTOR_SPKI		1
+#define DANESSL_SELECTOR_LAST		DANESSL_SELECTOR_SPKI
+
+/*-
+ * Matching types:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.3
+ */
+#define DANESSL_MATCHING_FULL		0
+#define DANESSL_MATCHING_2256		1
+#define DANESSL_MATCHING_2512		2
+#define DANESSL_MATCHING_LAST		DANESSL_MATCHING_2512
 
 extern int DANESSL_library_init(void);
 extern int DANESSL_CTX_init(SSL_CTX *);
 extern int DANESSL_init(SSL *, const char *, const char **);
 extern void DANESSL_cleanup(SSL *);
 extern int DANESSL_add_tlsa(SSL *, uint8_t, uint8_t, const char *,
-                            unsigned const char *, size_t);
+			    unsigned const char *, size_t);
+extern int DANESSL_get_match_cert(SSL *, X509 **, const char **, int *);
+extern int DANESSL_verify_chain(SSL *, STACK_OF(X509) *);
+
 #endif