Mercurial > trustbridge > nss-cmake-static
comparison nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h @ 0:1e5118fa0cb1
This is NSS with a Cmake Buildsyste
To compile a static NSS library for Windows we've used the
Chromium-NSS fork and added a Cmake buildsystem to compile
it statically for Windows. See README.chromium for chromium
changes and README.trustbridge for our modifications.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 28 Jul 2014 10:47:06 +0200 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:1e5118fa0cb1 |
---|---|
1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
4 /* | |
5 * pkix_revocationchecker.h | |
6 * | |
7 * RevocationChecker Object Type Definition | |
8 * | |
9 */ | |
10 | |
11 #ifndef _PKIX_REVOCATIONCHECKER_H | |
12 #define _PKIX_REVOCATIONCHECKER_H | |
13 | |
14 #include "pkixt.h" | |
15 | |
16 #ifdef __cplusplus | |
17 extern "C" { | |
18 #endif | |
19 | |
20 /* NOTE: nbio logistic removed. Will be replaced later. */ | |
21 | |
22 /* | |
23 * All Flags are prefixed by CERT_REV_M_, where _M_ indicates | |
24 * this is a method dependent flag. | |
25 */ | |
26 | |
27 /* | |
28 * Whether or not to use a method for revocation testing. | |
29 * If set to "do not test", then all other flags are ignored. | |
30 */ | |
31 #define PKIX_REV_M_DO_NOT_TEST_USING_THIS_METHOD 0x00L | |
32 #define PKIX_REV_M_TEST_USING_THIS_METHOD 0x01L | |
33 | |
34 /* | |
35 * Whether or not NSS is allowed to attempt to fetch fresh information | |
36 * from the network. | |
37 * (Although fetching will never happen if fresh information for the | |
38 * method is already locally available.) | |
39 */ | |
40 #define PKIX_REV_M_ALLOW_NETWORK_FETCHING 0x00L | |
41 #define PKIX_REV_M_FORBID_NETWORK_FETCHING 0x02L | |
42 | |
43 /* | |
44 * Example for an implicit default source: | |
45 * The globally configured default OCSP responder. | |
46 * IGNORE means: | |
47 * ignore the implicit default source, whether it's configured or not. | |
48 * ALLOW means: | |
49 * if an implicit default source is configured, | |
50 * then it overrides any available or missing source in the cert. | |
51 * if no implicit default source is configured, | |
52 * then we continue to use what's available (or not available) | |
53 * in the certs. | |
54 */ | |
55 #define PKIX_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE 0x00L | |
56 #define PKIX_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE 0x04L /* OCSP only */ | |
57 | |
58 /* | |
59 * Defines the behavior if no fresh information is available, | |
60 * fetching from the network is allowed, but the source of revocation | |
61 * information is unknown (even after considering implicit sources, | |
62 * if allowed by other flags). | |
63 * SKIPT_TEST means: | |
64 * We ignore that no fresh information is available and | |
65 * skip this test. | |
66 * REQUIRE_INFO means: | |
67 * We still require that fresh information is available. | |
68 * Other flags define what happens on missing fresh info. | |
69 */ | |
70 | |
71 #define PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE 0x00L | |
72 #define PKIX_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE 0x08L | |
73 | |
74 /* | |
75 * Defines the behavior if we are unable to obtain fresh information. | |
76 * INGORE means: | |
77 * Return "cert status unknown" | |
78 * FAIL means: | |
79 * Return "cert revoked". | |
80 */ | |
81 | |
82 #define PKIX_REV_M_IGNORE_MISSING_FRESH_INFO 0x00L | |
83 #define PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO 0x10L | |
84 | |
85 /* | |
86 * What should happen if we were able to find fresh information using | |
87 * this method, and the data indicated the cert is good? | |
88 * STOP_TESTING means: | |
89 * Our success is sufficient, do not continue testing | |
90 * other methods. | |
91 * CONTINUE_TESTING means: | |
92 * We will continue and test the next allowed | |
93 * specified method. | |
94 */ | |
95 | |
96 #define PKIX_REV_M_STOP_TESTING_ON_FRESH_INFO 0x00L | |
97 #define PKIX_REV_M_CONTINUE_TESTING_ON_FRESH_INFO 0x20L | |
98 | |
99 /* | |
100 * All Flags are prefixed by PKIX_REV_MI_, where _MI_ indicates | |
101 * this is a method independent flag. | |
102 */ | |
103 | |
104 /* | |
105 * This defines the order to checking. | |
106 * EACH_METHOD_SEPARATELY means: | |
107 * Do all tests related to a particular allowed method | |
108 * (both local information and network fetching) in a single step. | |
109 * Only after testing for a particular method is done, | |
110 * then switching to the next method will happen. | |
111 * ALL_LOCAL_INFORMATION_FIRST means: | |
112 * Start by testing the information for all allowed methods | |
113 * which are already locally available. Only after that is done | |
114 * consider to fetch from the network (as allowed by other flags). | |
115 */ | |
116 #define PKIX_REV_MI_TEST_EACH_METHOD_SEPARATELY 0x00L | |
117 #define PKIX_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST 0x01L | |
118 | |
119 /* | |
120 * Use this flag to specify that it's necessary that fresh information | |
121 * is available for at least one of the allowed methods, but it's | |
122 * irrelevant which of the mechanisms succeeded. | |
123 * NO_OVERALL_INFO_REQUIREMENT means: | |
124 * We strictly follow the requirements for each individual method. | |
125 * REQUIRE_SOME_FRESH_INFO_AVAILABLE means: | |
126 * After the individual tests have been executed, we must have | |
127 * been able to find fresh information using at least one method. | |
128 * If we were unable to find fresh info, it's a failure. | |
129 */ | |
130 #define PKIX_REV_MI_NO_OVERALL_INFO_REQUIREMENT 0x00L | |
131 #define PKIX_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE 0x02L | |
132 | |
133 /* Defines check time for the cert, revocation methods lists and | |
134 * flags for leaf and chain certs revocation tests. */ | |
135 struct PKIX_RevocationCheckerStruct { | |
136 PKIX_List *leafMethodList; | |
137 PKIX_List *chainMethodList; | |
138 PKIX_UInt32 leafMethodListFlags; | |
139 PKIX_UInt32 chainMethodListFlags; | |
140 }; | |
141 | |
142 /* see source file for function documentation */ | |
143 | |
144 PKIX_Error *pkix_RevocationChecker_RegisterSelf(void *plContext); | |
145 | |
146 #ifdef __cplusplus | |
147 } | |
148 #endif | |
149 | |
150 #endif /* _PKIX_REVOCATIONCHECKER_H */ |