diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2006-09-21 12:42:15 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2006-09-21 12:42:15 +0000 |
commit | 010fa0b33169cfc9179bda29c34c05af80f78e27 (patch) | |
tree | caa4ce10ab61977cce2363a0fcdb32514caba7db /crypto/asn1/asn1_locl.h | |
parent | 4ca7d975af7581473a587a59b9f8e39a69247dc0 (diff) | |
download | openssl-010fa0b33169cfc9179bda29c34c05af80f78e27.zip openssl-010fa0b33169cfc9179bda29c34c05af80f78e27.tar.gz openssl-010fa0b33169cfc9179bda29c34c05af80f78e27.tar.bz2 |
Tidy up CRL handling by checking for critical extensions when it is
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked
entry to avoid the need to access the structure directly.
Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be
redirected.
Diffstat (limited to 'crypto/asn1/asn1_locl.h')
-rw-r--r-- | crypto/asn1/asn1_locl.h | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/crypto/asn1/asn1_locl.h b/crypto/asn1/asn1_locl.h index 0996902..318e27e 100644 --- a/crypto/asn1/asn1_locl.h +++ b/crypto/asn1/asn1_locl.h @@ -113,3 +113,18 @@ struct evp_pkey_asn1_method_st int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder); } /* EVP_PKEY_ASN1_METHOD */; + +/* Method to handle CRL access. + * In general a CRL could be very large (several Mb) and can consume large + * amounts of resources if stored in memory by multiple processes. + * This method allows general CRL operations to be redirected to more + * efficient callbacks: for example a CRL entry database. + */ + +struct x509_crl_method_st + { + int (*crl_init)(X509_CRL *crl); + int (*crl_free)(X509_CRL *crl); + int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *ser); + int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk); + }; |