aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tlsv1_client_i.h
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-12-13 21:11:32 (GMT)
committerJouni Malinen <j@w1.fi>2015-12-14 13:49:01 (GMT)
commitd560288a44109085d680259b4e1561d68b44bafd (patch)
treec0dec49b075b3e226a4143c8478a95850cf887e2 /src/tls/tlsv1_client_i.h
parenteeba1684532f95a9d1f2b4a6379cf77b9a924df7 (diff)
downloadhostap-d560288a44109085d680259b4e1561d68b44bafd.zip
hostap-d560288a44109085d680259b4e1561d68b44bafd.tar.gz
hostap-d560288a44109085d680259b4e1561d68b44bafd.tar.bz2
TLS: Parse CertificateStatus message
This allows the internal TLS client implementation to accept CertificateStatus message from the server when trying to use OCSP stapling. The actual OCSPResponse is not yet processed in this commit, but the CertificateStatus message is accepted to allow the TLS handshake to continue. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/tls/tlsv1_client_i.h')
-rw-r--r--src/tls/tlsv1_client_i.h10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/tls/tlsv1_client_i.h b/src/tls/tlsv1_client_i.h
index 6c4dbc7..12ec8df 100644
--- a/src/tls/tlsv1_client_i.h
+++ b/src/tls/tlsv1_client_i.h
@@ -36,6 +36,7 @@ struct tlsv1_client {
unsigned int session_ticket_included:1;
unsigned int use_session_ticket:1;
unsigned int cert_in_cb:1;
+ unsigned int ocsp_resp_received:1;
struct crypto_public_key *server_rsa_key;
@@ -70,6 +71,8 @@ struct tlsv1_client {
void (*event_cb)(void *ctx, enum tls_event ev,
union tls_event_data *data);
void *cb_ctx;
+
+ struct x509_certificate *server_cert;
};
@@ -87,4 +90,11 @@ int tlsv1_client_process_handshake(struct tlsv1_client *conn, u8 ct,
const u8 *buf, size_t *len,
u8 **out_data, size_t *out_len);
+enum tls_ocsp_result {
+ TLS_OCSP_NO_RESPONSE, TLS_OCSP_INVALID, TLS_OCSP_GOOD, TLS_OCSP_REVOKED
+};
+
+enum tls_ocsp_result tls_process_ocsp_response(struct tlsv1_client *conn,
+ const u8 *resp, size_t len);
+
#endif /* TLSV1_CLIENT_I_H */