summaryrefslogtreecommitdiff
path: root/include/netsurf/ssl_certs.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/netsurf/ssl_certs.h')
-rw-r--r--include/netsurf/ssl_certs.h145
1 files changed, 145 insertions, 0 deletions
diff --git a/include/netsurf/ssl_certs.h b/include/netsurf/ssl_certs.h
new file mode 100644
index 000000000..05ff13161
--- /dev/null
+++ b/include/netsurf/ssl_certs.h
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2019 Daniel Silverstone <dsilvers@netsurf-browser.org>
+ *
+ * This file is part of NetSurf, http://www.netsurf-browser.org/
+ *
+ * NetSurf is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * NetSurf is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * \file
+ *
+ * SSL related types and values
+ */
+
+#ifndef NETSURF_SSL_CERTS_H_
+#define NETSURF_SSL_CERTS_H_
+
+struct nsurl;
+
+/**
+ * ssl certificate error status
+ *
+ * Do not reorder / remove entries because these may be persisted to the disk
+ * cache as simple ints.
+ */
+typedef enum {
+ SSL_CERT_ERR_OK, /**< Nothing wrong with this certificate */
+ SSL_CERT_ERR_UNKNOWN, /**< Unknown error */
+ SSL_CERT_ERR_BAD_ISSUER, /**< Bad issuer */
+ SSL_CERT_ERR_BAD_SIG, /**< Bad signature on this certificate */
+ SSL_CERT_ERR_TOO_YOUNG, /**< This certificate is not yet valid */
+ SSL_CERT_ERR_TOO_OLD, /**< This certificate is no longer valid */
+ SSL_CERT_ERR_SELF_SIGNED, /**< This certificate (or the chain) is self signed */
+ SSL_CERT_ERR_CHAIN_SELF_SIGNED, /**< This certificate chain is self signed */
+ SSL_CERT_ERR_REVOKED, /**< This certificate has been revoked */
+ SSL_CERT_ERR_HOSTNAME_MISMATCH, /**< This certificate host did not match the server */
+ SSL_CERT_ERR_CERT_MISSING, /**< This certificate was missing from the chain, its data is useless */
+} ssl_cert_err;
+
+/** Always the max known ssl certificate error type */
+#define SSL_CERT_ERR_MAX_KNOWN SSL_CERT_ERR_HOSTNAME_MISMATCH
+
+/** maximum number of X509 certificates in chain for TLS connection */
+#define MAX_CERT_DEPTH 10
+
+/**
+ * X509 certificate chain
+ */
+struct cert_chain {
+ /**
+ * the number of certificates in the chain
+ * */
+ size_t depth;
+ struct {
+ /**
+ * Whatever is wrong with this certificate
+ */
+ ssl_cert_err err;
+
+ /**
+ * data in Distinguished Encoding Rules (DER) format
+ */
+ uint8_t *der;
+
+ /**
+ * DER length
+ */
+ size_t der_length;
+ } certs[MAX_CERT_DEPTH];
+};
+
+/**
+ * create new certificate chain
+ *
+ * \param dpth the depth to set in the new chain.
+ * \param chain_out A pointer to recive the new chain.
+ * \return NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion
+ */
+nserror cert_chain_alloc(size_t depth, struct cert_chain **chain_out);
+
+/**
+ * duplicate a certificate chain into an existing chain
+ *
+ * \param src The certificate chain to copy from
+ * \param dst The chain to overwrite with a copy of src
+ * \return NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion
+ *
+ * NOTE: if this returns NSERROR_NOMEM then the destination chain will have
+ * some amount of content and should be cleaned up with cert_chain_free.
+ */
+nserror cert_chain_dup_into(const struct cert_chain *src, struct cert_chain *dst);
+
+/**
+ * duplicate a certificate chain
+ *
+ * \param src The certificate chain to copy from
+ * \param dst_out A pointer to recive the duplicated chain
+ * \return NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion
+ */
+nserror cert_chain_dup(const struct cert_chain *src, struct cert_chain **dst_out);
+
+/**
+ * create a certificate chain from a fetch query string
+ *
+ * \param url The url to convert the query from
+ * \param dst_out A pointer to recive the duplicated chain
+ * \return NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion
+ */
+nserror cert_chain_from_query(struct nsurl *url, struct cert_chain **chain_out);
+
+/**
+ * create a fetch query string from a certificate chain
+ *
+ *
+ * \return NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion
+ */
+nserror cert_chain_to_query(struct cert_chain *chain, struct nsurl **url_out);
+
+/**
+ * free a certificate chain
+ *
+ * \param chain The certificate chain to free
+ * \return NSERROR_OK on success
+ */
+nserror cert_chain_free(struct cert_chain *chain);
+
+/**
+ * total number of data bytes in a chain
+ *
+ * \param chain The chain to size
+ * \return the number of bytes used by the chain
+ */
+size_t cert_chain_size(const struct cert_chain *chain);
+
+#endif /* NETSURF_SSL_CERTS_H_ */
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-01 10:20:48 +0000