Fix CVE-2016-1531
[exim.git] / src / src / danessl.h
1 #ifndef HEADER_SSL_DANE_H
2 #define HEADER_SSL_DANE_H
3
4 #include <stdint.h>
5 #include <openssl/ssl.h>
6
7 /*-
8  * Certificate usages:
9  * https://tools.ietf.org/html/rfc6698#section-2.1.1
10  */
11 #define SSL_DANE_USAGE_LIMIT_ISSUER     0
12 #define SSL_DANE_USAGE_LIMIT_LEAF       1
13 #define SSL_DANE_USAGE_TRUSTED_CA       2
14 #define SSL_DANE_USAGE_FIXED_LEAF       3
15 #define SSL_DANE_USAGE_LAST             SSL_DANE_USAGE_FIXED_LEAF
16
17 /*-
18  * Selectors:
19  * https://tools.ietf.org/html/rfc6698#section-2.1.2
20  */
21 #define SSL_DANE_SELECTOR_CERT          0
22 #define SSL_DANE_SELECTOR_SPKI          1
23 #define SSL_DANE_SELECTOR_LAST          SSL_DANE_SELECTOR_SPKI
24
25 extern int DANESSL_library_init(void);
26 extern int DANESSL_CTX_init(SSL_CTX *);
27 extern int DANESSL_init(SSL *, const char *, const char **);
28 extern void DANESSL_cleanup(SSL *);
29 extern int DANESSL_add_tlsa(SSL *, uint8_t, uint8_t, const char *,
30                             unsigned const char *, size_t);
31 #endif