aboutsummaryrefslogtreecommitdiffstats
path: root/server/resty/openssl/include/x509v3.lua
diff options
context:
space:
mode:
Diffstat (limited to 'server/resty/openssl/include/x509v3.lua')
-rw-r--r--server/resty/openssl/include/x509v3.lua108
1 files changed, 108 insertions, 0 deletions
diff --git a/server/resty/openssl/include/x509v3.lua b/server/resty/openssl/include/x509v3.lua
new file mode 100644
index 0000000..6882c6e
--- /dev/null
+++ b/server/resty/openssl/include/x509v3.lua
@@ -0,0 +1,108 @@
+local ffi = require "ffi"
+
+require "resty.openssl.include.ossl_typ"
+require "resty.openssl.include.stack"
+local asn1_macro = require "resty.openssl.include.asn1"
+
+ffi.cdef [[
+ // STACK_OF(OPENSSL_STRING)
+ OPENSSL_STACK *X509_get1_ocsp(X509 *x);
+ void X509_email_free(OPENSSL_STACK *sk);
+ void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
+
+ typedef struct EDIPartyName_st EDIPARTYNAME;
+
+ typedef struct otherName_st OTHERNAME;
+
+ typedef struct GENERAL_NAME_st {
+ int type;
+ union {
+ char *ptr;
+ OTHERNAME *otherName; /* otherName */
+ ASN1_IA5STRING *rfc822Name;
+ ASN1_IA5STRING *dNSName;
+ ASN1_TYPE *x400Address;
+ X509_NAME *directoryName;
+ EDIPARTYNAME *ediPartyName;
+ ASN1_IA5STRING *uniformResourceIdentifier;
+ ASN1_OCTET_STRING *iPAddress;
+ ASN1_OBJECT *registeredID;
+ /* Old names */
+ ASN1_OCTET_STRING *ip; /* iPAddress */
+ X509_NAME *dirn; /* dirn */
+ ASN1_IA5STRING *ia5; /* rfc822Name, dNSName,
+ * uniformResourceIdentifier */
+ ASN1_OBJECT *rid; /* registeredID */
+ ASN1_TYPE *other; /* x400Address */
+ } d;
+ } GENERAL_NAME;
+
+ // STACK_OF(GENERAL_NAME)
+ typedef struct stack_st GENERAL_NAMES;
+
+ // STACK_OF(X509_EXTENSION)
+ int X509V3_add1_i2d(OPENSSL_STACK **x, int nid, void *value,
+ int crit, unsigned long flags);
+ void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+ int indent);
+
+ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+ unsigned long flags);
+ // although the struct has plural form, it's not a stack
+ typedef struct BASIC_CONSTRAINTS_st {
+ int ca;
+ ASN1_INTEGER *pathlen;
+ } BASIC_CONSTRAINTS;
+
+ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+ X509_REQ *req, X509_CRL *crl, int flags);
+
+ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ const char *value);
+ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+ const char *value);
+ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+ int indent);
+
+ void *X509V3_get_d2i(const OPENSSL_STACK *x, int nid, int *crit, int *idx);
+
+ int X509v3_get_ext_by_NID(const OPENSSL_STACK *x,
+ int nid, int lastpos);
+
+ X509_EXTENSION *X509v3_get_ext(const OPENSSL_STACK *x, int loc);
+
+ // STACK_OF(ACCESS_DESCRIPTION)
+ typedef struct stack_st AUTHORITY_INFO_ACCESS;
+
+ typedef struct ACCESS_DESCRIPTION_st {
+ ASN1_OBJECT *method;
+ GENERAL_NAME *location;
+ } ACCESS_DESCRIPTION;
+
+ typedef struct DIST_POINT_NAME_st {
+ int type;
+ union {
+ GENERAL_NAMES *fullname;
+ // STACK_OF(X509_NAME_ENTRY)
+ OPENSSL_STACK *relativename;
+ } name;
+ /* If relativename then this contains the full distribution point name */
+ X509_NAME *dpname;
+ } DIST_POINT_NAME;
+
+ typedef struct DIST_POINT_st {
+ DIST_POINT_NAME *distpoint;
+ ASN1_BIT_STRING *reasons;
+ GENERAL_NAMES *CRLissuer;
+ int dp_reasons;
+ } DIST_POINT;
+
+]]
+
+asn1_macro.declare_asn1_functions("GENERAL_NAME")
+asn1_macro.declare_asn1_functions("BASIC_CONSTRAINTS")
+asn1_macro.declare_asn1_functions("AUTHORITY_INFO_ACCESS") -- OCSP responder and CA
+asn1_macro.declare_asn1_functions("ACCESS_DESCRIPTION")
+asn1_macro.declare_asn1_functions("DIST_POINT") -- CRL distribution points