OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved. |
| 3 * |
| 4 * @APPLE_LICENSE_HEADER_START@ |
| 5 * |
| 6 * This file contains Original Code and/or Modifications of Original Code |
| 7 * as defined in and that are subject to the Apple Public Source License |
| 8 * Version 2.0 (the 'License'). You may not use this file except in |
| 9 * compliance with the License. Please obtain a copy of the License at |
| 10 * http://www.opensource.apple.com/apsl/ and read it before using this |
| 11 * file. |
| 12 * |
| 13 * The Original Code and all software distributed under the License are |
| 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER |
| 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
| 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, |
| 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
| 18 * Please see the License for the specific language governing rights and |
| 19 * limitations under the License. |
| 20 * |
| 21 * @APPLE_LICENSE_HEADER_END@ |
| 22 * |
| 23 * cssmapplePriv.h -- Private CSSM features specific to Apple's Implementation |
| 24 */ |
| 25 |
| 26 /* Though this is a private header, it is the recommended means by Apple for |
| 27 * configuring OCSP options, as the required structures that are documented |
| 28 * as part of their public API, at: |
| 29 * http://developer.apple.com/documentation/Security/Reference/SecAppleTrustPoli
cyModuleSpec/Apple_Trust_Policy_Module_Functional_Specification.pdf |
| 30 * See also http://lists.apple.com/archives/apple-cdsa/2008/Aug/msg00008.html |
| 31 */ |
| 32 |
| 33 #ifndef _CSSMAPPLE_PRIV_H_ |
| 34 #define _CSSMAPPLE_PRIV_H_ 1 |
| 35 |
| 36 #include <Security/cssmtype.h> |
| 37 #include <Security/cssmapple.h> |
| 38 |
| 39 #ifdef __cplusplus |
| 40 extern "C" { |
| 41 #endif |
| 42 |
| 43 /* |
| 44 * Options for X509TP's CSSM_TP_CertGroupVerify for policy |
| 45 * CSSMOID_APPLE_TP_REVOCATION_OCSP. A pointer to, and length of, one |
| 46 * of these is optionally placed in |
| 47 * CSSM_TP_VERIFY_CONTEXT.Cred->Policy.PolicyIds[n].FieldValue. |
| 48 */ |
| 49 |
| 50 #define CSSM_APPLE_TP_OCSP_OPTS_VERSION 0 |
| 51 |
| 52 typedef uint32 CSSM_APPLE_TP_OCSP_OPT_FLAGS; |
| 53 enum { |
| 54 // require OCSP verification for each cert; default is "try" |
| 55 CSSM_TP_ACTION_OCSP_REQUIRE_PER_CERT = 0x00000001, |
| 56 // require OCSP verification for certs which claim an OCSP responder |
| 57 CSSM_TP_ACTION_OCSP_REQUIRE_IF_RESP_PRESENT = 0x00000002, |
| 58 // disable network OCSP transactions |
| 59 CSSM_TP_ACTION_OCSP_DISABLE_NET = 0x0000
0004, |
| 60 // disable reads from local OCSP cache |
| 61 CSSM_TP_ACTION_OCSP_CACHE_READ_DISABLE = 0x00000008, |
| 62 // disable reads from local OCSP cache |
| 63 CSSM_TP_ACTION_OCSP_CACHE_WRITE_DISABLE = 0x00000010, |
| 64 // if set and positive OCSP verify for given cert, no further revocation |
| 65 // checking need be done on that cert |
| 66 CSSM_TP_ACTION_OCSP_SUFFICIENT = 0x0000
0020, |
| 67 // generate nonce in OCSP request |
| 68 CSSM_TP_OCSP_GEN_NONCE
= 0x00000040, |
| 69 // when generating nonce, require matching nonce in response |
| 70 CSSM_TP_OCSP_REQUIRE_RESP_NONCE = 0x0000
0080 |
| 71 }; |
| 72 |
| 73 typedef struct { |
| 74 uint32 Version; |
| 75 CSSM_APPLE_TP_OCSP_OPT_FLAGS Flags; |
| 76 CSSM_DATA_PTR LocalResponder;
/* URI */ |
| 77 CSSM_DATA_PTR LocalResponderCert;
/* X509 DER encoded cert */ |
| 78 } CSSM_APPLE_TP_OCSP_OPTIONS; |
| 79 |
| 80 #ifdef __cplusplus |
| 81 } |
| 82 #endif |
| 83 |
| 84 #endif /* _CSSMAPPLE_PRIV_H_ */ |
OLD | NEW |