1/*
2 * Copyright (c) 2009 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 *
23 */
24
25#ifndef HEADER_X509_H
26#include <openssl/x509.h>
27#endif
28
29#ifndef HEADER_X509_VFY_APPLE_H
30#define HEADER_X509_VFY_APPLE_H
31
32/* Environment variable name to disable TEA. */
33#define X509_TEA_ENV_DISABLE "OPENSSL_X509_TEA_DISABLE"
34
35/*
36 * X509_verify_cert
37 *
38 * Originally located in x509_vfy.c.
39 *
40 * Verify certificate with OpenSSL created X509_verify_cert. If and only if
41 * OpenSSL cannot get certificate issuer locally then OS X security API will
42 * verify the certificate, using Trust Evaluation Agent.
43 *
44 * Return values:
45 * --------------
46 * -1: Null was passed for either ctx or ctx->cert.
47 *  0: Certificate is trusted.
48 *  1: Certificate is not trusted.
49 */
50int X509_verify_cert(X509_STORE_CTX *ctx);
51
52/*
53 * X509_TEA_is_enabled
54 *
55 * Is the Trust Evaluation Agent (TEA) used for certificate verification when
56 * the issuer cannot be verified.
57 *
58 * Returns 0 if TEA is disabled and 1 if TEA is enabled.
59 */
60int X509_TEA_is_enabled();
61
62/*
63 * X509_TEA_set_state
64 *
65 * Enables/disables certificate verification with Trust Evaluation Agent (TEA)
66 * when the issuer cannot be verified.
67 *
68 * Pass 0 to disable TEA and non-zero to enable TEA.
69 */
70void X509_TEA_set_state(int change);
71
72int X509_verify_cert_orig(X509_STORE_CTX *ctx);
73
74#endif /* HEADER_X509_VFY_APPLE_H */
75