1/* 2 * Copyright (c) 2009 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 * 23 */ 24 25#ifndef HEADER_X509_H 26#include <openssl/x509.h> 27#endif 28 29#ifndef HEADER_X509_VFY_APPLE_H 30#define HEADER_X509_VFY_APPLE_H 31 32/* Environment variable name to disable TEA. */ 33#define X509_TEA_ENV_DISABLE "OPENSSL_X509_TEA_DISABLE" 34 35/* 36 * X509_verify_cert 37 * 38 * Originally located in x509_vfy.c. 39 * 40 * Verify certificate with OpenSSL created X509_verify_cert. If and only if 41 * OpenSSL cannot get certificate issuer locally then OS X security API will 42 * verify the certificate, using Trust Evaluation Agent. 43 * 44 * Return values: 45 * -------------- 46 * -1: Null was passed for either ctx or ctx->cert. 47 * 0: Certificate is trusted. 48 * 1: Certificate is not trusted. 49 */ 50int X509_verify_cert(X509_STORE_CTX *ctx); 51 52/* 53 * X509_TEA_is_enabled 54 * 55 * Is the Trust Evaluation Agent (TEA) used for certificate verification when 56 * the issuer cannot be verified. 57 * 58 * Returns 0 if TEA is disabled and 1 if TEA is enabled. 59 */ 60int X509_TEA_is_enabled(); 61 62/* 63 * X509_TEA_set_state 64 * 65 * Enables/disables certificate verification with Trust Evaluation Agent (TEA) 66 * when the issuer cannot be verified. 67 * 68 * Pass 0 to disable TEA and non-zero to enable TEA. 69 */ 70void X509_TEA_set_state(int change); 71 72int X509_verify_cert_orig(X509_STORE_CTX *ctx); 73 74#endif /* HEADER_X509_VFY_APPLE_H */ 75