diff options
| author | Werner Koch <wk@gnupg.org> | 2017-02-17 14:19:15 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2017-02-17 16:41:02 +0100 |
| commit | ed99af030d19305dd7cd41c41ac581306cb91fd5 (patch) | |
| tree | 1d40ffa277dd943b292399bc856a09b7898c82fd /dirmngr/validate.h | |
| parent | agent: No cards is not an error. (diff) | |
| download | gnupg2-ed99af030d19305dd7cd41c41ac581306cb91fd5.tar.xz gnupg2-ed99af030d19305dd7cd41c41ac581306cb91fd5.zip | |
dirmngr: Remove use of hardcoded numbers in validate.
* dirmngr/validate.c (enum cert_usage_modes): New.
(cert_usage_p): Change type of arg MODE. Use enums instead of
hardwired values. Use a switch instead of tricky bit tests.
(cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust.
* dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage.
(cert_use_cert_p): Rename to check_cert_use_cert.
(cert_use_ocsp_p): Rename to check_cert_use_ocsp.
(cert_use_crl_p): Rename to check_cert_use_crl.
* dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New.
(VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New.
--
A function with a "_p" suffix return 0 for a True just looks weird.
We now use names which better indicate that an error code is returned.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to '')
| -rw-r--r-- | dirmngr/validate.h | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/dirmngr/validate.h b/dirmngr/validate.h index 0d9283c04..376d99d60 100644 --- a/dirmngr/validate.h +++ b/dirmngr/validate.h @@ -25,13 +25,27 @@ enum { /* Simple certificate validation mode. */ VALIDATE_MODE_CERT = 0, + + /* Same as MODE_CERT but using the system provided root + * certificates. */ + VALIDATE_MODE_CERT_SYSTRUST, + + /* Same as MODE_CERT but uses a provided list of certificates. */ + VALIDATE_MODE_TLS, + + /* Same as MODE_TLS but using the system provided root + * certificates. */ + VALIDATE_MODE_TLS_SYSTRUST, + /* Standard CRL issuer certificate validation; i.e. CRLs are not considered for CRL issuer certificates. */ - VALIDATE_MODE_CRL = 1, + VALIDATE_MODE_CRL, + /* Full CRL validation. */ - VALIDATE_MODE_CRL_RECURSIVE = 2, + VALIDATE_MODE_CRL_RECURSIVE, + /* Validation as used for OCSP. */ - VALIDATE_MODE_OCSP = 3 + VALIDATE_MODE_OCSP }; @@ -42,14 +56,14 @@ gpg_error_t validate_cert_chain (ctrl_t ctrl, int mode, char **r_trust_anchor); /* Return 0 if the certificate CERT is usable for certification. */ -gpg_error_t cert_use_cert_p (ksba_cert_t cert); +gpg_error_t check_cert_use_cert (ksba_cert_t cert); /* Return 0 if the certificate CERT is usable for signing OCSP responses. */ -gpg_error_t cert_use_ocsp_p (ksba_cert_t cert); +gpg_error_t check_cert_use_ocsp (ksba_cert_t cert); /* Return 0 if the certificate CERT is usable for signing CRLs. */ -gpg_error_t cert_use_crl_p (ksba_cert_t cert); +gpg_error_t check_cert_use_crl (ksba_cert_t cert); #endif /*VALIDATE_H*/ |