NetSurf
Data Structures | Macros | Enumerations | Functions
ssl_certs.h File Reference

SSL related types and values. More...

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  cert_chain
 X509 certificate chain. More...
 

Macros

#define SSL_CERT_ERR_MAX_KNOWN   SSL_CERT_ERR_HOSTNAME_MISMATCH
 Always the max known ssl certificate error type. More...
 
#define MAX_CERT_DEPTH   10
 maximum number of X509 certificates in chain for TLS connection More...
 

Enumerations

enum  ssl_cert_err {
  SSL_CERT_ERR_OK , SSL_CERT_ERR_UNKNOWN , SSL_CERT_ERR_BAD_ISSUER , SSL_CERT_ERR_BAD_SIG ,
  SSL_CERT_ERR_TOO_YOUNG , SSL_CERT_ERR_TOO_OLD , SSL_CERT_ERR_SELF_SIGNED , SSL_CERT_ERR_CHAIN_SELF_SIGNED ,
  SSL_CERT_ERR_REVOKED , SSL_CERT_ERR_HOSTNAME_MISMATCH , SSL_CERT_ERR_CERT_MISSING
}
 ssl certificate error status More...
 

Functions

nserror cert_chain_alloc (size_t depth, struct cert_chain **chain_out)
 create new certificate chain More...
 
nserror cert_chain_dup_into (const struct cert_chain *src, struct cert_chain *dst)
 duplicate a certificate chain into an existing chain More...
 
nserror cert_chain_dup (const struct cert_chain *src, struct cert_chain **dst_out)
 duplicate a certificate chain More...
 
nserror cert_chain_from_query (struct nsurl *url, struct cert_chain **chain_out)
 create a certificate chain from a fetch query string More...
 
nserror cert_chain_to_query (struct cert_chain *chain, struct nsurl **url_out)
 create a fetch query string from a certificate chain More...
 
nserror cert_chain_free (struct cert_chain *chain)
 free a certificate chain More...
 
size_t cert_chain_size (const struct cert_chain *chain)
 total number of data bytes in a chain More...
 

Detailed Description

SSL related types and values.

Definition in file ssl_certs.h.

Macro Definition Documentation

◆ MAX_CERT_DEPTH

#define MAX_CERT_DEPTH   10

maximum number of X509 certificates in chain for TLS connection

Definition at line 54 of file ssl_certs.h.

◆ SSL_CERT_ERR_MAX_KNOWN

#define SSL_CERT_ERR_MAX_KNOWN   SSL_CERT_ERR_HOSTNAME_MISMATCH

Always the max known ssl certificate error type.

Definition at line 51 of file ssl_certs.h.

Enumeration Type Documentation

◆ ssl_cert_err

enum ssl_cert_err

ssl certificate error status

Do not reorder / remove entries because these may be persisted to the disk cache as simple ints.

Enumerator
SSL_CERT_ERR_OK 

Nothing wrong with this certificate.

SSL_CERT_ERR_UNKNOWN 

Unknown error.

SSL_CERT_ERR_BAD_ISSUER 

Bad issuer.

SSL_CERT_ERR_BAD_SIG 

Bad signature on this certificate.

SSL_CERT_ERR_TOO_YOUNG 

This certificate is not yet valid.

SSL_CERT_ERR_TOO_OLD 

This certificate is no longer valid.

SSL_CERT_ERR_SELF_SIGNED 

This certificate (or the chain) is self signed.

SSL_CERT_ERR_CHAIN_SELF_SIGNED 

This certificate chain is self signed.

SSL_CERT_ERR_REVOKED 

This certificate has been revoked.

SSL_CERT_ERR_HOSTNAME_MISMATCH 

This certificate host did not match the server.

SSL_CERT_ERR_CERT_MISSING 

This certificate was missing from the chain, its data is useless.

Definition at line 36 of file ssl_certs.h.

Function Documentation

◆ cert_chain_alloc()

nserror cert_chain_alloc ( size_t  depth,
struct cert_chain **  chain_out 
)

create new certificate chain

Parameters
dpththe depth to set in the new chain.
chain_outA pointer to recive the new chain.
Returns
NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion

Definition at line 41 of file ssl_certs.c.

References cert_chain::depth, NSERROR_NOMEM, and NSERROR_OK.

Referenced by cert_chain_dup(), cert_chain_from_query(), curl_fetch_ssl_value_alloc(), and llcache_process_metadata().

Here is the caller graph for this function:

◆ cert_chain_dup()

nserror cert_chain_dup ( const struct cert_chain src,
struct cert_chain **  dst_out 
)

duplicate a certificate chain

Parameters
srcThe certificate chain to copy from
dst_outA pointer to recive the duplicated chain
Returns
NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion

Definition at line 101 of file ssl_certs.c.

References cert_chain_alloc(), cert_chain_free(), cert_chain::certs, cert_chain::depth, cert_chain::der, cert_chain::der_length, cert_chain::err, NSERROR_NOMEM, and NSERROR_OK.

Referenced by browser_window_callback(), llcache_fetch_callback(), and llcache_object_snapshot().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ cert_chain_dup_into()

nserror cert_chain_dup_into ( const struct cert_chain src,
struct cert_chain dst 
)

duplicate a certificate chain into an existing chain

Parameters
srcThe certificate chain to copy from
dstThe chain to overwrite with a copy of src
Returns
NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion

NOTE: if this returns NSERROR_NOMEM then the destination chain will have some amount of content and should be cleaned up with cert_chain_free.

Definition at line 64 of file ssl_certs.c.

References cert_chain::certs, cert_chain::depth, cert_chain::der, cert_chain::der_length, cert_chain::err, NSERROR_NOMEM, and NSERROR_OK.

◆ cert_chain_free()

nserror cert_chain_free ( struct cert_chain chain)

free a certificate chain

Parameters
chainThe certificate chain to free
Returns
NSERROR_OK on success

Definition at line 317 of file ssl_certs.c.

References cert_chain::certs, cert_chain::depth, cert_chain::der, and NSERROR_OK.

Referenced by browser_window_callback(), browser_window_content_ready(), browser_window_destroy_internal(), cert_chain_dup(), curl_fetch_ssl_value_destroy(), llcache_fetch_callback(), llcache_object_destroy(), llcache_process_metadata(), and navigate_internal_real().

Here is the caller graph for this function:

◆ cert_chain_from_query()

nserror cert_chain_from_query ( struct nsurl url,
struct cert_chain **  chain_out 
)

create a certificate chain from a fetch query string

Parameters
urlThe url to convert the query from
dst_outA pointer to recive the duplicated chain
Returns
NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion

Definition at line 169 of file ssl_certs.c.

References cert_chain_alloc(), cert_chain::depth, MIN_CERT_LEN, NSERROR_INVALID, NSERROR_NEED_DATA, NSERROR_OK, nsurl_get(), NSURL_QUERY, and process_query_section().

Here is the call graph for this function:

◆ cert_chain_size()

size_t cert_chain_size ( const struct cert_chain chain)

total number of data bytes in a chain

Parameters
chainThe chain to size
Returns
the number of bytes used by the chain

Definition at line 340 of file ssl_certs.c.

References cert_chain::certs, cert_chain::depth, cert_chain::der, and cert_chain::der_length.

Referenced by total_object_size().

Here is the caller graph for this function:

◆ cert_chain_to_query()

nserror cert_chain_to_query ( struct cert_chain chain,
struct nsurl **  url_out 
)

create a fetch query string from a certificate chain

Returns
NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion

Definition at line 226 of file ssl_certs.c.

References cert_chain::certs, cert_chain::depth, cert_chain::der, cert_chain::der_length, cert_chain::err, NSERROR_NOMEM, NSERROR_OK, NSERROR_UNKNOWN, nsurl_create(), and SSL_CERT_ERR_OK.

Referenced by browser_window__handle_bad_certs(), and browser_window_show_certificates().

Here is the call graph for this function:
Here is the caller graph for this function:
Generated on Tue Apr 9 2024 22:33:14 for NetSurf by doxygen 1.9.4