Callback Functions(3)
NAME
Callback Functions
- Functions that plug into various plug points in the OpenSSL path
validation mechanism. - Typedefs
- typedef int(* globus_gsi_extension_callback_t
)(globus_gsi_callback_data_t callback_data, X509_EXTENSION *extension)
- Get callback data index from X509_STORE
- globus_result_t globus_gsi_callback_get_X509_STORE_callback_data_index
(int *index)
- Get callback data index from SSL structure
- globus_result_t globus_gsi_callback_get_SSL_callback_data_index (int
*index)
- Certificate verify wrapper
- int globus_gsi_callback_X509_verify_cert (X509_STORE_CTX *context, void
*arg)
- Independent path validation callback.
- int globus_gsi_callback_create_proxy_callback (int preverify_ok,
X509_STORE_CTX *x509_context)
- SSL path validation callback.
- int globus_gsi_callback_handshake_callback (int preverify_ok,
X509_STORE_CTX *x509_context)
- OpenSSL X509_check_issued() wrapper
- int globus_gsi_callback_check_issued (X509_STORE_CTX *context, X509
*cert, X509 *issuer)
Detailed Description
Functions that plug into various plug points in the OpenSSL path
validation mechanism.
These functions add CRL checking, X509 Extension handling and proxy
validation.
Typedef Documentation
- typedef int(* globus_gsi_extension_callback_t)(globus_gsi_callback_data_t
- callback_data, X509_EXTENSION *extension)
Typedef for a callback that may be registered for dealing with
unhandled X.509 extension.
Function Documentation
- globus_result_t globus_gsi_callback_get_X509_STORE_callback_data_index (int
- * index)
Retrieve or create the index for our callback data structure in the
X509_STORE. Parameters:index Will contain the index upon return - Returns:
GLOBUS_SUCCESS unless an error occurred, in which case, a globus
error object ID is returned - globus_result_t globus_gsi_callback_get_SSL_callback_data_index (int *
- index)
Retrieve or create the index for our callback data structure in the SSL structure. Parameters:index Will contain the index upon return - Returns:
GLOBUS_SUCCESS unless an error occurred, in which case, a globus
error object ID is returned - int globus_gsi_callback_X509_verify_cert (X509_STORE_CTX * context, void *
- arg)
This function wraps the OpenSSL certificate verification callback for
the purpose of a replacing the standard issuer check with one that
deals with proxy certificates. Should be used with
SSL_CTX_set_cert_verify_callback() - Parameters:
context The X509_STORE_CTX for which to register the callback. arg Arguments to the callback. Currently ignored.
- Returns:
1 on success 0 on failure
- int globus_gsi_callback_create_proxy_callback (int preverify_ok,
- X509_STORE_CTX * x509_context)
This function provides a path validation callback for validation
outside of a SSL session. It should be used in
X509_STORE_set_verify_cb_func(). - Parameters:
preverify_ok Communicates the result of default validation steps performed by OpenSSL
x509_context The validation state object - Returns:
1 on success 0 on failure
- int globus_gsi_callback_handshake_callback (int preverify_ok,
- X509_STORE_CTX * x509_context)
This function provides a path validation callback for the validation
part of establishing a SSL session. It handles proxy certificates, X509 Extensions and CRL checking. It should be used in SSL_CTX_set_verify(). - Parameters:
preverify_ok Communicates the result of default validation steps performed by OpenSSL
x509_context The validation state object. - Returns:
1 on success 0 on failure
- int globus_gsi_callback_check_issued (X509_STORE_CTX * context, X509 *
- cert, X509 * issuer)
This function wraps the OpenSSL X509_check_issued() call and catches
the error caused by the fact that a proxy certificate issuer may not
have to have the correct KeyUsage fields set. Parameters:context The validation state object.
cert The certificate to check
issuer The issuer certificate to check - Returns:
1 on success 0 on failure
Author
- Generated automatically by Doxygen for globus gsi callback from the
source code.