Provided by: libglobus-gsi-callback-doc_4.6-1_all bug

NAME

       Callback Functions -

   Typedefs
       typedef int(* globus_gsi_extension_callback_t )(globus_gsi_callback_data_t callback_data,
           X509_EXTENSION *extension)

   Get callback data index from X509_STORE
       globus_result_t globus_gsi_callback_get_X509_STORE_callback_data_index (int *index)

   Get callback data index from SSL structure
       globus_result_t globus_gsi_callback_get_SSL_callback_data_index (int *index)

   Certificate verify wrapper
       int globus_gsi_callback_X509_verify_cert (X509_STORE_CTX *context, void *arg)

   Independent path validation callback.
       int globus_gsi_callback_create_proxy_callback (int preverify_ok, X509_STORE_CTX
           *x509_context)

   SSL path validation callback.
       int globus_gsi_callback_handshake_callback (int preverify_ok, X509_STORE_CTX
           *x509_context)

   OpenSSL X509_check_issued() wrapper
       int globus_gsi_callback_check_issued (X509_STORE_CTX *context, X509 *cert, X509 *issuer)

Detailed Description

       Functions that plug into various plug points in the OpenSSL path validation mechanism.

       These functions add CRL checking, X509 Extension handling and proxy validation.

Typedef Documentation

   typedef int(* globus_gsi_extension_callback_t)(globus_gsi_callback_data_t callback_data,
       X509_EXTENSION *extension)
       Typedef for a callback that may be registered for dealing with unhandled X.509 extension.

Function Documentation

   globus_result_t globus_gsi_callback_get_X509_STORE_callback_data_index (int *index)
       Retrieve or create the index for our callback data structure in the X509_STORE.

       Parameters:
           index Will contain the index upon return

       Returns:
           GLOBUS_SUCCESS unless an error occurred, in which case, a globus error object ID is
           returned

       References GLOBUS_GSI_CALLBACK_ERROR_WITH_CALLBACK_DATA_INDEX.

   globus_result_t globus_gsi_callback_get_SSL_callback_data_index (int *index)
       Retrieve or create the index for our callback data structure in the SSL structure.

       Parameters:
           index Will contain the index upon return

       Returns:
           GLOBUS_SUCCESS unless an error occurred, in which case, a globus error object ID is
           returned

       References GLOBUS_GSI_CALLBACK_ERROR_WITH_CALLBACK_DATA_INDEX.

   int globus_gsi_callback_X509_verify_cert (X509_STORE_CTX *context, void *arg)
       This function wraps the OpenSSL certificate verification callback for the purpose of a
       replacing the standard issuer check with one that deals with proxy certificates. Should be
       used with SSL_CTX_set_cert_verify_callback()

       Parameters:
           context The X509_STORE_CTX for which to register the callback.
           arg Arguments to the callback. Currently ignored.

       Returns:
           1 on success 0 on failure

       References globus_gsi_callback_check_issued().

   int globus_gsi_callback_create_proxy_callback (intpreverify_ok, X509_STORE_CTX *x509_context)
       This function provides a path validation callback for validation outside of a SSL session.
       It should be used in X509_STORE_set_verify_cb_func().

       Parameters:
           preverify_ok Communicates the result of default validation steps performed by OpenSSL
           x509_context The validation state object

       Returns:
           1 on success 0 on failure

       References GLOBUS_GSI_CALLBACK_ERROR_VERIFY_CRED, and
       globus_gsi_callback_get_X509_STORE_callback_data_index().

   int globus_gsi_callback_handshake_callback (intpreverify_ok, X509_STORE_CTX *x509_context)
       This function provides a path validation callback for the validation part of establishing
       a SSL session. It handles proxy certificates, X509 Extensions and CRL checking. It should
       be used in SSL_CTX_set_verify().

       Parameters:
           preverify_ok Communicates the result of default validation steps performed by OpenSSL
           x509_context The validation state object.

       Returns:
           1 on success 0 on failure

       References GLOBUS_GSI_CALLBACK_ERROR_VERIFY_CRED, and
       globus_gsi_callback_get_SSL_callback_data_index().

   int globus_gsi_callback_check_issued (X509_STORE_CTX *context, X509 *cert, X509 *issuer)
       This function wraps the OpenSSL X509_check_issued() call and catches the error caused by
       the fact that a proxy certificate issuer may not have to have the correct KeyUsage fields
       set.

       Parameters:
           context The validation state object.
           cert The certificate to check
           issuer The issuer certificate to check

       Returns:
           1 on success 0 on failure

Author

       Generated automatically by Doxygen for globus gsi callback from the source code.