Provided by: libglobus-gsi-callback-doc_4.6-1_all
NAME
Callback Functions - Typedefs typedef int(* globus_gsi_extension_callback_t )(globus_gsi_callback_data_t callback_data, X509_EXTENSION *extension) Get callback data index from X509_STORE globus_result_t globus_gsi_callback_get_X509_STORE_callback_data_index (int *index) Get callback data index from SSL structure globus_result_t globus_gsi_callback_get_SSL_callback_data_index (int *index) Certificate verify wrapper int globus_gsi_callback_X509_verify_cert (X509_STORE_CTX *context, void *arg) Independent path validation callback. int globus_gsi_callback_create_proxy_callback (int preverify_ok, X509_STORE_CTX *x509_context) SSL path validation callback. int globus_gsi_callback_handshake_callback (int preverify_ok, X509_STORE_CTX *x509_context) OpenSSL X509_check_issued() wrapper int globus_gsi_callback_check_issued (X509_STORE_CTX *context, X509 *cert, X509 *issuer)
Detailed Description
Functions that plug into various plug points in the OpenSSL path validation mechanism. These functions add CRL checking, X509 Extension handling and proxy validation.
Typedef Documentation
typedef int(* globus_gsi_extension_callback_t)(globus_gsi_callback_data_t callback_data, X509_EXTENSION *extension) Typedef for a callback that may be registered for dealing with unhandled X.509 extension.
Function Documentation
globus_result_t globus_gsi_callback_get_X509_STORE_callback_data_index (int *index) Retrieve or create the index for our callback data structure in the X509_STORE. Parameters: index Will contain the index upon return Returns: GLOBUS_SUCCESS unless an error occurred, in which case, a globus error object ID is returned References GLOBUS_GSI_CALLBACK_ERROR_WITH_CALLBACK_DATA_INDEX. globus_result_t globus_gsi_callback_get_SSL_callback_data_index (int *index) Retrieve or create the index for our callback data structure in the SSL structure. Parameters: index Will contain the index upon return Returns: GLOBUS_SUCCESS unless an error occurred, in which case, a globus error object ID is returned References GLOBUS_GSI_CALLBACK_ERROR_WITH_CALLBACK_DATA_INDEX. int globus_gsi_callback_X509_verify_cert (X509_STORE_CTX *context, void *arg) This function wraps the OpenSSL certificate verification callback for the purpose of a replacing the standard issuer check with one that deals with proxy certificates. Should be used with SSL_CTX_set_cert_verify_callback() Parameters: context The X509_STORE_CTX for which to register the callback. arg Arguments to the callback. Currently ignored. Returns: 1 on success 0 on failure References globus_gsi_callback_check_issued(). int globus_gsi_callback_create_proxy_callback (intpreverify_ok, X509_STORE_CTX *x509_context) This function provides a path validation callback for validation outside of a SSL session. It should be used in X509_STORE_set_verify_cb_func(). Parameters: preverify_ok Communicates the result of default validation steps performed by OpenSSL x509_context The validation state object Returns: 1 on success 0 on failure References GLOBUS_GSI_CALLBACK_ERROR_VERIFY_CRED, and globus_gsi_callback_get_X509_STORE_callback_data_index(). int globus_gsi_callback_handshake_callback (intpreverify_ok, X509_STORE_CTX *x509_context) This function provides a path validation callback for the validation part of establishing a SSL session. It handles proxy certificates, X509 Extensions and CRL checking. It should be used in SSL_CTX_set_verify(). Parameters: preverify_ok Communicates the result of default validation steps performed by OpenSSL x509_context The validation state object. Returns: 1 on success 0 on failure References GLOBUS_GSI_CALLBACK_ERROR_VERIFY_CRED, and globus_gsi_callback_get_SSL_callback_data_index(). int globus_gsi_callback_check_issued (X509_STORE_CTX *context, X509 *cert, X509 *issuer) This function wraps the OpenSSL X509_check_issued() call and catches the error caused by the fact that a proxy certificate issuer may not have to have the correct KeyUsage fields set. Parameters: context The validation state object. cert The certificate to check issuer The issuer certificate to check Returns: 1 on success 0 on failure
Author
Generated automatically by Doxygen for globus gsi callback from the source code.