diff options
| author | simon <root@simon.home> | 2017-05-05 00:37:25 +0100 |
|---|---|---|
| committer | simon <root@simon.home> | 2017-05-05 00:37:25 +0100 |
| commit | 2c87a631fa4f72178876901c87c85d2889bd7b40 (patch) | |
| tree | 7c2ff36d6a251a26713835db46b8a4c929ae5165 /rfb | |
| parent | fc2899af7a3b402d5c689b0cc8527f965875b9e0 (diff) | |
| download | libtdevnc-2c87a631fa4f72178876901c87c85d2889bd7b40.tar.gz libtdevnc-2c87a631fa4f72178876901c87c85d2889bd7b40.zip | |
X509 certificate verification for OpenSSL
Diffstat (limited to 'rfb')
| -rw-r--r-- | rfb/rfbclient.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/rfb/rfbclient.h b/rfb/rfbclient.h index 72e7a5a..4ac9cd6 100644 --- a/rfb/rfbclient.h +++ b/rfb/rfbclient.h @@ -136,6 +136,7 @@ typedef union _rfbCredential char *x509CACrlFile; char *x509ClientCertFile; char *x509ClientKeyFile; + uint8_t x509CrlVerifyMode; /* Only required for OpenSSL - see meanings below */ } x509Credential; /** Plain (VeNCrypt), MSLogon (UltraVNC) */ struct @@ -148,6 +149,13 @@ typedef union _rfbCredential #define rfbCredentialTypeX509 1 #define rfbCredentialTypeUser 2 +/* When using OpenSSL, CRLs can be included in both the x509CACrlFile and appended + to the x509CACertFile as is common with OpenSSL. When rfbX509CrlVerifyAll is + specified the CRL list must include CRLs for all certificates in the chain */ +#define rfbX509CrlVerifyNone 0 /* No CRL checking is performed */ +#define rfbX509CrlVerifyClient 1 /* Only the leaf server certificate is checked */ +#define rfbX509CrlVerifyAll 2 /* All certificates in the server chain are checked */ + struct _rfbClient; /** |