Imported Upstream version 2.1.19

[platform/upstream/gpg2.git] / dirmngr / validate.h

diff --git a/dirmngr/validate.h b/dirmngr/validate.h
index 0d9283c..c7082e3 100644 (file)
--- a/dirmngr/validate.h
+++ b/dirmngr/validate.h
@@ -22,34 +22,47 @@
 #define VALIDATE_H
 
 
-enum {
-  /* Simple certificate validation mode. */
-  VALIDATE_MODE_CERT = 0,
-  /* Standard CRL issuer certificate validation; i.e. CRLs are not
-     considered for CRL issuer certificates. */
-  VALIDATE_MODE_CRL = 1,
-  /* Full CRL validation. */
-  VALIDATE_MODE_CRL_RECURSIVE = 2,
-  /* Validation as used for OCSP. */
-  VALIDATE_MODE_OCSP = 3
-};
+/* Flag values matching the CERTTRUST_CLASS values and a MASK for
+ * them.  check_header_constants() checks their consistency.  */
+#define VALIDATE_FLAG_TRUST_SYSTEM     1
+#define VALIDATE_FLAG_TRUST_CONFIG     2
+#define VALIDATE_FLAG_TRUST_HKP        4
+#define VALIDATE_FLAG_TRUST_HKPSPOOL   8
+#define VALIDATE_FLAG_MASK_TRUST      0x0f
+
+/* Standard CRL issuer certificate validation; i.e. CRLs are not
+ * considered for CRL issuer certificates.  */
+#define VALIDATE_FLAG_CRL          64
+
+/* If this flag is set along with VALIDATE_FLAG_CRL a full CRL
+ * verification is done.  */
+#define VALIDATE_FLAG_RECURSIVE    128
+
+/* Validation mode as used for OCSP.  */
+#define VALIDATE_FLAG_OCSP         256
+
+/* Validation mode as used with TLS.  */
+#define VALIDATE_FLAG_TLS          512
+
+/* Don't do CRL checks.  */
+#define VALIDATE_FLAG_NOCRLCHECK  1024
 
 
 /* Validate the certificate CHAIN up to the trust anchor. Optionally
    return the closest expiration time in R_EXPTIME. */
 gpg_error_t validate_cert_chain (ctrl_t ctrl,
                                  ksba_cert_t cert, ksba_isotime_t r_exptime,
-                                 int mode, char **r_trust_anchor);
+                                 unsigned int flags, char **r_trust_anchor);
 
 /* Return 0 if the certificate CERT is usable for certification.  */
-gpg_error_t cert_use_cert_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_cert (ksba_cert_t cert);
 
 /* Return 0 if the certificate CERT is usable for signing OCSP
    responses.  */
-gpg_error_t cert_use_ocsp_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_ocsp (ksba_cert_t cert);
 
 /* Return 0 if the certificate CERT is usable for signing CRLs. */
-gpg_error_t cert_use_crl_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_crl (ksba_cert_t cert);
 
 
 #endif /*VALIDATE_H*/