commit b63b0afc05c700280438c23f9bf68596ae6e865c
author Paul Bakker <p.j.bakker@polarssl.org> Thu Jan 13 17:54:59 2011 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Thu Jan 13 17:54:59 2011 +0000
tree 8bbe4cdc5e4bf367822ddada514c35e8136164bb
parent 1b57b067518793957b552a7c8ffab534f860fe89

 - Added verification callback in certificate verification chain in order to allow external blacklisting

include/polarssl/x509.h

diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h
index 0df8433..c54fc2d 100644
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@@ -501,6 +501,8 @@
  * \param cn       expected Common Name (can be set to
  *                 NULL if the CN must not be verified)
  * \param flags    result of the verification
+ * \param f_vrfy   verification function
+ * \param p_vrfy   verification parameter
  *
  * \return         0 if successful or POLARSSL_ERR_X509_SIG_VERIFY_FAILED,
  *                 in which case *flags will have one or more of
@@ -515,7 +517,9 @@
 int x509parse_verify( x509_cert *crt,
                       x509_cert *trust_ca,
                       x509_crl *ca_crl,
-                      const char *cn, int *flags );
+                      const char *cn, int *flags,
+                      int (*f_vrfy)(void *, x509_cert *, int, int),
+                      void *p_vrfy );
 
 /** @} name Functions to verify a certificate */