Set X509_V_FLAG_CRL_CHECK_ALL

[freeradius.git] / src / modules / rlm_eap / types / rlm_eap_tls / rlm_eap_tls.h

diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h
index 1b30287..a09e618 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h
+++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h
@@ -15,14 +15,93 @@
  *
  *   You should have received a copy of the GNU General Public License
  *   along with this program; if not, write to the Free Software
- *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  *
  * Copyright 2001  hereUare Communications, Inc. <raghud@hereuare.com>
  * Copyright 2003  Alan DeKok <aland@freeradius.org>
+ * Copyright 2006  The FreeRADIUS server project
  */
 #ifndef _RLM_EAP_TLS_H
 #define _RLM_EAP_TLS_H
 
+#include <freeradius-devel/ident.h>
+RCSIDH(rlm_eap_tls_h, "$Id$")
+
 #include "eap_tls.h"
 
+#include <freeradius-devel/radiusd.h>
+#include <freeradius-devel/modules.h>
+
+/* configured values goes right here */
+typedef struct eap_tls_conf {
+       char            *private_key_password;
+       char            *private_key_file;
+       char            *certificate_file;
+       char            *random_file;
+       char            *ca_path;
+       char            *ca_file;
+       char            *dh_file;
+       char            *rsa_file;
+       char            *make_cert_command;
+       char            *virtual_server;
+       int             rsa_key;
+       int             dh_key;
+       int             rsa_key_length;
+       int             dh_key_length;
+       int             verify_depth;
+       int             file_type;
+       int             include_length;
+       int             disable_tlsv1_1;
+       int             disable_tlsv1_2;
+
+       /*
+        *      Always < 4096 (due to radius limit), 0 by default = 2048
+        */
+       int             fragment_size;
+       int             check_crl;
+       int             check_all_crl;
+       int             allow_expired_crl;
+       char            *check_cert_cn;
+       char            *cipher_list;
+       char            *check_cert_issuer;
+
+        int            session_cache_enable;
+        int            session_timeout;
+        int            session_cache_size;
+       char            *session_id_name;
+       char            session_context_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+       time_t          session_last_flushed;
+
+       char            *verify_tmp_dir;
+       char            *verify_client_cert_cmd;
+
+#ifdef HAVE_OPENSSL_OCSP_H
+       /*
+        * OCSP Configuration
+        */
+       int             ocsp_enable;
+       int             ocsp_override_url;
+       char            *ocsp_url;
+       int             ocsp_use_nonce;
+       int             ocsp_timeout;
+       int             ocsp_softfail;
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+#ifndef OPENSSL_NO_ECDH
+       char            *ecdh_curve;
+#endif
+#endif
+} EAP_TLS_CONF;
+
+/* This structure gets stored in arg */
+typedef struct _eap_tls_t {
+       EAP_TLS_CONF    conf;
+       SSL_CTX         *ctx;
+#ifdef HAVE_OPENSSL_OCSP_H
+       X509_STORE      *store; /* OCSP Revocation Store */
+#endif
+} eap_tls_t;
+
+
 #endif /* _RLM_EAP_TLS_H */