Set X509_V_FLAG_CRL_CHECK_ALL

[freeradius.git] / src / modules / rlm_eap / types / rlm_eap_tls / rlm_eap_tls.h
diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h

index 52f3ef2..a09e618 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h
+++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h
@@ -15,18 +15,22 @@
   *
   *   You should have received a copy of the GNU General Public License
   *   along with this program; if not, write to the Free Software
- *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
   *
   * Copyright 2001  hereUare Communications, Inc. <raghud@hereuare.com>
   * Copyright 2003  Alan DeKok <aland@freeradius.org>
+ * Copyright 2006  The FreeRADIUS server project
   */
  #ifndef _RLM_EAP_TLS_H
  #define _RLM_EAP_TLS_H
  
+#include <freeradius-devel/ident.h>
+RCSIDH(rlm_eap_tls_h, "$Id$")
+
  #include "eap_tls.h"
  
-#include "radiusd.h"
-#include "modules.h"
+#include <freeradius-devel/radiusd.h>
+#include <freeradius-devel/modules.h>
  
  /* configured values goes right here */
  typedef struct eap_tls_conf {
@@ -38,6 +42,8 @@ typedef struct eap_tls_conf {
         char            *ca_file;
         char            *dh_file;
         char            *rsa_file;
+       char            *make_cert_command;
+       char            *virtual_server;
         int             rsa_key;
         int             dh_key;
         int             rsa_key_length;
@@ -45,21 +51,56 @@ typedef struct eap_tls_conf {
         int             verify_depth;
         int             file_type;
         int             include_length;
+       int             disable_tlsv1_1;
+       int             disable_tlsv1_2;
  
         /*
          *      Always < 4096 (due to radius limit), 0 by default = 2048
          */
         int             fragment_size;
         int             check_crl;
+       int             check_all_crl;
+       int             allow_expired_crl;
         char            *check_cert_cn;
         char            *cipher_list;
         char            *check_cert_issuer;
+
+        int            session_cache_enable;
+        int            session_timeout;
+        int            session_cache_size;
+       char            *session_id_name;
+       char            session_context_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+       time_t          session_last_flushed;
+
+       char            *verify_tmp_dir;
+       char            *verify_client_cert_cmd;
+
+#ifdef HAVE_OPENSSL_OCSP_H
+       /*
+        * OCSP Configuration
+        */
+       int             ocsp_enable;
+       int             ocsp_override_url;
+       char            *ocsp_url;
+       int             ocsp_use_nonce;
+       int             ocsp_timeout;
+       int             ocsp_softfail;
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+#ifndef OPENSSL_NO_ECDH
+       char            *ecdh_curve;
+#endif
+#endif
  } EAP_TLS_CONF;
  
  /* This structure gets stored in arg */
  typedef struct _eap_tls_t {
-       EAP_TLS_CONF    *conf;
+       EAP_TLS_CONF    conf;
         SSL_CTX         *ctx;
+#ifdef HAVE_OPENSSL_OCSP_H
+       X509_STORE      *store; /* OCSP Revocation Store */
+#endif
  } eap_tls_t;