* subject_match - Constraint for server certificate subject
*
* This substring is matched against the subject of the authentication
- * server certificate. If this string is set, the server sertificate is
+ * server certificate. If this string is set, the server certificate is
* only accepted if it contains this string in the subject. The subject
* string is in following format:
*
* /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as@n.example.com
*
- * Note: Since this is a substring match, this cannot be used securily
+ * Note: Since this is a substring match, this cannot be used securely
* to do a suffix match against a possible domain name in the CN entry.
* For such a use case, domain_suffix_match should be used instead.
*/
*
* Semicolon separated string of entries to be matched against the
* alternative subject name of the authentication server certificate.
- * If this string is set, the server sertificate is only accepted if it
+ * If this string is set, the server certificate is only accepted if it
* contains one of the entries in an alternative subject name
* extension.
*
*/
int erp;
+ /**
+ * pending_ext_cert_check - External server certificate check status
+ *
+ * This field should not be set in configuration step. It is only used
+ * internally when control interface is used to request external
+ * validation of server certificate chain.
+ */
+ enum {
+ NO_CHECK = 0,
+ PENDING_CHECK,
+ EXT_CERT_CHECK_GOOD,
+ EXT_CERT_CHECK_BAD,
+ } pending_ext_cert_check;
+
/**
- * If non-null, specifies a callback method that can be used to
- * override the validity of a peer certificate.
+ * server_cert_cb -- if non-null, specifies a callback method that can
+ * be used to override the validity of a peer (server/acceptor) certificate.
*/
int (*server_cert_cb)(int ok_so_far, X509* cert, void *ca_ctx);
void *server_cert_ctx;