Move certificate request and CRL routines to x509 dir.

Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-09-22 16:20:09 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2015-09-22 16:35:55 +0100
commit: 1e898fb0f58c9b6cee13917a8453809b1009fec2 (patch)
tree: c0628c5cc1d16860d3dfc22f271459bd693c78eb /crypto/x509/x509_lcl.h
parent: 0d0099ea3b1825fe51bce11e076292e408b55feb (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h
index eb5ae4382a..71c8a2af6b 100644
--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -100,3 +100,21 @@ struct X509_extension_st {
     ASN1_BOOLEAN critical;
     ASN1_OCTET_STRING *value;
 };
+
+/*
+ * Method to handle CRL access. In general a CRL could be very large (several
+ * Mb) and can consume large amounts of resources if stored in memory by
+ * multiple processes. This method allows general CRL operations to be
+ * redirected to more efficient callbacks: for example a CRL entry database.
+ */
+
+#define X509_CRL_METHOD_DYNAMIC         1
+
+struct x509_crl_method_st {
+    int flags;
+    int (*crl_init) (X509_CRL *crl);
+    int (*crl_free) (X509_CRL *crl);
+    int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret,
+                       ASN1_INTEGER *ser, X509_NAME *issuer);
+    int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk);
+};
author	Dr. Stephen Henson <steve@openssl.org>	2015-09-22 16:20:09 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2015-09-22 16:35:55 +0100
commit	1e898fb0f58c9b6cee13917a8453809b1009fec2 (patch)
tree	c0628c5cc1d16860d3dfc22f271459bd693c78eb /crypto/x509/x509_lcl.h
parent	0d0099ea3b1825fe51bce11e076292e408b55feb (diff)