regenerate rustls.h with verifier builder updates

rustls · Nov 16, 2023 · 15aece4 · 15aece4
1 parent 4b1f23c
commit 15aece4
Showing 1 changed file with 26 additions and 2 deletions.
diff --git a/src/rustls.h b/src/rustls.h
@@ -1021,7 +1021,10 @@ void rustls_client_cert_verifier_free(struct rustls_client_cert_verifier *verifi
  * `rustls_web_pki_client_cert_verifier_builder_add_crl` is used to add certificate revocation
  * lists (CRLs) to the builder. If CRLs are added, revocation checking will be performed
  * for the entire certificate chain unless
- * `rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation` is used.
+ * `rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation` is used. Unknown
+ * revocation status for certificates considered for revocation status will be treated as
+ * an error unless `rustls_web_pki_client_cert_verifier_allow_unknown_revocation_status` is
+ * used.
  *
  * Anonymous unauthenticated clients will not be permitted unless
  * `rustls_web_pki_client_cert_verifier_builder_allow_unauthenticated` is used.
@@ -1052,6 +1055,15 @@ rustls_result rustls_web_pki_client_cert_verifier_builder_add_crl(struct rustls_
  */
 rustls_result rustls_web_pki_client_cert_verifier_only_check_end_entity_revocation(struct rustls_web_pki_client_cert_verifier_builder *builder);
 
+/**
+ * When CRLs are provided with `rustls_web_pki_client_cert_verifier_builder_add_crl`, and it
+ * isn't possible to determine the revocation status of a considered certificate, do not treat
+ * it as an error condition.
+ *
+ * Overrides the default behavior where unknown revocation status is considered an error.
+ */
+rustls_result rustls_web_pki_client_cert_verifier_allow_unknown_revocation_status(struct rustls_web_pki_client_cert_verifier_builder *builder);
+
 /**
  * Allow unauthenticated anonymous clients in addition to those that present a client
  * certificate that chains to one of the verifier's configured trust anchors.
@@ -1090,7 +1102,10 @@ void rustls_web_pki_client_cert_verifier_builder_free(struct rustls_web_pki_clie
  * `rustls_web_pki_server_cert_verifier_builder_add_crl` is used to add certificate revocation
  * lists (CRLs) to the builder.  If CRLs are added, revocation checking will be performed
  * for the entire certificate chain unless
- * `rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation` is used.
+ * `rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation` is used. Unknown
+ * revocation status for certificates considered for revocation status will be treated as
+ * an error unless `rustls_web_pki_server_cert_verifier_allow_unknown_revocation_status` is
+ * used.
  *
  * This copies the contents of the `rustls_root_cert_store`. It does not take
  * ownership of the pointed-to data.
@@ -1118,6 +1133,15 @@ rustls_result rustls_web_pki_server_cert_verifier_builder_add_crl(struct rustls_
  */
 rustls_result rustls_web_pki_server_cert_verifier_only_check_end_entity_revocation(struct rustls_web_pki_server_cert_verifier_builder *builder);
 
+/**
+ * When CRLs are provided with `rustls_web_pki_server_cert_verifier_builder_add_crl`, and it
+ * isn't possible to determine the revocation status of a considered certificate, do not treat
+ * it as an error condition.
+ *
+ * Overrides the default behavior where unknown revocation status is considered an error.
+ */
+rustls_result rustls_web_pki_server_cert_verifier_allow_unknown_revocation_status(struct rustls_web_pki_server_cert_verifier_builder *builder);
+
 /**
  * Create a new server certificate verifier from the builder.
  *