mirror of
https://github.com/openssl/openssl.git
synced 2025-04-06 20:20:50 +08:00
x509_lu.c and x509_vfy.c: improve coding style, comments, and related doc
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18840)
This commit is contained in:
Dr. David von Oheimb
Dr. David von Oheimb
parent
affc070aab
commit
c34e78766f
@ -41,14 +41,14 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
|
||||
OPENSSL_free(ctx);
|
||||
}
|
||||
|
||||
int X509_STORE_lock(X509_STORE *s)
|
||||
int X509_STORE_lock(X509_STORE *xs)
|
||||
{
|
||||
return CRYPTO_THREAD_write_lock(s->lock);
|
||||
return CRYPTO_THREAD_write_lock(xs->lock);
|
||||
}
|
||||
|
||||
int X509_STORE_unlock(X509_STORE *s)
|
||||
int X509_STORE_unlock(X509_STORE *xs)
|
||||
{
|
||||
return CRYPTO_THREAD_unlock(s->lock);
|
||||
return CRYPTO_THREAD_unlock(xs->lock);
|
||||
}
|
||||
|
||||
int X509_LOOKUP_init(X509_LOOKUP *ctx)
|
||||
@ -154,7 +154,6 @@ X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx)
|
||||
return ctx->store_ctx;
|
||||
}
|
||||
|
||||
|
||||
static int x509_object_cmp(const X509_OBJECT *const *a,
|
||||
const X509_OBJECT *const *b)
|
||||
{
|
||||
@ -220,54 +219,54 @@ err:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void X509_STORE_free(X509_STORE *vfy)
|
||||
void X509_STORE_free(X509_STORE *xs)
|
||||
{
|
||||
int i;
|
||||
STACK_OF(X509_LOOKUP) *sk;
|
||||
X509_LOOKUP *lu;
|
||||
|
||||
if (vfy == NULL)
|
||||
if (xs == NULL)
|
||||
return;
|
||||
CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock);
|
||||
REF_PRINT_COUNT("X509_STORE", vfy);
|
||||
CRYPTO_DOWN_REF(&xs->references, &i, xs->lock);
|
||||
REF_PRINT_COUNT("X509_STORE", xs);
|
||||
if (i > 0)
|
||||
return;
|
||||
REF_ASSERT_ISNT(i < 0);
|
||||
|
||||
sk = vfy->get_cert_methods;
|
||||
sk = xs->get_cert_methods;
|
||||
for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
|
||||
lu = sk_X509_LOOKUP_value(sk, i);
|
||||
X509_LOOKUP_shutdown(lu);
|
||||
X509_LOOKUP_free(lu);
|
||||
}
|
||||
sk_X509_LOOKUP_free(sk);
|
||||
sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free);
|
||||
sk_X509_OBJECT_pop_free(xs->objs, X509_OBJECT_free);
|
||||
|
||||
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
|
||||
X509_VERIFY_PARAM_free(vfy->param);
|
||||
CRYPTO_THREAD_lock_free(vfy->lock);
|
||||
OPENSSL_free(vfy);
|
||||
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, xs, &xs->ex_data);
|
||||
X509_VERIFY_PARAM_free(xs->param);
|
||||
CRYPTO_THREAD_lock_free(xs->lock);
|
||||
OPENSSL_free(xs);
|
||||
}
|
||||
|
||||
int X509_STORE_up_ref(X509_STORE *vfy)
|
||||
int X509_STORE_up_ref(X509_STORE *xs)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0)
|
||||
if (CRYPTO_UP_REF(&xs->references, &i, xs->lock) <= 0)
|
||||
return 0;
|
||||
|
||||
REF_PRINT_COUNT("X509_STORE", vfy);
|
||||
REF_PRINT_COUNT("X509_STORE", xs);
|
||||
REF_ASSERT_ISNT(i < 2);
|
||||
return ((i > 1) ? 1 : 0);
|
||||
return i > 1 ? 1 : 0;
|
||||
}
|
||||
|
||||
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
|
||||
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m)
|
||||
{
|
||||
int i;
|
||||
STACK_OF(X509_LOOKUP) *sk;
|
||||
X509_LOOKUP *lu;
|
||||
|
||||
sk = v->get_cert_methods;
|
||||
sk = xs->get_cert_methods;
|
||||
for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
|
||||
lu = sk_X509_LOOKUP_value(sk, i);
|
||||
if (m == lu->method) {
|
||||
@ -281,8 +280,8 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
lu->store_ctx = v;
|
||||
if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
|
||||
lu->store_ctx = xs;
|
||||
if (sk_X509_LOOKUP_push(xs->get_cert_methods, lu))
|
||||
return lu;
|
||||
/* malloc failed */
|
||||
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
|
||||
@ -290,7 +289,8 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
|
||||
/* Also fill the cache (ctx->store->objs) with all matching certificates. */
|
||||
X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *ctx,
|
||||
X509_LOOKUP_TYPE type,
|
||||
const X509_NAME *name)
|
||||
{
|
||||
@ -298,7 +298,7 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
|
||||
|
||||
if (ret == NULL)
|
||||
return NULL;
|
||||
if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) {
|
||||
if (!X509_STORE_CTX_get_by_subject(ctx, type, name, ret)) {
|
||||
X509_OBJECT_free(ret);
|
||||
return NULL;
|
||||
}
|
||||
@ -306,16 +306,18 @@ X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
|
||||
}
|
||||
|
||||
/*
|
||||
* May be called with |ret| == NULL just for the side effect of
|
||||
* caching all certs matching the given subject DN in |ctx->store->objs|.
|
||||
* Returns 1 if successful,
|
||||
* 0 if not found or X509_LOOKUP_by_subject_ex() returns an error,
|
||||
* -1 on failure
|
||||
*/
|
||||
static int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *vs,
|
||||
static int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *ctx,
|
||||
X509_LOOKUP_TYPE type,
|
||||
const X509_NAME *name,
|
||||
X509_OBJECT *ret)
|
||||
{
|
||||
X509_STORE *store = vs->store;
|
||||
X509_STORE *store = ctx->store;
|
||||
X509_LOOKUP *lu;
|
||||
X509_OBJECT stmp, *tmp;
|
||||
int i, j;
|
||||
@ -339,7 +341,7 @@ static int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *vs,
|
||||
if (lu->method == NULL)
|
||||
return -1;
|
||||
j = X509_LOOKUP_by_subject_ex(lu, type, name, &stmp,
|
||||
vs->libctx, vs->propq);
|
||||
ctx->libctx, ctx->propq);
|
||||
if (j != 0) { /* non-zero value is considered success here */
|
||||
tmp = &stmp;
|
||||
break;
|
||||
@ -356,15 +358,16 @@ static int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *vs,
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Also fill the cache with all matching certificates */
|
||||
int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
|
||||
/* Also fill the cache |ctx->store->objs| with all matching certificates. */
|
||||
int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *ctx,
|
||||
X509_LOOKUP_TYPE type,
|
||||
const X509_NAME *name, X509_OBJECT *ret)
|
||||
{
|
||||
return ossl_x509_store_ctx_get_by_subject(vs, type, name, ret) > 0;
|
||||
return ossl_x509_store_ctx_get_by_subject(ctx, type, name, ret) > 0;
|
||||
}
|
||||
|
||||
static int x509_store_add(X509_STORE *store, void *x, int crl) {
|
||||
static int x509_store_add(X509_STORE *store, void *x, int crl)
|
||||
{
|
||||
X509_OBJECT *obj;
|
||||
int ret = 0, added = 0;
|
||||
|
||||
@ -407,18 +410,18 @@ static int x509_store_add(X509_STORE *store, void *x, int crl) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
|
||||
int X509_STORE_add_cert(X509_STORE *xs, X509 *x)
|
||||
{
|
||||
if (!x509_store_add(ctx, x, 0)) {
|
||||
if (!x509_store_add(xs, x, 0)) {
|
||||
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
|
||||
int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x)
|
||||
{
|
||||
if (!x509_store_add(ctx, x, 1)) {
|
||||
if (!x509_store_add(xs, x, 1)) {
|
||||
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
@ -557,9 +560,9 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
|
||||
return sk_X509_OBJECT_value(h, idx);
|
||||
}
|
||||
|
||||
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v)
|
||||
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs)
|
||||
{
|
||||
return v->objs;
|
||||
return xs->objs;
|
||||
}
|
||||
|
||||
STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store)
|
||||
@ -727,8 +730,9 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
|
||||
} else if (x->type == X509_LU_CRL) {
|
||||
if (X509_CRL_match(obj->data.crl, x->data.crl) == 0)
|
||||
return obj;
|
||||
} else
|
||||
} else {
|
||||
return obj;
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@ -817,176 +821,176 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
|
||||
return ret;
|
||||
}
|
||||
|
||||
int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
|
||||
int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags)
|
||||
{
|
||||
return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
|
||||
return X509_VERIFY_PARAM_set_flags(xs->param, flags);
|
||||
}
|
||||
|
||||
int X509_STORE_set_depth(X509_STORE *ctx, int depth)
|
||||
int X509_STORE_set_depth(X509_STORE *xs, int depth)
|
||||
{
|
||||
X509_VERIFY_PARAM_set_depth(ctx->param, depth);
|
||||
X509_VERIFY_PARAM_set_depth(xs->param, depth);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
|
||||
int X509_STORE_set_purpose(X509_STORE *xs, int purpose)
|
||||
{
|
||||
return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
|
||||
return X509_VERIFY_PARAM_set_purpose(xs->param, purpose);
|
||||
}
|
||||
|
||||
int X509_STORE_set_trust(X509_STORE *ctx, int trust)
|
||||
int X509_STORE_set_trust(X509_STORE *xs, int trust)
|
||||
{
|
||||
return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
|
||||
return X509_VERIFY_PARAM_set_trust(xs->param, trust);
|
||||
}
|
||||
|
||||
int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *param)
|
||||
int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *param)
|
||||
{
|
||||
return X509_VERIFY_PARAM_set1(ctx->param, param);
|
||||
return X509_VERIFY_PARAM_set1(xs->param, param);
|
||||
}
|
||||
|
||||
X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx)
|
||||
X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->param;
|
||||
return xs->param;
|
||||
}
|
||||
|
||||
void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
|
||||
void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify)
|
||||
{
|
||||
ctx->verify = verify;
|
||||
xs->verify = verify;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->verify;
|
||||
return xs->verify;
|
||||
}
|
||||
|
||||
void X509_STORE_set_verify_cb(X509_STORE *ctx,
|
||||
void X509_STORE_set_verify_cb(X509_STORE *xs,
|
||||
X509_STORE_CTX_verify_cb verify_cb)
|
||||
{
|
||||
ctx->verify_cb = verify_cb;
|
||||
xs->verify_cb = verify_cb;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->verify_cb;
|
||||
return xs->verify_cb;
|
||||
}
|
||||
|
||||
void X509_STORE_set_get_issuer(X509_STORE *ctx,
|
||||
void X509_STORE_set_get_issuer(X509_STORE *xs,
|
||||
X509_STORE_CTX_get_issuer_fn get_issuer)
|
||||
{
|
||||
ctx->get_issuer = get_issuer;
|
||||
xs->get_issuer = get_issuer;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->get_issuer;
|
||||
return xs->get_issuer;
|
||||
}
|
||||
|
||||
void X509_STORE_set_check_issued(X509_STORE *ctx,
|
||||
void X509_STORE_set_check_issued(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_issued_fn check_issued)
|
||||
{
|
||||
ctx->check_issued = check_issued;
|
||||
xs->check_issued = check_issued;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->check_issued;
|
||||
return xs->check_issued;
|
||||
}
|
||||
|
||||
void X509_STORE_set_check_revocation(X509_STORE *ctx,
|
||||
X509_STORE_CTX_check_revocation_fn check_revocation)
|
||||
void X509_STORE_set_check_revocation(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_revocation_fn cb)
|
||||
{
|
||||
ctx->check_revocation = check_revocation;
|
||||
xs->check_revocation = cb;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->check_revocation;
|
||||
return xs->check_revocation;
|
||||
}
|
||||
|
||||
void X509_STORE_set_get_crl(X509_STORE *ctx,
|
||||
void X509_STORE_set_get_crl(X509_STORE *xs,
|
||||
X509_STORE_CTX_get_crl_fn get_crl)
|
||||
{
|
||||
ctx->get_crl = get_crl;
|
||||
xs->get_crl = get_crl;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->get_crl;
|
||||
return xs->get_crl;
|
||||
}
|
||||
|
||||
void X509_STORE_set_check_crl(X509_STORE *ctx,
|
||||
void X509_STORE_set_check_crl(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_crl_fn check_crl)
|
||||
{
|
||||
ctx->check_crl = check_crl;
|
||||
xs->check_crl = check_crl;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->check_crl;
|
||||
return xs->check_crl;
|
||||
}
|
||||
|
||||
void X509_STORE_set_cert_crl(X509_STORE *ctx,
|
||||
void X509_STORE_set_cert_crl(X509_STORE *xs,
|
||||
X509_STORE_CTX_cert_crl_fn cert_crl)
|
||||
{
|
||||
ctx->cert_crl = cert_crl;
|
||||
xs->cert_crl = cert_crl;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->cert_crl;
|
||||
return xs->cert_crl;
|
||||
}
|
||||
|
||||
void X509_STORE_set_check_policy(X509_STORE *ctx,
|
||||
void X509_STORE_set_check_policy(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_policy_fn check_policy)
|
||||
{
|
||||
ctx->check_policy = check_policy;
|
||||
xs->check_policy = check_policy;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->check_policy;
|
||||
return xs->check_policy;
|
||||
}
|
||||
|
||||
void X509_STORE_set_lookup_certs(X509_STORE *ctx,
|
||||
void X509_STORE_set_lookup_certs(X509_STORE *xs,
|
||||
X509_STORE_CTX_lookup_certs_fn lookup_certs)
|
||||
{
|
||||
ctx->lookup_certs = lookup_certs;
|
||||
xs->lookup_certs = lookup_certs;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->lookup_certs;
|
||||
return xs->lookup_certs;
|
||||
}
|
||||
|
||||
void X509_STORE_set_lookup_crls(X509_STORE *ctx,
|
||||
void X509_STORE_set_lookup_crls(X509_STORE *xs,
|
||||
X509_STORE_CTX_lookup_crls_fn lookup_crls)
|
||||
{
|
||||
ctx->lookup_crls = lookup_crls;
|
||||
xs->lookup_crls = lookup_crls;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->lookup_crls;
|
||||
return xs->lookup_crls;
|
||||
}
|
||||
|
||||
void X509_STORE_set_cleanup(X509_STORE *ctx,
|
||||
X509_STORE_CTX_cleanup_fn ctx_cleanup)
|
||||
void X509_STORE_set_cleanup(X509_STORE *xs,
|
||||
X509_STORE_CTX_cleanup_fn cleanup)
|
||||
{
|
||||
ctx->cleanup = ctx_cleanup;
|
||||
xs->cleanup = cleanup;
|
||||
}
|
||||
|
||||
X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx)
|
||||
X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs)
|
||||
{
|
||||
return ctx->cleanup;
|
||||
return xs->cleanup;
|
||||
}
|
||||
|
||||
int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)
|
||||
int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data)
|
||||
{
|
||||
return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
|
||||
return CRYPTO_set_ex_data(&xs->ex_data, idx, data);
|
||||
}
|
||||
|
||||
void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx)
|
||||
void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx)
|
||||
{
|
||||
return CRYPTO_get_ex_data(&ctx->ex_data, idx);
|
||||
return CRYPTO_get_ex_data(&xs->ex_data, idx);
|
||||
}
|
||||
|
||||
X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx)
|
||||
|
||||
@ -124,6 +124,7 @@ static int lookup_cert_match(X509 **result, X509_STORE_CTX *ctx, X509 *x)
|
||||
ERR_pop_to_mark();
|
||||
if (certs == NULL)
|
||||
return -1;
|
||||
|
||||
/* Look for exact match */
|
||||
for (i = 0; i < sk_X509_num(certs); i++) {
|
||||
xtmp = sk_X509_value(certs, i);
|
||||
@ -348,7 +349,7 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
|
||||
return rv;
|
||||
}
|
||||
|
||||
/* Check that the given certificate 'x' is issued by the certificate 'issuer' */
|
||||
/* Check that the given certificate |x| is issued by the certificate |issuer| */
|
||||
static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
|
||||
{
|
||||
int err = ossl_x509_likely_issued(issuer, x);
|
||||
@ -369,17 +370,16 @@ static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
|
||||
static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
|
||||
{
|
||||
*issuer = find_issuer(ctx, ctx->other_ctx, x);
|
||||
if (*issuer != NULL)
|
||||
return X509_up_ref(*issuer) ? 1 : -1;
|
||||
return 0;
|
||||
if (*issuer == NULL)
|
||||
return 0;
|
||||
return X509_up_ref(*issuer) ? 1 : -1;
|
||||
}
|
||||
|
||||
/*-
|
||||
* Alternative lookup method: look from a STACK stored in other_ctx.
|
||||
* Returns NULL on internal/fatal error, empty stack if not found.
|
||||
*/
|
||||
static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx,
|
||||
const X509_NAME *nm)
|
||||
static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, const X509_NAME *nm)
|
||||
{
|
||||
STACK_OF(X509) *sk = sk_X509_new_null();
|
||||
X509 *x;
|
||||
@ -874,7 +874,7 @@ static int check_trust(X509_STORE_CTX *ctx, int num_untrusted)
|
||||
res = lookup_cert_match(&mx, ctx, x);
|
||||
if (res < 0)
|
||||
return res;
|
||||
if (mx == NULL)
|
||||
if (res == 0)
|
||||
return X509_TRUST_UNTRUSTED;
|
||||
|
||||
/*
|
||||
@ -1858,6 +1858,7 @@ int X509_cmp_current_time(const ASN1_TIME *ctm)
|
||||
return X509_cmp_time(ctm, NULL);
|
||||
}
|
||||
|
||||
/* returns 0 on error, otherwise 1 if ctm > cmp_time, else -1 */
|
||||
int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
|
||||
{
|
||||
static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
|
||||
@ -3164,11 +3165,8 @@ static int build_chain(X509_STORE_CTX *ctx)
|
||||
dane->pdpth = -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Self-signed untrusted certificates get replaced by their
|
||||
* trusted matching issuer. Otherwise, grow the chain.
|
||||
*/
|
||||
if (!self_signed) {
|
||||
if (!self_signed) { /* untrusted not self-signed certificate */
|
||||
/* Grow the chain by trusted issuer */
|
||||
if (!sk_X509_push(ctx->chain, issuer)) {
|
||||
X509_free(issuer);
|
||||
goto memerr;
|
||||
@ -3177,7 +3175,7 @@ static int build_chain(X509_STORE_CTX *ctx)
|
||||
goto int_err;
|
||||
} else {
|
||||
/*
|
||||
* We have a self-signed certificate that has the same
|
||||
* We have a self-signed untrusted cert that has the same
|
||||
* subject name (and perhaps keyid and/or serial number) as
|
||||
* a trust anchor. We must have an exact match to avoid
|
||||
* possible impersonation via key substitution etc.
|
||||
@ -3187,6 +3185,10 @@ static int build_chain(X509_STORE_CTX *ctx)
|
||||
X509_free(issuer);
|
||||
ok = 0;
|
||||
} else { /* curr "==" issuer */
|
||||
/*
|
||||
* Replace self-signed untrusted certificate
|
||||
* by its trusted matching issuer.
|
||||
*/
|
||||
X509_free(curr);
|
||||
ctx->num_untrusted = --num;
|
||||
(void)sk_X509_set(ctx->chain, num, issuer);
|
||||
@ -3239,7 +3241,7 @@ static int build_chain(X509_STORE_CTX *ctx)
|
||||
}
|
||||
|
||||
/*
|
||||
* Extend chain with peer-provided untrusted certificates
|
||||
* Try to extend chain with peer-provided untrusted certificate
|
||||
*/
|
||||
if ((search & S_DOUNTRUSTED) != 0) {
|
||||
num = sk_X509_num(ctx->chain);
|
||||
@ -3263,6 +3265,7 @@ static int build_chain(X509_STORE_CTX *ctx)
|
||||
/* Drop this issuer from future consideration */
|
||||
(void)sk_X509_delete_ptr(sk_untrusted, issuer);
|
||||
|
||||
/* Grow the chain by untrusted issuer */
|
||||
if (!X509_add_cert(ctx->chain, issuer, X509_ADD_FLAG_UP_REF))
|
||||
goto int_err;
|
||||
|
||||
|
||||
@ -74,6 +74,7 @@ X509_STORE_CTX_free() completely frees up I<ctx>. After this call I<ctx>
|
||||
is no longer valid.
|
||||
If I<ctx> is NULL nothing is done.
|
||||
|
||||
X509_STORE_CTX_init() sets up I<ctx> for a subsequent verification operation.
|
||||
It must be called before each call to L<X509_verify_cert(3)> or
|
||||
L<X509_STORE_CTX_verify(3)>, i.e., a context is only good for one verification.
|
||||
If you want to verify a further certificate or chain with the same I<ctx>
|
||||
|
||||
@ -18,30 +18,30 @@ X509_STORE_load_locations_ex, X509_STORE_load_locations
|
||||
|
||||
typedef x509_store_st X509_STORE;
|
||||
|
||||
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
|
||||
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
|
||||
int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
|
||||
int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
|
||||
int X509_STORE_set_depth(X509_STORE *store, int depth);
|
||||
int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
|
||||
int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
|
||||
int X509_STORE_set_trust(X509_STORE *ctx, int trust);
|
||||
int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
|
||||
int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
|
||||
int X509_STORE_set_trust(X509_STORE *xs, int trust);
|
||||
|
||||
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store,
|
||||
X509_LOOKUP_METHOD *meth);
|
||||
|
||||
int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
|
||||
int X509_STORE_set_default_paths_ex(X509_STORE *xs, OSSL_LIB_CTX *libctx,
|
||||
const char *propq);
|
||||
int X509_STORE_set_default_paths(X509_STORE *ctx);
|
||||
int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
|
||||
int X509_STORE_set_default_paths(X509_STORE *xs);
|
||||
int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
int X509_STORE_load_file(X509_STORE *ctx, const char *file);
|
||||
int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
|
||||
int X509_STORE_load_store_ex(X509_STORE *ctx, const char *uri,
|
||||
int X509_STORE_load_file(X509_STORE *xs, const char *file);
|
||||
int X509_STORE_load_path(X509_STORE *xs, const char *dir);
|
||||
int X509_STORE_load_store_ex(X509_STORE *xs, const char *uri,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
|
||||
int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
|
||||
int X509_STORE_load_store(X509_STORE *xs, const char *uri);
|
||||
int X509_STORE_load_locations_ex(X509_STORE *xs, const char *file,
|
||||
const char *dir, OSSL_LIB_CTX *libctx,
|
||||
const char *propq);
|
||||
int X509_STORE_load_locations(X509_STORE *ctx,
|
||||
int X509_STORE_load_locations(X509_STORE *xs,
|
||||
const char *file, const char *dir);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
@ -10,18 +10,17 @@ X509_STORE_get0_objects, X509_STORE_get1_all_certs
|
||||
|
||||
#include <openssl/x509_vfy.h>
|
||||
|
||||
X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
|
||||
int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
|
||||
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *ctx);
|
||||
STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
|
||||
X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
|
||||
int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
|
||||
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
|
||||
STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
X509_STORE_set1_param() sets the verification parameters
|
||||
to B<pm> for B<ctx>.
|
||||
X509_STORE_set1_param() sets the verification parameters to I<pm> for I<xs>.
|
||||
|
||||
X509_STORE_get0_param() retrieves an internal pointer to the verification
|
||||
parameters for B<ctx>. The returned pointer must not be freed by the
|
||||
parameters for I<xs>. The returned pointer must not be freed by the
|
||||
calling application
|
||||
|
||||
X509_STORE_get0_objects() retrieves an internal pointer to the store's
|
||||
|
||||
@ -11,10 +11,10 @@ X509_STORE_lock,X509_STORE_unlock
|
||||
#include <openssl/x509_vfy.h>
|
||||
|
||||
X509_STORE *X509_STORE_new(void);
|
||||
void X509_STORE_free(X509_STORE *v);
|
||||
int X509_STORE_lock(X509_STORE *v);
|
||||
int X509_STORE_unlock(X509_STORE *v);
|
||||
int X509_STORE_up_ref(X509_STORE *v);
|
||||
void X509_STORE_free(X509_STORE *xs);
|
||||
int X509_STORE_lock(X509_STORE *xs);
|
||||
int X509_STORE_unlock(X509_STORE *xs);
|
||||
int X509_STORE_up_ref(X509_STORE *xs);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
||||
@ -58,78 +58,78 @@ X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn
|
||||
const X509_NAME *nm);
|
||||
typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
|
||||
|
||||
void X509_STORE_set_verify_cb(X509_STORE *ctx,
|
||||
void X509_STORE_set_verify_cb(X509_STORE *xs,
|
||||
X509_STORE_CTX_verify_cb verify_cb);
|
||||
X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE_CTX *ctx);
|
||||
|
||||
void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
|
||||
void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
|
||||
X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
|
||||
|
||||
int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
|
||||
X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE_CTX *ctx);
|
||||
void X509_STORE_set_get_issuer(X509_STORE *ctx,
|
||||
void X509_STORE_set_get_issuer(X509_STORE *xs,
|
||||
X509_STORE_CTX_get_issuer_fn get_issuer);
|
||||
|
||||
void X509_STORE_set_check_issued(X509_STORE *ctx,
|
||||
void X509_STORE_set_check_issued(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_issued_fn check_issued);
|
||||
X509_STORE_CTX_check_issued_fn
|
||||
X509_STORE_get_check_issued(const X509_STORE_CTX *ctx);
|
||||
|
||||
void X509_STORE_set_check_revocation(X509_STORE *ctx,
|
||||
void X509_STORE_set_check_revocation(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_revocation_fn check_revocation);
|
||||
X509_STORE_CTX_check_revocation_fn
|
||||
X509_STORE_get_check_revocation(const X509_STORE_CTX *ctx);
|
||||
|
||||
void X509_STORE_set_get_crl(X509_STORE *ctx,
|
||||
void X509_STORE_set_get_crl(X509_STORE *xs,
|
||||
X509_STORE_CTX_get_crl_fn get_crl);
|
||||
X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE_CTX *ctx);
|
||||
|
||||
void X509_STORE_set_check_crl(X509_STORE *ctx,
|
||||
void X509_STORE_set_check_crl(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_crl_fn check_crl);
|
||||
X509_STORE_CTX_check_crl_fn
|
||||
X509_STORE_get_check_crl(const X509_STORE_CTX *ctx);
|
||||
|
||||
void X509_STORE_set_cert_crl(X509_STORE *ctx,
|
||||
void X509_STORE_set_cert_crl(X509_STORE *xs,
|
||||
X509_STORE_CTX_cert_crl_fn cert_crl);
|
||||
X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE_CTX *ctx);
|
||||
|
||||
void X509_STORE_set_check_policy(X509_STORE *ctx,
|
||||
void X509_STORE_set_check_policy(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_policy_fn check_policy);
|
||||
X509_STORE_CTX_check_policy_fn
|
||||
X509_STORE_get_check_policy(const X509_STORE_CTX *ctx);
|
||||
|
||||
void X509_STORE_set_lookup_certs(X509_STORE *ctx,
|
||||
void X509_STORE_set_lookup_certs(X509_STORE *xs,
|
||||
X509_STORE_CTX_lookup_certs_fn lookup_certs);
|
||||
X509_STORE_CTX_lookup_certs_fn
|
||||
X509_STORE_get_lookup_certs(const X509_STORE_CTX *ctx);
|
||||
|
||||
void X509_STORE_set_lookup_crls(X509_STORE *ctx,
|
||||
void X509_STORE_set_lookup_crls(X509_STORE *xs,
|
||||
X509_STORE_CTX_lookup_crls_fn lookup_crls);
|
||||
X509_STORE_CTX_lookup_crls_fn
|
||||
X509_STORE_get_lookup_crls(const X509_STORE_CTX *ctx);
|
||||
|
||||
void X509_STORE_set_cleanup(X509_STORE *ctx,
|
||||
void X509_STORE_set_cleanup(X509_STORE *xs,
|
||||
X509_STORE_CTX_cleanup_fn cleanup);
|
||||
X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE_CTX *ctx);
|
||||
|
||||
/* Aliases */
|
||||
void X509_STORE_set_verify_cb_func(X509_STORE *st,
|
||||
X509_STORE_CTX_verify_cb verify_cb);
|
||||
void X509_STORE_set_verify_func(X509_STORE *ctx,
|
||||
void X509_STORE_set_verify_func(X509_STORE *xs,
|
||||
X509_STORE_CTX_verify_fn verify);
|
||||
void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
|
||||
void X509_STORE_set_lookup_crls_cb(X509_STORE *xs,
|
||||
X509_STORE_CTX_lookup_crls_fn lookup_crls);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
X509_STORE_set_verify_cb() sets the verification callback of I<ctx> to
|
||||
X509_STORE_set_verify_cb() sets the verification callback of I<xs> to
|
||||
I<verify_cb> overwriting the previous callback.
|
||||
The callback assigned with this function becomes a default for the one
|
||||
that can be assigned directly to the corresponding B<X509_STORE_CTX>,
|
||||
please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
|
||||
|
||||
X509_STORE_set_verify() sets the final chain verification function for
|
||||
I<ctx> to I<verify>.
|
||||
I<xs> to I<verify>.
|
||||
Its purpose is to go through the chain of certificates and check that
|
||||
all signatures are valid and that the current time is within the
|
||||
limits of each certificate's first and last validity time.
|
||||
@ -139,12 +139,14 @@ I<If no chain verification function is provided, the internal default
|
||||
function will be used instead.>
|
||||
|
||||
X509_STORE_CTX_get1_issuer() tries to find a certificate from the I<store>
|
||||
component of I<ctx> with a subject name matching the issuer name of I<x>.
|
||||
On success it assigns to I<*issuer> the first match that is currently valid,
|
||||
or at least the most recently expired match if there is no currently valid one.
|
||||
component of I<ctx> that has a subject name matching the issuer name of I<x>
|
||||
and is accepted by the I<check_issued> function in I<ctx>.
|
||||
On success it assigns to I<*issuer> the first match that has a suitable validity
|
||||
period or otherwise has the latest expiration date of all matching certificates.
|
||||
If the function returns 1 the caller is responsible for freeing I<*issuer>.
|
||||
Note that this search does not support backtracking.
|
||||
|
||||
X509_STORE_set_get_issuer() sets the function I<get_issuer>
|
||||
X509_STORE_set_get_issuer() sets the function I<get_issuer> that is used
|
||||
to get the "best" candidate issuer certificate of the given certificate I<x>.
|
||||
When such a certificate is found, I<get_issuer> must up-ref and assign it
|
||||
to I<*issuer> and then return 1.
|
||||
|
||||
@ -394,71 +394,71 @@ int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
|
||||
X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
|
||||
int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
|
||||
X509_STORE *X509_STORE_new(void);
|
||||
void X509_STORE_free(X509_STORE *v);
|
||||
int X509_STORE_lock(X509_STORE *ctx);
|
||||
int X509_STORE_unlock(X509_STORE *ctx);
|
||||
int X509_STORE_up_ref(X509_STORE *v);
|
||||
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
|
||||
STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
|
||||
STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
|
||||
void X509_STORE_free(X509_STORE *xs);
|
||||
int X509_STORE_lock(X509_STORE *xs);
|
||||
int X509_STORE_unlock(X509_STORE *xs);
|
||||
int X509_STORE_up_ref(X509_STORE *xs);
|
||||
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
|
||||
STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
|
||||
STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
|
||||
const X509_NAME *nm);
|
||||
STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
|
||||
const X509_NAME *nm);
|
||||
int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
|
||||
int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
|
||||
int X509_STORE_set_trust(X509_STORE *ctx, int trust);
|
||||
int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
|
||||
X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
|
||||
int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
|
||||
int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
|
||||
int X509_STORE_set_trust(X509_STORE *xs, int trust);
|
||||
int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
|
||||
X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
|
||||
|
||||
void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
|
||||
void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
|
||||
#define X509_STORE_set_verify_func(ctx, func) \
|
||||
X509_STORE_set_verify((ctx),(func))
|
||||
void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
|
||||
X509_STORE_CTX_verify_fn verify);
|
||||
X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
|
||||
void X509_STORE_set_verify_cb(X509_STORE *ctx,
|
||||
X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
|
||||
void X509_STORE_set_verify_cb(X509_STORE *xs,
|
||||
X509_STORE_CTX_verify_cb verify_cb);
|
||||
# define X509_STORE_set_verify_cb_func(ctx,func) \
|
||||
X509_STORE_set_verify_cb((ctx),(func))
|
||||
X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
|
||||
void X509_STORE_set_get_issuer(X509_STORE *ctx,
|
||||
X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
|
||||
void X509_STORE_set_get_issuer(X509_STORE *xs,
|
||||
X509_STORE_CTX_get_issuer_fn get_issuer);
|
||||
X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
|
||||
void X509_STORE_set_check_issued(X509_STORE *ctx,
|
||||
X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
|
||||
void X509_STORE_set_check_issued(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_issued_fn check_issued);
|
||||
X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
|
||||
void X509_STORE_set_check_revocation(X509_STORE *ctx,
|
||||
X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
|
||||
void X509_STORE_set_check_revocation(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_revocation_fn check_revocation);
|
||||
X509_STORE_CTX_check_revocation_fn
|
||||
X509_STORE_get_check_revocation(const X509_STORE *ctx);
|
||||
void X509_STORE_set_get_crl(X509_STORE *ctx,
|
||||
X509_STORE_get_check_revocation(const X509_STORE *xs);
|
||||
void X509_STORE_set_get_crl(X509_STORE *xs,
|
||||
X509_STORE_CTX_get_crl_fn get_crl);
|
||||
X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
|
||||
void X509_STORE_set_check_crl(X509_STORE *ctx,
|
||||
X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
|
||||
void X509_STORE_set_check_crl(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_crl_fn check_crl);
|
||||
X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
|
||||
void X509_STORE_set_cert_crl(X509_STORE *ctx,
|
||||
X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
|
||||
void X509_STORE_set_cert_crl(X509_STORE *xs,
|
||||
X509_STORE_CTX_cert_crl_fn cert_crl);
|
||||
X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
|
||||
void X509_STORE_set_check_policy(X509_STORE *ctx,
|
||||
X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
|
||||
void X509_STORE_set_check_policy(X509_STORE *xs,
|
||||
X509_STORE_CTX_check_policy_fn check_policy);
|
||||
X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
|
||||
void X509_STORE_set_lookup_certs(X509_STORE *ctx,
|
||||
X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
|
||||
void X509_STORE_set_lookup_certs(X509_STORE *xs,
|
||||
X509_STORE_CTX_lookup_certs_fn lookup_certs);
|
||||
X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
|
||||
void X509_STORE_set_lookup_crls(X509_STORE *ctx,
|
||||
X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
|
||||
void X509_STORE_set_lookup_crls(X509_STORE *xs,
|
||||
X509_STORE_CTX_lookup_crls_fn lookup_crls);
|
||||
#define X509_STORE_set_lookup_crls_cb(ctx, func) \
|
||||
X509_STORE_set_lookup_crls((ctx), (func))
|
||||
X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
|
||||
void X509_STORE_set_cleanup(X509_STORE *ctx,
|
||||
X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
|
||||
void X509_STORE_set_cleanup(X509_STORE *xs,
|
||||
X509_STORE_CTX_cleanup_fn cleanup);
|
||||
X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
|
||||
X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
|
||||
|
||||
#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
|
||||
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
|
||||
int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
|
||||
void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
|
||||
int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
|
||||
void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
|
||||
|
||||
X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
|
||||
X509_STORE_CTX *X509_STORE_CTX_new(void);
|
||||
@ -503,7 +503,7 @@ X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(const X509_STORE_CTX *ctx);
|
||||
# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
|
||||
#endif
|
||||
|
||||
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
|
||||
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
|
||||
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
|
||||
X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
|
||||
X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
|
||||
@ -588,8 +588,8 @@ X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
|
||||
const X509_LOOKUP_METHOD *method);
|
||||
|
||||
|
||||
int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
|
||||
int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
|
||||
int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
|
||||
int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
|
||||
|
||||
int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
|
||||
X509_LOOKUP_TYPE type,
|
||||
@ -633,23 +633,21 @@ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
|
||||
X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
|
||||
int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
|
||||
|
||||
int X509_STORE_load_file(X509_STORE *ctx, const char *file);
|
||||
int X509_STORE_load_path(X509_STORE *ctx, const char *path);
|
||||
int X509_STORE_load_store(X509_STORE *ctx, const char *store);
|
||||
int X509_STORE_load_locations(X509_STORE *ctx,
|
||||
const char *file,
|
||||
const char *dir);
|
||||
int X509_STORE_set_default_paths(X509_STORE *ctx);
|
||||
int X509_STORE_load_file(X509_STORE *xs, const char *file);
|
||||
int X509_STORE_load_path(X509_STORE *xs, const char *path);
|
||||
int X509_STORE_load_store(X509_STORE *xs, const char *store);
|
||||
int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
|
||||
int X509_STORE_set_default_paths(X509_STORE *xs);
|
||||
|
||||
int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
|
||||
int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
|
||||
int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
|
||||
const char *dir, OSSL_LIB_CTX *libctx,
|
||||
const char *propq);
|
||||
int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
|
||||
const char *propq);
|
||||
int X509_STORE_load_locations_ex(X509_STORE *xs,
|
||||
const char *file, const char *dir,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
int X509_STORE_set_default_paths_ex(X509_STORE *xs,
|
||||
OSSL_LIB_CTX *libctx, const char *propq);
|
||||
|
||||
#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
|
||||
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user