Home | History | Annotate | Download | only in x509

Lines Matching defs:crl

302 	 * because they may be needed for CRL signature verification.
316 	/* RFC 3779 path validation, now that CRL check has been done */
585 	X509_CRL *crl = NULL;
591 	/* Try to retrieve relevant CRL */
592 	ok = ctx->get_crl(ctx, &crl, x);
593 	/* If error looking up CRL, nothing we can do except
602 	ctx->current_crl = crl;
603 	ok = ctx->check_crl(ctx, crl);
605 	ok = ctx->cert_crl(ctx, crl, x);
608 	X509_CRL_free(crl);
613 /* Check CRL times against values in X509_STORE_CTX */
615 static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
619 	ctx->current_crl = crl;
625 	i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
640 	if(X509_CRL_get_nextUpdate(crl))
642 		i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
665  * and validity. If we can't find a valid CRL return the last one
667  * we'd get a CRL not found error if a CRL existed with matching name but
675 	X509_CRL *crl, *best_crl = NULL;
678 		crl = sk_X509_CRL_value(crls, i);
679 		if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
681 		if (check_crl_time(ctx, crl, 0))
683 			*pcrl = crl;
684 			CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);
687 		best_crl = crl;
698 /* Retrieve CRL corresponding to certificate: currently just a
704 	X509_CRL *crl = NULL;
708 	ok = get_crl_sk(ctx, &crl, nm, ctx->crls);
711 		*pcrl = crl;
720 		if (crl)
722 			*pcrl = crl;
728 	*pcrl = xobj.data.crl;
729 	if (crl)
730 		X509_CRL_free(crl);
734 /* Check CRL validity */
735 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
742 	/* Find CRL issuer: if not last certificate then issuer
781 			/* Verify CRL signature */
782 			if(X509_CRL_verify(crl, ikey) <= 0)
791 	ok = check_crl_time(ctx, crl, 1);
802 /* Check certificate against CRL */
803 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
809 	/* Look for serial number of certificate in CRL */
814 	if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
817 		sk_X509_REVOKED_sort(crl->crl->revoked);
820 	idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
834 	/* See if we have any critical CRL extensions: since we
835 	 * currently don't handle any CRL extensions the CRL must be
841 	exts = crl->crl->extensions;