Lines Matching full:ctx
112 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
113 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
114 static int check_chain_extensions(X509_STORE_CTX *ctx);
115 static int check_name_constraints(X509_STORE_CTX *ctx);
116 static int check_trust(X509_STORE_CTX *ctx);
117 static int check_revocation(X509_STORE_CTX *ctx);
118 static int check_cert(X509_STORE_CTX *ctx);
119 static int check_policy(X509_STORE_CTX *ctx);
121 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
124 static int get_crl_delta(X509_STORE_CTX *ctx,
126 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score,
128 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
132 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
133 static int check_crl_chain(X509_STORE_CTX *ctx,
137 static int internal_verify(X509_STORE_CTX *ctx);
153 int X509_verify_cert(X509_STORE_CTX *ctx)
157 X509_VERIFY_PARAM *param = ctx->param;
162 if (ctx->cert == NULL)
168 cb=ctx->verify_cb;
172 if (ctx->chain == NULL)
174 if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
175 (!sk_X509_push(ctx->chain,ctx->cert)))
180 CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
181 ctx->last_untrusted=1;
185 if (ctx->untrusted != NULL
186 && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
192 num=sk_X509_num(ctx->chain);
193 x=sk_X509_value(ctx->chain,num-1);
207 if (ctx->check_issued(ctx, x,x)) break;
210 if (ctx->untrusted != NULL)
212 xtmp=find_issuer(ctx, sktmp,x);
215 if (!sk_X509_push(ctx->chain,xtmp))
222 ctx->last_untrusted++;
241 i=sk_X509_num(ctx->chain);
242 x=sk_X509_value(ctx->chain,i-1);
243 if (ctx->check_issued(ctx, x, x))
246 if (sk_X509_num(ctx->chain) == 1)
252 ok = ctx->get_issuer(&xtmp, ctx, x);
255 ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
256 ctx->current_cert=x;
257 ctx->error_depth=i-1;
260 ok=cb(0,ctx);
270 (void)sk_X509_set(ctx->chain, i - 1, x);
271 ctx->last_untrusted=0;
277 chain_ss=sk_X509_pop(ctx->chain);
278 ctx->last_untrusted--;
280 x=sk_X509_value(ctx->chain,num-1);
291 if (ctx->check_issued(ctx,x,x)) break;
293 ok = ctx->get_issuer(&xtmp, ctx, x);
299 if (!sk_X509_push(ctx->chain,x))
311 if (!ctx->check_issued(ctx,x,x))
313 if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
315 if (ctx->last_untrusted >= num)
316 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
318 ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
319 ctx->current_cert=x;
324 sk_X509_push(ctx->chain,chain_ss);
326 ctx->last_untrusted=num;
327 ctx->current_cert=chain_ss;
328 ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
332 ctx->error_depth=num-1;
334 ok=cb(0,ctx);
339 ok = check_chain_extensions(ctx);
345 ok = check_name_constraints(ctx);
351 if (param->trust > 0) ok = check_trust(ctx);
356 X509_get_pubkey_parameters(NULL,ctx->chain);
362 ok = ctx->check_revocation(ctx);
366 if (ctx->verify != NULL)
367 ok=ctx->verify(ctx);
369 ok=internal_verify(ctx);
374 ok = v3_asid_validate_path(ctx);
376 ok = v3_addr_validate_path(ctx);
381 if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
382 ok = ctx->check_policy(ctx);
387 X509_get_pubkey_parameters(NULL,ctx->chain);
398 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
405 if (ctx->check_issued(ctx, x, issuer))
413 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
419 /* If we haven't asked for issuer errors don't set ctx */
420 if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
423 ctx->error = ret;
424 ctx->current_cert = x;
425 ctx->current_issuer = issuer;
426 return ctx->verify_cb(0, ctx);
432 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
434 *issuer = find_issuer(ctx, ctx->other_ctx, x);
449 static int check_chain_extensions(X509_STORE_CTX *ctx)
460 cb=ctx->verify_cb;
473 if (ctx->parent)
481 !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
486 purpose = ctx->param->purpose;
490 for (i = 0; i < ctx->last_untrusted; i++)
493 x = sk_X509_value(ctx->chain, i);
494 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
497 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
498 ctx->error_depth = i;
499 ctx->current_cert = x;
500 ok=cb(0,ctx);
505 ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
506 ctx->error_depth = i;
507 ctx->current_cert = x;
508 ok=cb(0,ctx);
515 if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
519 ctx->error = X509_V_ERR_INVALID_CA;
528 ctx->error = X509_V_ERR_INVALID_NON_CA;
535 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
539 ctx->error = X509_V_ERR_INVALID_CA;
547 ctx->error_depth = i;
548 ctx->current_cert = x;
549 ok=cb(0,ctx);
552 if (ctx->param->purpose > 0)
556 || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
559 ctx->error = X509_V_ERR_INVALID_PURPOSE;
560 ctx->error_depth = i;
561 ctx->current_cert = x;
562 ok=cb(0,ctx);
571 ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
572 ctx->error_depth = i;
573 ctx->current_cert = x;
574 ok=cb(0,ctx);
588 ctx->error =
590 ctx->error_depth = i;
591 ctx->current_cert = x;
592 ok=cb(0,ctx);
607 static int check_name_constraints(X509_STORE_CTX *ctx)
612 for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
614 x = sk_X509_value(ctx->chain, i);
623 for (j = sk_X509_num(ctx->chain) - 1; j > i; j--)
625 NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
631 ctx->error = rv;
632 ctx->error_depth = i;
633 ctx->current_cert = x;
634 if (!ctx->verify_cb(0,ctx))
643 static int check_trust(X509_STORE_CTX *ctx)
651 cb=ctx->verify_cb;
653 i = sk_X509_num(ctx->chain) - 1;
654 x = sk_X509_value(ctx->chain, i);
655 ok = X509_check_trust(x, ctx->param->trust, 0);
658 ctx->error_depth = i;
659 ctx->current_cert = x;
661 ctx->error = X509_V_ERR_CERT_REJECTED;
663 ctx->error = X509_V_ERR_CERT_UNTRUSTED;
664 ok = cb(0, ctx);
669 static int check_revocation(X509_STORE_CTX *ctx)
672 if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
674 if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
675 last = sk_X509_num(ctx->chain) - 1;
679 if (ctx->parent)
685 ctx->error_depth = i;
686 ok = check_cert(ctx);
692 static int check_cert(X509_STORE_CTX *ctx)
697 cnum = ctx->error_depth;
698 x = sk_X509_value(ctx->chain, cnum);
699 ctx->current_cert = x;
700 ctx->current_issuer = NULL;
701 ctx->current_crl_score = 0;
702 ctx->current_reasons = 0;
703 while (ctx->current_reasons != CRLDP_ALL_REASONS)
706 if (ctx->get_crl)
707 ok = ctx->get_crl(ctx, &crl, x);
709 ok = get_crl_delta(ctx, &crl, &dcrl, x);
715 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
716 ok = ctx->verify_cb(0, ctx);
719 ctx->current_crl = crl;
720 ok = ctx->check_crl(ctx, crl);
726 ok = ctx->check_crl(ctx, dcrl);
729 ok = ctx->cert_crl(ctx, dcrl, x);
739 ok = ctx->cert_crl(ctx, crl, x);
753 ctx->current_crl = NULL;
760 static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
765 ctx->current_crl = crl;
766 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
767 ptime = &ctx->param->check_time;
776 ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
777 if (!ctx->verify_cb(0, ctx))
785 ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
786 if (!ctx->verify_cb(0, ctx))
798 ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
799 if (!ctx->verify_cb(0, ctx))
803 if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA))
807 ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
808 if (!ctx->verify_cb(0, ctx))
814 ctx->current_crl = NULL;
819 static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
825 X509 *x = ctx->current_cert;
833 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
858 get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
943 static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
948 if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
950 if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
957 if (check_crl_time(ctx, delta, 0))
974 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
988 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1015 if (check_crl_time(ctx, crl, 0))
1019 crl_akid_check(ctx, crl, pissuer, &crl_score);
1043 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
1048 int cidx = ctx->error_depth;
1051 if (cidx != sk_X509_num(ctx->chain) - 1)
1054 crl_issuer = sk_X509_value(ctx->chain, cidx);
1066 for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++)
1068 crl_issuer = sk_X509_value(ctx->chain, cidx);
1081 if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1087 for (i = 0; i < sk_X509_num(ctx->untrusted); i++)
1089 crl_issuer = sk_X509_value(ctx->untrusted, i);
1108 static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
1113 if (ctx->parent)
1115 if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
1118 crl_ctx.crls = ctx->crls;
1120 X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1122 crl_ctx.parent = ctx;
1123 crl_ctx.verify_cb = ctx->verify_cb;
1133 ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1147 static int check_crl_chain(X509_STORE_CTX *ctx,
1292 static int get_crl_delta(X509_STORE_CTX *ctx,
1302 reasons = ctx->current_reasons;
1303 ok = get_crl_sk(ctx, &crl, &dcrl,
1304 &issuer, &crl_score, &reasons, ctx->crls);
1311 skcrl = ctx->lookup_crls(ctx, nm);
1317 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1326 ctx->current_issuer = issuer;
1327 ctx->current_crl_score = crl_score;
1328 ctx->current_reasons = reasons;
1338 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
1343 cnum = ctx->error_depth;
1344 chnum = sk_X509_num(ctx->chain) - 1;
1346 if (ctx->current_issuer)
1347 issuer = ctx->current_issuer;
1353 issuer = sk_X509_value(ctx->chain, cnum + 1);
1356 issuer = sk_X509_value(ctx->chain, chnum);
1358 if(!ctx->check_issued(ctx, issuer, issuer))
1360 ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1361 ok = ctx->verify_cb(0, ctx);
1377 ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1378 ok = ctx->verify_cb(0, ctx);
1382 if (!(ctx->current_crl_score & CRL_SCORE_SCOPE))
1384 ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1385 ok = ctx->verify_cb(0, ctx);
1389 if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH))
1391 if (check_crl_path(ctx, ctx->current_issuer) <= 0)
1393 ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1394 ok = ctx->verify_cb(0, ctx);
1401 ctx->error = X509_V_ERR_INVALID_EXTENSION;
1402 ok = ctx->verify_cb(0, ctx);
1409 if (!(ctx->current_crl_score & CRL_SCORE_TIME))
1411 ok = check_crl_time(ctx, crl, 1);
1421 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1422 ok = ctx->verify_cb(0, ctx);
1430 ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
1431 ok = ctx->verify_cb(0, ctx);
1445 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
1456 if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1458 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1459 ok = ctx->verify_cb(0, ctx);
1470 ctx->error = X509_V_ERR_CERT_REVOKED;
1471 ok = ctx->verify_cb(0, ctx);
1479 static int check_policy(X509_STORE_CTX *ctx)
1482 if (ctx->parent)
1484 ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1485 ctx->param->policies, ctx->param->flags);
1499 for (i = 1; i < sk_X509_num(ctx->chain); i++)
1501 x = sk_X509_value(ctx->chain, i);
1504 ctx->current_cert = x;
1505 ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1506 if(!ctx->verify_cb(0, ctx))
1513 ctx->current_cert = NULL;
1514 ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1515 return ctx->verify_cb(0, ctx);
1518 if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY)
1520 ctx->current_cert = NULL;
1521 ctx->error = X509_V_OK;
1522 if (!ctx->verify_cb(2, ctx))
1529 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
1534 if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1535 ptime = &ctx->param->check_time;
1542 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1543 ctx->current_cert=x;
1544 if (!ctx->verify_cb(0, ctx))
1550 ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
1551 ctx->current_cert=x;
1552 if (!ctx->verify_cb(0, ctx))
1559 ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1560 ctx->current_cert=x;
1561 if (!ctx->verify_cb(0, ctx))
1567 ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
1568 ctx->current_cert=x;
1569 if (!ctx->verify_cb(0, ctx))
1576 static int internal_verify(X509_STORE_CTX *ctx)
1583 cb=ctx->verify_cb;
1585 n=sk_X509_num(ctx->chain);
1586 ctx->error_depth=n-1;
1588 xi=sk_X509_value(ctx->chain,n);
1590 if (ctx->check_issued(ctx, xi, xi))
1596 ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1597 ctx->current_cert=xi;
1598 ok=cb(0,ctx);
1604 ctx->error_depth=n;
1605 xs=sk_X509_value(ctx->chain,n);
1609 /* ctx->error=0; not needed */
1612 ctx->error_depth=n;
1618 if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)))
1622 ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1623 ctx->current_cert=xi;
1624 ok=(*cb)(0,ctx);
1629 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
1630 ctx->current_cert=xs;
1631 ok=(*cb)(0,ctx);
1644 ok = check_cert_time(ctx, xs);
1649 ctx->current_issuer=xi;
1650 ctx->current_cert=xs;
1651 ok=(*cb)(1,ctx);
1658 xs=sk_X509_value(ctx->chain,n);
1830 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
1832 return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
1835 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
1837 return CRYPTO_get_ex_data(&ctx->ex_data,idx);
1840 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
1842 return ctx->error;
1845 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
1847 ctx->error=err;
1850 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
1852 return ctx->error_depth;
1855 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
1857 return ctx->current_cert;
1860 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
1862 return ctx->chain;
1865 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
1870 if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
1879 X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
1881 return ctx->current_issuer;
1884 X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
1886 return ctx->current_crl;
1889 X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
1891 return ctx->parent;
1894 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
1896 ctx->cert=x;
1899 void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
1901 ctx->untrusted=sk;
1904 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
1906 ctx->crls=sk;
1909 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
1911 return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
1914 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
1916 return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
1922 * the ctx. If they aren't set then we will usually have a default
1929 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
1972 if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose;
1973 if (trust && !ctx->param->trust) ctx->param->trust = trust;
1979 X509_STORE_CTX *ctx;
1980 ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
1981 if (!ctx)
1986 memset(ctx, 0, sizeof(X509_STORE_CTX));
1987 return ctx;
1990 void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
1992 X509_STORE_CTX_cleanup(ctx);
1993 OPENSSL_free(ctx);
1996 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2000 ctx->ctx=store;
2001 ctx->current_method=0;
2002 ctx->cert=x509;
2003 ctx->untrusted=chain;
2004 ctx->crls = NULL;
2005 ctx->last_untrusted=0;
2006 ctx->other_ctx=NULL;
2007 ctx->valid=0;
2008 ctx->chain=NULL;
2009 ctx->error=0;
2010 ctx->explicit_policy=0;
2011 ctx->error_depth=0;
2012 ctx->current_cert=NULL;
2013 ctx->current_issuer=NULL;
2014 ctx->current_crl=NULL;
2015 ctx->current_crl_score=0;
2016 ctx->current_reasons=0;
2017 ctx->tree = NULL;
2018 ctx->parent = NULL;
2020 ctx->param = X509_VERIFY_PARAM_new();
2022 if (!ctx->param)
2034 ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
2036 ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
2040 ctx->verify_cb = store->verify_cb;
2041 ctx->cleanup = store->cleanup;
2044 ctx->cleanup = 0;
2047 ret = X509_VERIFY_PARAM_inherit(ctx->param,
2057 ctx
2059 ctx->check_issued = check_issued;
2062 ctx->get_issuer = store->get_issuer;
2064 ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2067 ctx->verify_cb = store->verify_cb;
2069 ctx->verify_cb = null_callback;
2072 ctx->verify = store->verify;
2074 ctx->verify = internal_verify;
2077 ctx->check_revocation = store->check_revocation;
2079 ctx->check_revocation = check_revocation;
2082 ctx->get_crl = store->get_crl;
2084 ctx->get_crl = NULL;
2087 ctx->check_crl = store->check_crl;
2089 ctx->check_crl = check_crl;
2092 ctx->cert_crl = store->cert_crl;
2094 ctx->cert_crl = cert_crl;
2097 ctx->lookup_certs = store->lookup_certs;
2099 ctx->lookup_certs = X509_STORE_get1_certs;
2102 ctx->lookup_crls = store->lookup_crls;
2104 ctx->lookup_crls = X509_STORE_get1_crls;
2106 ctx->check_policy = check_policy;
2112 /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
2113 if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
2114 &(ctx->ex_data)))
2116 OPENSSL_free(ctx);
2127 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2129 ctx->other_ctx = sk;
2130 ctx->get_issuer = get_issuer_sk;
2133 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
2135 if (ctx->cleanup) ctx->cleanup(ctx);
2136 if (ctx->param != NULL)
2138 if (ctx->parent == NULL)
2139 X509_VERIFY_PARAM_free(ctx->param);
2140 ctx->param=NULL;
2142 if (ctx->tree != NULL)
2144 X509_policy_tree_free(ctx->tree);
2145 ctx->tree=NULL;
2147 if (ctx->chain != NULL)
2149 sk_X509_pop_free(ctx->chain,X509_free);
2150 ctx->chain=NULL;
2152 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
2153 memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
2156 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
2158 X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2161 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
2163 X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2166 void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t)
2168 X509_VERIFY_PARAM_set_time(ctx->param, t);
2171 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2174 ctx->verify_cb=verify_cb;
2177 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
2179 return ctx->tree;
2182 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
2184 return ctx->explicit_policy;
2187 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
2193 return X509_VERIFY_PARAM_inherit(ctx->param, param);
2196 X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
2198 return ctx->param;
2201 void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
2203 if (ctx->param)
2204 X509_VERIFY_PARAM_free(ctx->param);
2205 ctx->param = param;
