Lines Matching refs:CERT
135 CERT *ssl_cert_new(const SSL_X509_METHOD *x509_method) {
136 CERT *ret = OPENSSL_malloc(sizeof(CERT));
141 OPENSSL_memset(ret, 0, sizeof(CERT));
152 CERT *ssl_cert_dup(CERT *cert) {
153 CERT *ret = OPENSSL_malloc(sizeof(CERT));
158 OPENSSL_memset(ret, 0, sizeof(CERT));
160 ret->chain = sk_CRYPTO_BUFFER_deep_copy(cert->chain, buffer_up_ref,
163 if (cert->privatekey != NULL) {
164 EVP_PKEY_up_ref(cert->privatekey);
165 ret->privatekey = cert->privatekey;
168 ret->key_method = cert->key_method;
169 ret->x509_method = cert->x509_method;
171 if (cert->dh_tmp != NULL) {
172 ret->dh_tmp = DHparams_dup(cert->dh_tmp);
178 ret->dh_tmp_cb = cert->dh_tmp_cb;
180 if (cert->sigalgs != NULL) {
182 BUF_memdup(cert->sigalgs, cert->num_sigalgs * sizeof(cert->sigalgs[0]));
187 ret->num_sigalgs = cert->num_sigalgs;
189 ret->cert_cb = cert->cert_cb;
190 ret->cert_cb_arg = cert->cert_cb_arg;
192 ret->x509_method->cert_dup(ret, cert);
194 if (cert->signed_cert_timestamp_list != NULL) {
195 CRYPTO_BUFFER_up_ref(cert->signed_cert_timestamp_list);
196 ret->signed_cert_timestamp_list = cert->signed_cert_timestamp_list;
199 if (cert->ocsp_response != NULL) {
200 CRYPTO_BUFFER_up_ref(cert->ocsp_response);
201 ret->ocsp_response = cert->ocsp_response;
204 ret->sid_ctx_length = cert->sid_ctx_length;
205 OPENSSL_memcpy(ret->sid_ctx, cert->sid_ctx, sizeof(ret->sid_ctx));
215 void ssl_cert_clear_certs(CERT *cert) {
216 if (cert == NULL) {
220 cert->x509_method->cert_clear(cert);
222 sk_CRYPTO_BUFFER_pop_free(cert->chain, CRYPTO_BUFFER_free);
223 cert->chain = NULL;
224 EVP_PKEY_free(cert->privatekey);
225 cert->privatekey = NULL;
226 cert->key_method = NULL;
229 void ssl_cert_free(CERT *c) {
245 static void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg),
304 CERT *cert, CRYPTO_BUFFER *const *certs, size_t num_certs,
340 EVP_PKEY_free(cert->privatekey);
341 cert->privatekey = privkey;
345 cert->key_method = privkey_method;
347 sk_CRYPTO_BUFFER_pop_free(cert->chain, CRYPTO_BUFFER_free);
348 cert->chain = certs_sk;
356 return cert_set_chain_and_key(ssl->cert, certs, num_certs, privkey,
363 return cert_set_chain_and_key(ctx->cert, certs, num_certs, privkey,
367 int ssl_set_cert(CERT *cert, CRYPTO_BUFFER *buffer) {
368 switch (check_leaf_cert_and_privkey(buffer, cert->privatekey)) {
372 /* don't fail for a cert/key mismatch, just free current private key
373 * (when switching to a different cert & key, first this function should
375 EVP_PKEY_free(cert->privatekey);
376 cert->privatekey = NULL;
382 cert->x509_method->cert_flush_cached_leaf(cert);
384 if (cert->chain != NULL) {
385 CRYPTO_BUFFER_free(sk_CRYPTO_BUFFER_value(cert->chain, 0));
386 sk_CRYPTO_BUFFER_set(cert->chain, 0, buffer);
391 cert->chain = sk_CRYPTO_BUFFER_new_null();
392 if (cert->chain == NULL) {
396 if (!sk_CRYPTO_BUFFER_push(cert->chain, buffer)) {
397 sk_CRYPTO_BUFFER_free(cert->chain);
398 cert->chain = NULL;
413 const int ok = ssl_set_cert(ctx->cert, buffer);
424 const int ok = ssl_set_cert(ssl->cert, buffer);
430 return ssl->cert->chain != NULL &&
431 sk_CRYPTO_BUFFER_value(ssl->cert->chain, 0) != NULL &&
512 STACK_OF(CRYPTO_BUFFER) *chain = ssl->cert->chain;
616 int ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey) {
622 if (cert->chain == NULL ||
623 sk_CRYPTO_BUFFER_value(cert->chain, 0) == NULL) {
629 CRYPTO_BUFFER_init_CBS(sk_CRYPTO_BUFFER_value(cert->chain, 0), &cert_cbs);
797 ssl_cert_set_cert_cb(ctx->cert, cb, arg);
801 ssl_cert_set_cert_cb(ssl->cert, cb, arg);
862 static int set_signed_cert_timestamp_list(CERT *cert, const uint8_t *list,
871 CRYPTO_BUFFER_free(cert->signed_cert_timestamp_list);
872 cert->signed_cert_timestamp_list =
874 return cert->signed_cert_timestamp_list != NULL;
879 return set_signed_cert_timestamp_list(ctx->cert, list, list_len);
884 return set_signed_cert_timestamp_list(ssl->cert, list, list_len);
889 CRYPTO_BUFFER_free(ctx->cert->ocsp_response);
890 ctx->cert->ocsp_response = CRYPTO_BUFFER_new(response, response_len, NULL);
891 return ctx->cert->ocsp_response != NULL;
896 CRYPTO_BUFFER_free(ssl->cert->ocsp_response);
897 ssl->cert->ocsp_response = CRYPTO_BUFFER_new(response, response_len, NULL);
898 return ssl->cert->ocsp_response != NULL;
