Lines Matching refs:CERT
208 X509 *cert = sk_X509_value(session->x509_chain, i);
209 if (!sk_X509_push(session->x509_chain_without_leaf, cert)) {
214 X509_up_ref(cert);
400 /* ssl_cert_set_chain sets elements 1.. of |cert->chain| to the serialised
402 * which case no change to |cert->chain| is made. It preverses the existing
403 * leaf from |cert->chain|, if any. */
404 static int ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) {
407 if (cert->chain != NULL) {
413 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain, 0);
439 sk_CRYPTO_BUFFER_pop_free(cert->chain, CRYPTO_BUFFER_free);
440 cert->chain = new_chain;
449 static void ssl_crypto_x509_cert_flush_cached_leaf(CERT *cert) {
450 X509_free(cert->x509_leaf);
451 cert->x509_leaf = NULL;
454 static void ssl_crypto_x509_cert_flush_cached_chain(CERT *cert) {
455 sk_X509_pop_free(cert->x509_chain, X509_free);
456 cert->x509_chain = NULL;
476 static void ssl_crypto_x509_cert_clear(CERT *cert) {
477 ssl_crypto_x509_cert_flush_cached_leaf(cert);
478 ssl_crypto_x509_cert_flush_cached_chain(cert);
480 X509_free(cert->x509_stash);
481 cert->x509_stash = NULL;
484 static void ssl_crypto_x509_cert_free(CERT *cert) {
485 ssl_crypto_x509_cert_clear(cert);
486 X509_STORE_free(cert->verify_store);
489 static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) {
490 if (cert->verify_store != NULL) {
491 X509_STORE_up_ref(cert->verify_store);
492 new_cert->verify_store = cert->verify_store;
636 if (ssl->cert->verify_store != NULL) {
637 verify_store = ssl->cert->verify_store;
717 ssl->cert->chain == NULL ||
718 sk_CRYPTO_BUFFER_num(ssl->cert->chain) > 1) {
723 X509_parse_from_buffer(sk_CRYPTO_BUFFER_value(ssl->cert->chain, 0));
744 const int ok = ssl_cert_set_chain(ssl->cert, ctx.chain);
750 ssl_crypto_x509_cert_flush_cached_chain(ssl->cert);
793 static int ssl_use_certificate(CERT *cert, X509 *x) {
804 const int ok = ssl_set_cert(cert, buffer);
811 return ssl_use_certificate(ssl->cert, x);
816 return ssl_use_certificate(ctx->cert, x);
819 /* ssl_cert_cache_leaf_cert sets |cert->x509_leaf|, if currently NULL, from the
820 * first element of |cert->chain|. */
821 static int ssl_cert_cache_leaf_cert(CERT *cert) {
822 assert(cert->x509_method);
824 if (cert->x509_leaf != NULL ||
825 cert->chain == NULL) {
829 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain, 0);
834 cert->x509_leaf = X509_parse_from_buffer(leaf);
835 return cert->x509_leaf != NULL;
838 static X509 *ssl_cert_get0_leaf(CERT *cert) {
839 if (cert->x509_leaf == NULL &&
840 !ssl_cert_cache_leaf_cert(cert)) {
844 return cert->x509_leaf;
849 return ssl_cert_get0_leaf(ssl->cert);
855 X509 *ret = ssl_cert_get0_leaf(ctx->cert);
860 static int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain) {
861 if (!ssl_cert_set_chain(cert, chain)) {
866 ssl_crypto_x509_cert_flush_cached_chain(cert);
870 static int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) {
871 if (!ssl_cert_set_chain(cert, chain)) {
875 ssl_crypto_x509_cert_flush_cached_chain(cert);
879 static int ssl_cert_append_cert(CERT *cert, X509 *x509) {
880 assert(cert->x509_method);
887 if (cert->chain != NULL) {
888 if (!sk_CRYPTO_BUFFER_push(cert->chain, buffer)) {
896 cert->chain = new_leafless_chain();
897 if (cert->chain == NULL ||
898 !sk_CRYPTO_BUFFER_push(cert->chain, buffer)) {
900 sk_CRYPTO_BUFFER_free(cert->chain);
901 cert->chain = NULL;
908 static int ssl_cert_add0_chain_cert(CERT *cert, X509 *x509) {
909 if (!ssl_cert_append_cert(cert, x509)) {
913 X509_free(cert->x509_stash);
914 cert->x509_stash = x509;
915 ssl_crypto_x509_cert_flush_cached_chain(cert);
919 static int ssl_cert_add1_chain_cert(CERT *cert, X509 *x509) {
920 if (!ssl_cert_append_cert(cert, x509)) {
924 ssl_crypto_x509_cert_flush_cached_chain(cert);
930 return ssl_cert_set0_chain(ctx->cert, chain);
935 return ssl_cert_set1_chain(ctx->cert, chain);
940 return ssl_cert_set0_chain(ssl->cert, chain);
945 return ssl_cert_set1_chain(ssl->cert, chain);
950 return ssl_cert_add0_chain_cert(ctx->cert, x509);
955 return ssl_cert_add1_chain_cert(ctx->cert, x509);
965 return ssl_cert_add0_chain_cert(ssl->cert, x509);
970 return ssl_cert_add1_chain_cert(ssl->cert, x509);
988 /* ssl_cert_cache_chain_certs fills in |cert->x509_chain| from elements 1.. of
989 * |cert->chain|. */
990 static int ssl_cert_cache_chain_certs(CERT *cert) {
991 assert(cert->x509_method);
993 if (cert->x509_chain != NULL ||
994 cert->chain == NULL ||
995 sk_CRYPTO_BUFFER_num(cert->chain) < 2) {
1004 for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(cert->chain); i++) {
1005 CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(cert->chain, i);
1014 cert->x509_chain = chain;
1025 const int ret = ssl_cert_cache_chain_certs(ctx->cert);
1033 *out_chain = ctx->cert->x509_chain;
1044 if (!ssl_cert_cache_chain_certs(ssl->cert)) {
1049 *out_chain = ssl->cert->x509_chain;
1328 return set_cert_store(&ctx->cert->verify_store, store, 0);
1333 return set_cert_store(&ctx->cert->verify_store, store, 1);
1338 return set_cert_store(&ssl->cert->verify_store, store, 0);
1343 return set_cert_store(&ssl->cert->verify_store, store, 1);
