Lines Matching refs:SSL
4 * This package is an SSL implementation written
6 * The implementation was written so as to conform with Netscapes SSL.
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
115 #include <openssl/ssl.h>
137 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
154 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
235 static void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg),
261 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
266 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
274 OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
298 OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
303 OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD);
311 OPENSSL_PUT_ERROR(SSL, SSL_R_CERTIFICATE_AND_PRIVATE_KEY_MISMATCH);
343 int SSL_set_chain_and_key(SSL *ssl, CRYPTO_BUFFER *const *certs,
346 return cert_set_chain_and_key(ssl->cert, certs, num_certs, privkey,
408 int SSL_use_certificate_ASN1(SSL *ssl, const uint8_t *der, size_t der_len) {
414 const int ok = ssl_set_cert(ssl->cert, buffer);
419 int ssl_has_certificate(const SSL *ssl) {
420 return ssl->cert->chain != NULL &&
421 sk_CRYPTO_BUFFER_value(ssl->cert->chain, 0) != NULL &&
422 ssl_has_private_key(ssl);
435 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
442 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
451 OPENSSL_PUT_ERROR(SSL, SSL_R_CERT_LENGTH_MISMATCH);
478 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
492 int ssl_add_cert_chain(SSL *ssl, CBB *cbb) {
493 if (!ssl_has_certificate(ssl)) {
499 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
503 STACK_OF(CRYPTO_BUFFER) *chain = ssl->cert->chain;
511 OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
567 OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
606 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
612 OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CERTIFICATE_ASSIGNED);
691 OPENSSL_PUT_ERROR(SSL, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
702 OPENSSL_PUT_ERROR(SSL, SSL_R_CANNOT_PARSE_LEAF_CERT);
707 ssl_parse_client_CA_list(SSL *ssl, uint8_t *out_alert, CBS *cbs) {
708 CRYPTO_BUFFER_POOL *const pool = ssl->ctx->pool;
713 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
720 OPENSSL_PUT_ERROR(SSL, SSL_R_LENGTH_MISMATCH);
728 OPENSSL_PUT_ERROR(SSL, SSL_R_CA_DN_TOO_LONG);
738 OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
743 if (!ssl->ctx->x509_method->check_client_CA_list(ret)) {
745 OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
756 int ssl_add_client_CA_list(SSL *ssl, CBB *cbb) {
762 STACK_OF(CRYPTO_BUFFER) *names = ssl->client_CA;
764 names = ssl->ctx->client_CA;
783 void SSL_CTX_set_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, void *arg),
788 void SSL_set_cert_cb(SSL *ssl, int (*cb)(SSL *ssl, void *arg), void *arg) {
789 ssl_cert_set_cert_cb(ssl->cert, cb, arg);
792 STACK_OF(CRYPTO_BUFFER) *SSL_get0_peer_certificates(const SSL *ssl) {
793 SSL_SESSION *session = SSL_get_session(ssl);
801 STACK_OF(CRYPTO_BUFFER) *SSL_get0_server_requested_CAs(const SSL *ssl) {
802 if (ssl->s3->hs == NULL) {
805 return ssl->s3->hs->ca_names;
810 SSL *const ssl = hs->ssl;
811 assert(ssl3_protocol_version(ssl) < TLS1_3_VERSION);
815 OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CERTIFICATE_TYPE);
839 !tls1_check_group_id(ssl, group_id) ||
841 OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_ECC_CERT);
850 SSL *const ssl = hs->ssl;
851 if (!ssl_has_certificate(ssl)) {
856 if (!ssl->ctx->x509_method->ssl_auto_chain_if_needed(ssl)) {
861 CRYPTO_BUFFER_init_CBS(sk_CRYPTO_BUFFER_value(ssl->cert->chain, 0), &leaf);
873 OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SCT_LIST);
888 int SSL_set_signed_cert_timestamp_list(SSL *ssl, const uint8_t *list,
890 return set_signed_cert_timestamp_list(ssl->cert, list, list_len);
900 int SSL_set_ocsp_response(SSL *ssl, const uint8_t *response,
902 CRYPTO_BUFFER_free(ssl->cert->ocsp_response);
903 ssl->cert->ocsp_response = CRYPTO_BUFFER_new(response, response_len, NULL);
904 return ssl->cert->ocsp_response != NULL;
