Lines Matching refs:CERT
203 // ssl_cert_set_chain sets elements 1.. of |cert->chain| to the serialised
205 // which case no change to |cert->chain| is made. It preverses the existing
206 // leaf from |cert->chain|, if any.
207 static int ssl_cert_set_chain(CERT *cert, STACK_OF(X509) *chain) {
210 if (cert->chain != NULL) {
216 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain, 0);
241 sk_CRYPTO_BUFFER_pop_free(cert->chain, CRYPTO_BUFFER_free);
242 cert->chain = new_chain.release();
247 static void ssl_crypto_x509_cert_flush_cached_leaf(CERT *cert) {
248 X509_free(cert->x509_leaf);
249 cert->x509_leaf = NULL;
252 static void ssl_crypto_x509_cert_flush_cached_chain(CERT *cert) {
253 sk_X509_pop_free(cert->x509_chain, X509_free);
254 cert->x509_chain = NULL;
273 static void ssl_crypto_x509_cert_clear(CERT *cert) {
274 ssl_crypto_x509_cert_flush_cached_leaf(cert);
275 ssl_crypto_x509_cert_flush_cached_chain(cert);
277 X509_free(cert->x509_stash);
278 cert->x509_stash = NULL;
281 static void ssl_crypto_x509_cert_free(CERT *cert) {
282 ssl_crypto_x509_cert_clear(cert);
283 X509_STORE_free(cert->verify_store);
286 static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) {
287 if (cert->verify_store != NULL) {
288 X509_STORE_up_ref(cert->verify_store);
289 new_cert->verify_store = cert->verify_store;
304 for (CRYPTO_BUFFER *cert : sess->certs) {
305 UniquePtr<X509> x509(X509_parse_from_buffer(cert));
367 if (ssl->cert->verify_store != NULL) {
368 verify_store = ssl->cert->verify_store;
444 ssl->cert->chain == NULL ||
445 sk_CRYPTO_BUFFER_num(ssl->cert->chain) > 1) {
450 X509_parse_from_buffer(sk_CRYPTO_BUFFER_value(ssl->cert->chain, 0)));
469 if (!ssl_cert_set_chain(ssl->cert, ctx->chain)) {
473 ssl_crypto_x509_cert_flush_cached_chain(ssl->cert);
557 X509 *cert = sk_X509_value(session->x509_chain, i);
558 if (!sk_X509_push(session->x509_chain_without_leaf, cert)) {
563 X509_up_ref(cert);
719 static int ssl_use_certificate(CERT *cert, X509 *x) {
730 return ssl_set_cert(cert, std::move(buffer));
735 return ssl_use_certificate(ssl->cert, x);
740 return ssl_use_certificate(ctx->cert, x);
743 // ssl_cert_cache_leaf_cert sets |cert->x509_leaf|, if currently NULL, from the
744 // first element of |cert->chain|.
745 static int ssl_cert_cache_leaf_cert(CERT *cert) {
746 assert(cert->x509_method);
748 if (cert->x509_leaf != NULL ||
749 cert->chain == NULL) {
753 CRYPTO_BUFFER *leaf = sk_CRYPTO_BUFFER_value(cert->chain, 0);
758 cert->x509_leaf = X509_parse_from_buffer(leaf);
759 return cert->x509_leaf != NULL;
762 static X509 *ssl_cert_get0_leaf(CERT *cert) {
763 if (cert->x509_leaf == NULL &&
764 !ssl_cert_cache_leaf_cert(cert)) {
768 return cert->x509_leaf;
773 return ssl_cert_get0_leaf(ssl->cert);
779 return ssl_cert_get0_leaf(ctx->cert);
782 static int ssl_cert_set0_chain(CERT *cert, STACK_OF(X509) *chain) {
783 if (!ssl_cert_set_chain(cert, chain)) {
788 ssl_crypto_x509_cert_flush_cached_chain(cert);
792 static int ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) {
793 if (!ssl_cert_set_chain(cert, chain)) {
797 ssl_crypto_x509_cert_flush_cached_chain(cert);
801 static int ssl_cert_append_cert(CERT *cert, X509 *x509) {
802 assert(cert->x509_method);
809 if (cert->chain != NULL) {
810 return PushToStack(cert->chain, std::move(buffer));
813 cert->chain = new_leafless_chain();
814 if (cert->chain == NULL ||
815 !PushToStack(cert->chain, std::move(buffer))) {
816 sk_CRYPTO_BUFFER_free(cert->chain);
817 cert->chain = NULL;
824 static int ssl_cert_add0_chain_cert(CERT *cert, X509 *x509) {
825 if (!ssl_cert_append_cert(cert, x509)) {
829 X509_free(cert->x509_stash);
830 cert->x509_stash = x509;
831 ssl_crypto_x509_cert_flush_cached_chain(cert);
835 static int ssl_cert_add1_chain_cert(CERT *cert, X509 *x509) {
836 if (!ssl_cert_append_cert(cert, x509)) {
840 ssl_crypto_x509_cert_flush_cached_chain(cert);
846 return ssl_cert_set0_chain(ctx->cert, chain);
851 return ssl_cert_set1_chain(ctx->cert, chain);
856 return ssl_cert_set0_chain(ssl->cert, chain);
861 return ssl_cert_set1_chain(ssl->cert, chain);
866 return ssl_cert_add0_chain_cert(ctx->cert, x509);
871 return ssl_cert_add1_chain_cert(ctx->cert, x509);
881 return ssl_cert_add0_chain_cert(ssl->cert, x509);
886 return ssl_cert_add1_chain_cert(ssl->cert, x509);
904 // ssl_cert_cache_chain_certs fills in |cert->x509_chain| from elements 1.. of
905 // |cert->chain|.
906 static int ssl_cert_cache_chain_certs(CERT *cert) {
907 assert(cert->x509_method);
909 if (cert->x509_chain != NULL ||
910 cert->chain == NULL ||
911 sk_CRYPTO_BUFFER_num(cert->chain) < 2) {
920 for (size_t i = 1; i < sk_CRYPTO_BUFFER_num(cert->chain); i++) {
921 CRYPTO_BUFFER *buffer = sk_CRYPTO_BUFFER_value(cert->chain, i);
929 cert->x509_chain = chain.release();
936 if (!ssl_cert_cache_chain_certs(ctx->cert)) {
941 *out_chain = ctx->cert->x509_chain;
952 if (!ssl_cert_cache_chain_certs(ssl->cert)) {
957 *out_chain = ssl->cert->x509_chain;
1223 return set_cert_store(&ctx->cert->verify_store, store, 0);
1228 return set_cert_store(&ctx->cert->verify_store, store, 1);
1233 return set_cert_store(&ssl->cert->verify_store, store, 0);
1238 return set_cert_store(&ssl->cert->verify_store, store, 1);
