Symaptic: os/ossrv/ssl/libcrypto/src/crypto/x509/x509

sl@0	1	/* crypto/x509/x509_lu.c */
sl@0	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
sl@0	3	* All rights reserved.
sl@0	4	*
sl@0	5	* This package is an SSL implementation written
sl@0	6	* by Eric Young (eay@cryptsoft.com).
sl@0	7	* The implementation was written so as to conform with Netscapes SSL.
sl@0	8	*
sl@0	9	* This library is free for commercial and non-commercial use as long as
sl@0	10	* the following conditions are aheared to. The following conditions
sl@0	11	* apply to all code found in this distribution, be it the RC4, RSA,
sl@0	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
sl@0	13	* included with this distribution is covered by the same copyright terms
sl@0	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
sl@0	15	*
sl@0	16	* Copyright remains Eric Young's, and as such any Copyright notices in
sl@0	17	* the code are not to be removed.
sl@0	18	* If this package is used in a product, Eric Young should be given attribution
sl@0	19	* as the author of the parts of the library used.
sl@0	20	* This can be in the form of a textual message at program startup or
sl@0	21	* in documentation (online or textual) provided with the package.
sl@0	22	*
sl@0	23	* Redistribution and use in source and binary forms, with or without
sl@0	24	* modification, are permitted provided that the following conditions
sl@0	25	* are met:
sl@0	26	* 1. Redistributions of source code must retain the copyright
sl@0	27	* notice, this list of conditions and the following disclaimer.
sl@0	28	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	29	* notice, this list of conditions and the following disclaimer in the
sl@0	30	* documentation and/or other materials provided with the distribution.
sl@0	31	* 3. All advertising materials mentioning features or use of this software
sl@0	32	* must display the following acknowledgement:
sl@0	33	* "This product includes cryptographic software written by
sl@0	34	* Eric Young (eay@cryptsoft.com)"
sl@0	35	* The word 'cryptographic' can be left out if the rouines from the library
sl@0	36	* being used are not cryptographic related :-).
sl@0	37	* 4. If you include any Windows specific code (or a derivative thereof) from
sl@0	38	* the apps directory (application code) you must include an acknowledgement:
sl@0	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
sl@0	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
sl@0	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	51	* SUCH DAMAGE.
sl@0	52	*
sl@0	53	* The licence and distribution terms for any publically available version or
sl@0	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
sl@0	55	* copied and put under another distribution licence
sl@0	56	* [including the GNU Public Licence.]
sl@0	57	*/
sl@0	58
sl@0	59	#include <stdio.h>
sl@0	60	#include "cryptlib.h"
sl@0	61	#include <openssl/lhash.h>
sl@0	62	#include <openssl/x509.h>
sl@0	63	#include <openssl/x509v3.h>
sl@0	64
sl@0	65	EXPORT_C X509_LOOKUP X509_LOOKUP_new(X509_LOOKUP_METHOD method)
sl@0	66	{
sl@0	67	X509_LOOKUP *ret;
sl@0	68
sl@0	69	ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
sl@0	70	if (ret == NULL) return NULL;
sl@0	71
sl@0	72	ret->init=0;
sl@0	73	ret->skip=0;
sl@0	74	ret->method=method;
sl@0	75	ret->method_data=NULL;
sl@0	76	ret->store_ctx=NULL;
sl@0	77	if ((method->new_item != NULL) && !method->new_item(ret))
sl@0	78	{
sl@0	79	OPENSSL_free(ret);
sl@0	80	return NULL;
sl@0	81	}
sl@0	82	return ret;
sl@0	83	}
sl@0	84
sl@0	85	EXPORT_C void X509_LOOKUP_free(X509_LOOKUP *ctx)
sl@0	86	{
sl@0	87	if (ctx == NULL) return;
sl@0	88	if ( (ctx->method != NULL) &&
sl@0	89	(ctx->method->free != NULL))
sl@0	90	ctx->method->free(ctx);
sl@0	91	OPENSSL_free(ctx);
sl@0	92	}
sl@0	93
sl@0	94	EXPORT_C int X509_LOOKUP_init(X509_LOOKUP *ctx)
sl@0	95	{
sl@0	96	if (ctx->method == NULL) return 0;
sl@0	97	if (ctx->method->init != NULL)
sl@0	98	return ctx->method->init(ctx);
sl@0	99	else
sl@0	100	return 1;
sl@0	101	}
sl@0	102
sl@0	103	EXPORT_C int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
sl@0	104	{
sl@0	105	if (ctx->method == NULL) return 0;
sl@0	106	if (ctx->method->shutdown != NULL)
sl@0	107	return ctx->method->shutdown(ctx);
sl@0	108	else
sl@0	109	return 1;
sl@0	110	}
sl@0	111
sl@0	112	EXPORT_C int X509_LOOKUP_ctrl(X509_LOOKUP ctx, int cmd, const char argc, long argl,
sl@0	113	char **ret)
sl@0	114	{
sl@0	115	if (ctx->method == NULL) return -1;
sl@0	116	if (ctx->method->ctrl != NULL)
sl@0	117	return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
sl@0	118	else
sl@0	119	return 1;
sl@0	120	}
sl@0	121
sl@0	122	EXPORT_C int X509_LOOKUP_by_subject(X509_LOOKUP ctx, int type, X509_NAME name,
sl@0	123	X509_OBJECT *ret)
sl@0	124	{
sl@0	125	if ((ctx->method == NULL) \|\| (ctx->method->get_by_subject == NULL))
sl@0	126	return X509_LU_FAIL;
sl@0	127	if (ctx->skip) return 0;
sl@0	128	return ctx->method->get_by_subject(ctx,type,name,ret);
sl@0	129	}
sl@0	130
sl@0	131	EXPORT_C int X509_LOOKUP_by_issuer_serial(X509_LOOKUP ctx, int type, X509_NAME name,
sl@0	132	ASN1_INTEGER serial, X509_OBJECT ret)
sl@0	133	{
sl@0	134	if ((ctx->method == NULL) \|\|
sl@0	135	(ctx->method->get_by_issuer_serial == NULL))
sl@0	136	return X509_LU_FAIL;
sl@0	137	return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
sl@0	138	}
sl@0	139
sl@0	140	EXPORT_C int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
sl@0	141	unsigned char bytes, int len, X509_OBJECT ret)
sl@0	142	{
sl@0	143	if ((ctx->method == NULL) \|\| (ctx->method->get_by_fingerprint == NULL))
sl@0	144	return X509_LU_FAIL;
sl@0	145	return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
sl@0	146	}
sl@0	147
sl@0	148	EXPORT_C int X509_LOOKUP_by_alias(X509_LOOKUP ctx, int type, char str, int len,
sl@0	149	X509_OBJECT *ret)
sl@0	150	{
sl@0	151	if ((ctx->method == NULL) \|\| (ctx->method->get_by_alias == NULL))
sl@0	152	return X509_LU_FAIL;
sl@0	153	return ctx->method->get_by_alias(ctx,type,str,len,ret);
sl@0	154	}
sl@0	155
sl@0	156
sl@0	157	static int x509_object_cmp(const X509_OBJECT * const a, const X509_OBJECT const *b)
sl@0	158	{
sl@0	159	int ret;
sl@0	160
sl@0	161	ret=((a)->type - (b)->type);
sl@0	162	if (ret) return ret;
sl@0	163	switch ((*a)->type)
sl@0	164	{
sl@0	165	case X509_LU_X509:
sl@0	166	ret=X509_subject_name_cmp((a)->data.x509,(b)->data.x509);
sl@0	167	break;
sl@0	168	case X509_LU_CRL:
sl@0	169	ret=X509_CRL_cmp((a)->data.crl,(b)->data.crl);
sl@0	170	break;
sl@0	171	default:
sl@0	172	/* abort(); */
sl@0	173	return 0;
sl@0	174	}
sl@0	175	return ret;
sl@0	176	}
sl@0	177
sl@0	178	EXPORT_C X509_STORE *X509_STORE_new(void)
sl@0	179	{
sl@0	180	X509_STORE *ret;
sl@0	181
sl@0	182	if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
sl@0	183	return NULL;
sl@0	184	ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
sl@0	185	ret->cache=1;
sl@0	186	ret->get_cert_methods=sk_X509_LOOKUP_new_null();
sl@0	187	ret->verify=0;
sl@0	188	ret->verify_cb=0;
sl@0	189
sl@0	190	if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
sl@0	191	return NULL;
sl@0	192
sl@0	193	ret->get_issuer = 0;
sl@0	194	ret->check_issued = 0;
sl@0	195	ret->check_revocation = 0;
sl@0	196	ret->get_crl = 0;
sl@0	197	ret->check_crl = 0;
sl@0	198	ret->cert_crl = 0;
sl@0	199	ret->cleanup = 0;
sl@0	200
sl@0	201	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
sl@0	202	ret->references=1;
sl@0	203	return ret;
sl@0	204	}
sl@0	205
sl@0	206	static void cleanup(X509_OBJECT *a)
sl@0	207	{
sl@0	208	if (a->type == X509_LU_X509)
sl@0	209	{
sl@0	210	X509_free(a->data.x509);
sl@0	211	}
sl@0	212	else if (a->type == X509_LU_CRL)
sl@0	213	{
sl@0	214	X509_CRL_free(a->data.crl);
sl@0	215	}
sl@0	216	else
sl@0	217	{
sl@0	218	/* abort(); */
sl@0	219	}
sl@0	220
sl@0	221	OPENSSL_free(a);
sl@0	222	}
sl@0	223
sl@0	224	EXPORT_C void X509_STORE_free(X509_STORE *vfy)
sl@0	225	{
sl@0	226	int i;
sl@0	227	STACK_OF(X509_LOOKUP) *sk;
sl@0	228	X509_LOOKUP *lu;
sl@0	229
sl@0	230	if (vfy == NULL)
sl@0	231	return;
sl@0	232
sl@0	233	sk=vfy->get_cert_methods;
sl@0	234	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
sl@0	235	{
sl@0	236	lu=sk_X509_LOOKUP_value(sk,i);
sl@0	237	X509_LOOKUP_shutdown(lu);
sl@0	238	X509_LOOKUP_free(lu);
sl@0	239	}
sl@0	240	sk_X509_LOOKUP_free(sk);
sl@0	241	sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
sl@0	242
sl@0	243	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
sl@0	244	if (vfy->param)
sl@0	245	X509_VERIFY_PARAM_free(vfy->param);
sl@0	246	OPENSSL_free(vfy);
sl@0	247	}
sl@0	248
sl@0	249	EXPORT_C X509_LOOKUP X509_STORE_add_lookup(X509_STORE v, X509_LOOKUP_METHOD *m)
sl@0	250	{
sl@0	251	int i;
sl@0	252	STACK_OF(X509_LOOKUP) *sk;
sl@0	253	X509_LOOKUP *lu;
sl@0	254
sl@0	255	sk=v->get_cert_methods;
sl@0	256	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
sl@0	257	{
sl@0	258	lu=sk_X509_LOOKUP_value(sk,i);
sl@0	259	if (m == lu->method)
sl@0	260	{
sl@0	261	return lu;
sl@0	262	}
sl@0	263	}
sl@0	264	/* a new one */
sl@0	265	lu=X509_LOOKUP_new(m);
sl@0	266	if (lu == NULL)
sl@0	267	return NULL;
sl@0	268	else
sl@0	269	{
sl@0	270	lu->store_ctx=v;
sl@0	271	if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
sl@0	272	return lu;
sl@0	273	else
sl@0	274	{
sl@0	275	X509_LOOKUP_free(lu);
sl@0	276	return NULL;
sl@0	277	}
sl@0	278	}
sl@0	279	}
sl@0	280
sl@0	281	EXPORT_C int X509_STORE_get_by_subject(X509_STORE_CTX vs, int type, X509_NAME name,
sl@0	282	X509_OBJECT *ret)
sl@0	283	{
sl@0	284	X509_STORE *ctx=vs->ctx;
sl@0	285	X509_LOOKUP *lu;
sl@0	286	X509_OBJECT stmp,*tmp;
sl@0	287	int i,j;
sl@0	288
sl@0	289	tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
sl@0	290
sl@0	291	if (tmp == NULL)
sl@0	292	{
sl@0	293	for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
sl@0	294	{
sl@0	295	lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
sl@0	296	j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
sl@0	297	if (j < 0)
sl@0	298	{
sl@0	299	vs->current_method=j;
sl@0	300	return j;
sl@0	301	}
sl@0	302	else if (j)
sl@0	303	{
sl@0	304	tmp= &stmp;
sl@0	305	break;
sl@0	306	}
sl@0	307	}
sl@0	308	vs->current_method=0;
sl@0	309	if (tmp == NULL)
sl@0	310	return 0;
sl@0	311	}
sl@0	312
sl@0	313	/* if (ret->data.ptr != NULL)
sl@0	314	X509_OBJECT_free_contents(ret); */
sl@0	315
sl@0	316	ret->type=tmp->type;
sl@0	317	ret->data.ptr=tmp->data.ptr;
sl@0	318
sl@0	319	X509_OBJECT_up_ref_count(ret);
sl@0	320
sl@0	321	return 1;
sl@0	322	}
sl@0	323
sl@0	324	EXPORT_C int X509_STORE_add_cert(X509_STORE ctx, X509 x)
sl@0	325	{
sl@0	326	X509_OBJECT *obj;
sl@0	327	int ret=1;
sl@0	328
sl@0	329	if (x == NULL) return 0;
sl@0	330	obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
sl@0	331	if (obj == NULL)
sl@0	332	{
sl@0	333	X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
sl@0	334	return 0;
sl@0	335	}
sl@0	336	obj->type=X509_LU_X509;
sl@0	337	obj->data.x509=x;
sl@0	338
sl@0	339	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
sl@0	340
sl@0	341	X509_OBJECT_up_ref_count(obj);
sl@0	342
sl@0	343
sl@0	344	if (X509_OBJECT_retrieve_match(ctx->objs, obj))
sl@0	345	{
sl@0	346	X509_OBJECT_free_contents(obj);
sl@0	347	OPENSSL_free(obj);
sl@0	348	X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
sl@0	349	ret=0;
sl@0	350	}
sl@0	351	else sk_X509_OBJECT_push(ctx->objs, obj);
sl@0	352
sl@0	353	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
sl@0	354
sl@0	355	return ret;
sl@0	356	}
sl@0	357
sl@0	358	EXPORT_C int X509_STORE_add_crl(X509_STORE ctx, X509_CRL x)
sl@0	359	{
sl@0	360	X509_OBJECT *obj;
sl@0	361	int ret=1;
sl@0	362
sl@0	363	if (x == NULL) return 0;
sl@0	364	obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
sl@0	365	if (obj == NULL)
sl@0	366	{
sl@0	367	X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
sl@0	368	return 0;
sl@0	369	}
sl@0	370	obj->type=X509_LU_CRL;
sl@0	371	obj->data.crl=x;
sl@0	372
sl@0	373	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
sl@0	374
sl@0	375	X509_OBJECT_up_ref_count(obj);
sl@0	376
sl@0	377	if (X509_OBJECT_retrieve_match(ctx->objs, obj))
sl@0	378	{
sl@0	379	X509_OBJECT_free_contents(obj);
sl@0	380	OPENSSL_free(obj);
sl@0	381	X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
sl@0	382	ret=0;
sl@0	383	}
sl@0	384	else sk_X509_OBJECT_push(ctx->objs, obj);
sl@0	385
sl@0	386	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
sl@0	387
sl@0	388	return ret;
sl@0	389	}
sl@0	390
sl@0	391	EXPORT_C void X509_OBJECT_up_ref_count(X509_OBJECT *a)
sl@0	392	{
sl@0	393	switch (a->type)
sl@0	394	{
sl@0	395	case X509_LU_X509:
sl@0	396	CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
sl@0	397	break;
sl@0	398	case X509_LU_CRL:
sl@0	399	CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
sl@0	400	break;
sl@0	401	}
sl@0	402	}
sl@0	403
sl@0	404	EXPORT_C void X509_OBJECT_free_contents(X509_OBJECT *a)
sl@0	405	{
sl@0	406	switch (a->type)
sl@0	407	{
sl@0	408	case X509_LU_X509:
sl@0	409	X509_free(a->data.x509);
sl@0	410	break;
sl@0	411	case X509_LU_CRL:
sl@0	412	X509_CRL_free(a->data.crl);
sl@0	413	break;
sl@0	414	}
sl@0	415	}
sl@0	416
sl@0	417	EXPORT_C int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
sl@0	418	X509_NAME *name)
sl@0	419	{
sl@0	420	X509_OBJECT stmp;
sl@0	421	X509 x509_s;
sl@0	422	X509_CINF cinf_s;
sl@0	423	X509_CRL crl_s;
sl@0	424	X509_CRL_INFO crl_info_s;
sl@0	425
sl@0	426	stmp.type=type;
sl@0	427	switch (type)
sl@0	428	{
sl@0	429	case X509_LU_X509:
sl@0	430	stmp.data.x509= &x509_s;
sl@0	431	x509_s.cert_info= &cinf_s;
sl@0	432	cinf_s.subject=name;
sl@0	433	break;
sl@0	434	case X509_LU_CRL:
sl@0	435	stmp.data.crl= &crl_s;
sl@0	436	crl_s.crl= &crl_info_s;
sl@0	437	crl_info_s.issuer=name;
sl@0	438	break;
sl@0	439	default:
sl@0	440	/* abort(); */
sl@0	441	return -1;
sl@0	442	}
sl@0	443
sl@0	444	return sk_X509_OBJECT_find(h,&stmp);
sl@0	445	}
sl@0	446
sl@0	447	EXPORT_C X509_OBJECT X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) h, int type,
sl@0	448	X509_NAME *name)
sl@0	449	{
sl@0	450	int idx;
sl@0	451	idx = X509_OBJECT_idx_by_subject(h, type, name);
sl@0	452	if (idx==-1) return NULL;
sl@0	453	return sk_X509_OBJECT_value(h, idx);
sl@0	454	}
sl@0	455
sl@0	456	EXPORT_C X509_OBJECT X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) h, X509_OBJECT *x)
sl@0	457	{
sl@0	458	int idx, i;
sl@0	459	X509_OBJECT *obj;
sl@0	460	idx = sk_X509_OBJECT_find(h, x);
sl@0	461	if (idx == -1) return NULL;
sl@0	462	if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
sl@0	463	for (i = idx; i < sk_X509_OBJECT_num(h); i++)
sl@0	464	{
sl@0	465	obj = sk_X509_OBJECT_value(h, i);
sl@0	466	if (x509_object_cmp((const X509_OBJECT )&obj, (const X509_OBJECT )&x))
sl@0	467	return NULL;
sl@0	468	if ((x->type != X509_LU_X509) \|\| !X509_cmp(obj->data.x509, x->data.x509))
sl@0	469	return obj;
sl@0	470	}
sl@0	471	return NULL;
sl@0	472	}
sl@0	473
sl@0	474
sl@0	475	/* Try to get issuer certificate from store. Due to limitations
sl@0	476	* of the API this can only retrieve a single certificate matching
sl@0	477	* a given subject name. However it will fill the cache with all
sl@0	478	* matching certificates, so we can examine the cache for all
sl@0	479	* matches.
sl@0	480	*
sl@0	481	* Return values are:
sl@0	482	* 1 lookup successful.
sl@0	483	* 0 certificate not found.
sl@0	484	* -1 some other error.
sl@0	485	*/
sl@0	486
sl@0	487
sl@0	488	EXPORT_C int X509_STORE_CTX_get1_issuer(X509 *issuer, X509_STORE_CTX ctx, X509 *x)
sl@0	489	{
sl@0	490	X509_NAME *xn;
sl@0	491	X509_OBJECT obj, *pobj;
sl@0	492	int i, ok, idx;
sl@0	493	xn=X509_get_issuer_name(x);
sl@0	494	ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
sl@0	495	if (ok != X509_LU_X509)
sl@0	496	{
sl@0	497	if (ok == X509_LU_RETRY)
sl@0	498	{
sl@0	499	X509_OBJECT_free_contents(&obj);
sl@0	500	X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY);
sl@0	501	return -1;
sl@0	502	}
sl@0	503	else if (ok != X509_LU_FAIL)
sl@0	504	{
sl@0	505	X509_OBJECT_free_contents(&obj);
sl@0	506	/* not good :-(, break anyway */
sl@0	507	return -1;
sl@0	508	}
sl@0	509	return 0;
sl@0	510	}
sl@0	511	/* If certificate matches all OK */
sl@0	512	if (ctx->check_issued(ctx, x, obj.data.x509))
sl@0	513	{
sl@0	514	*issuer = obj.data.x509;
sl@0	515	return 1;
sl@0	516	}
sl@0	517	X509_OBJECT_free_contents(&obj);
sl@0	518	/* Else find index of first matching cert */
sl@0	519	idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
sl@0	520	/* This shouldn't normally happen since we already have one match */
sl@0	521	if (idx == -1) return 0;
sl@0	522
sl@0	523	/* Look through all matching certificates for a suitable issuer */
sl@0	524	for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
sl@0	525	{
sl@0	526	pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
sl@0	527	/* See if we've ran out of matches */
sl@0	528	if (pobj->type != X509_LU_X509) return 0;
sl@0	529	if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
sl@0	530	if (ctx->check_issued(ctx, x, pobj->data.x509))
sl@0	531	{
sl@0	532	*issuer = pobj->data.x509;
sl@0	533	X509_OBJECT_up_ref_count(pobj);
sl@0	534	return 1;
sl@0	535	}
sl@0	536	}
sl@0	537	return 0;
sl@0	538	}
sl@0	539
sl@0	540	EXPORT_C int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
sl@0	541	{
sl@0	542	return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
sl@0	543	}
sl@0	544
sl@0	545	EXPORT_C int X509_STORE_set_depth(X509_STORE *ctx, int depth)
sl@0	546	{
sl@0	547	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
sl@0	548	return 1;
sl@0	549	}
sl@0	550
sl@0	551	EXPORT_C int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
sl@0	552	{
sl@0	553	return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
sl@0	554	}
sl@0	555
sl@0	556	EXPORT_C int X509_STORE_set_trust(X509_STORE *ctx, int trust)
sl@0	557	{
sl@0	558	return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
sl@0	559	}
sl@0	560
sl@0	561	EXPORT_C int X509_STORE_set1_param(X509_STORE ctx, X509_VERIFY_PARAM param)
sl@0	562	{
sl@0	563	return X509_VERIFY_PARAM_set1(ctx->param, param);
sl@0	564	}
sl@0	565
sl@0	566	IMPLEMENT_STACK_OF(X509_LOOKUP)
sl@0	567	IMPLEMENT_STACK_OF(X509_OBJECT)

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200
changeset 0	bde4ae8d615e
permissions	-rw-r--r--