openssl.c - OpenGrok cross reference for /third

Lines Matching refs:cert
1352           X509 *cert;
1356         params.cert = NULL;
1368           failf(data, "ssl engine cannot load client cert with id"
1375         if(!params.cert) {
1381         if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
1387         X509_free(params.cert); /* we don't need the handle any more... */
1483            * Note that sk_X509_pop() is used below to make sure the cert is
1645       /* Now we know that a key and cert have been set against
2104     infof(data, " subjectAltName: host \"%s\" matched cert's \"%s\"",
2146   bool dNSName = FALSE; /* if a dNSName field exists in the cert */
2147   bool iPAddress = FALSE; /* if a iPAddress field exists in the cert */
2228                   " subjectAltName: host \"%s\" matched cert's IP address!",
2296           failf(data, "SSL: illegal cert name field");
2346   X509 *cert;
2396   /* The authorized responder cert in the OCSP response MUST be signed by the
2397      peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
2398      no problem, but if it's an intermediate cert OpenSSL has a bug where it
2402   /* First make sure the peer cert chain includes both a peer and an issuer,
2403      and the OCSP response contains a responder cert. */
2407     /* Find issuer of responder cert and add it to the OCSP response chain */
2412           failf(data, "Could not add issuer cert to OCSP response");
2428   cert = SSL_get1_peer_certificate(backend->handle);
2429   if(!cert) {
2437     if(X509_check_issued(issuer, cert) == X509_V_OK) {
2438       id = OCSP_cert_to_id(EVP_sha1(), cert, issuer);
2442   X509_free(cert);
3061       infof(data, "SSL: Checking cert \"%s\"", cert_name);
3143         infof(data, "SSL: Imported cert \"%s\"", cert_name);
3310          are. This allows users to verify servers using the intermediate cert
4034 static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert,
4048   if(!cert)
4057     len1 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
4066     len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp);
4158  * Get the server cert, verify it and show it, etc., only call failf() if the
4288             failf(data, "SSL: Unable to open issuer cert (%s)",
4300           failf(data, "SSL: Unable to read issuer cert (%s)",
4376     /* when not strict, we don't bother about the verify cert problems */
4407    * verify the peer, ignore faults and failures from the server cert