Lines Matching refs:parent
2120 * Check the signature of a certificate by its parent
2123 mbedtls_x509_crt *parent,
2153 if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) {
2159 return mbedtls_pk_verify_restartable(&parent->pk,
2167 return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk,
2173 * Check if 'parent' is a suitable parent (signing CA) for 'child'.
2176 * top means parent is a locally-trusted certificate
2179 const mbedtls_x509_crt *parent,
2185 if (x509_name_cmp(&child->issuer, &parent->subject) != 0) {
2193 if (top && parent->version < 3) {
2197 if (need_ca_bit && !parent->ca_istrue) {
2202 mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) {
2210 * Find a suitable parent for child in candidates, or return NULL.
2237 * - [in] child: certificate for which we're looking for a parent
2239 * - [out] r_parent: parent found (or NULL)
2240 * - [out] r_signature_is_good: 1 if child signature by parent is valid, or 0
2264 mbedtls_x509_crt *parent, *fallback_parent;
2269 if (rs_ctx != NULL && rs_ctx->parent != NULL) {
2271 parent = rs_ctx->parent;
2276 rs_ctx->parent = NULL;
2288 for (parent = candidates; parent != NULL; parent = parent->next) {
2290 if (x509_crt_check_parent(child, parent, top) != 0) {
2295 if (parent->max_pathlen > 0 &&
2296 (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) {
2304 ret = x509_crt_check_signature(child, parent, rs_ctx);
2309 rs_ctx->parent = parent;
2326 if (mbedtls_x509_time_cmp(&parent->valid_to, now) < 0 || /* past */
2327 mbedtls_x509_time_cmp(&parent->valid_from, now) > 0) { /* future */
2329 fallback_parent = parent;
2339 *r_parent = parent;
2345 if (parent == NULL) {
2354 * Find a parent in trusted CAs or the provided chain, or return NULL.
2356 * Searches in trusted CAs first, and return the first suitable parent found
2360 * - [in] child: certificate for which we're looking for a parent, followed
2363 * - [out] parent: parent found (or NULL)
2364 * - [out] parent_is_trusted: 1 if returned `parent` is trusted, or 0
2365 * - [out] signature_is_good: 1 if child signature by parent is valid, or 0
2378 mbedtls_x509_crt **parent,
2403 parent, signature_is_good,
2418 if (*parent != NULL || *parent_is_trusted == 0) {
2427 if (*parent == NULL) {
2520 mbedtls_x509_crt *parent;
2620 /* Look for a parent in trusted CAs or up the chain */
2621 ret = x509_crt_find_parent(child, cur_trust_ca, &parent,
2639 /* No parent? We're done here */
2640 if (parent == NULL) {
2654 * and if parent is trusted it's not an intermediate CA */
2661 /* signature was checked while searching parent */
2667 if (x509_profile_check_key(profile, &parent->pk) != 0) {
2673 *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile, &now);
2679 child = parent;
2680 parent = NULL;
3268 ctx->parent = NULL;