Lines Matching defs:cert
54 X509Pointer SSL_CTX_get_issuer(SSL_CTX* ctx, X509* cert) {
62 X509_STORE_CTX_get1_issuer(&issuer, store_ctx.get(), cert) == 1) {
131 // Allow no-cert for PSK authentication in TLS1.2 and lower.
266 X509* cert = SSL_get_certificate(ssl.get());
267 if (cert == nullptr)
270 MaybeLocal<Object> maybe_cert = X509ToObject(env, cert);
317 StackOfX509 CloneSSLCerts(X509Pointer&& cert,
321 if (cert && !sk_X509_push(peer_certs.get(), cert.release()))
324 X509Pointer cert(X509_dup(sk_X509_value(ssl_certs, i)));
325 if (!cert || !sk_X509_push(peer_certs.get(), cert.get()))
327 // `cert` is now managed by the stack.
328 cert.release();
334 X509Pointer* cert,
339 cert->reset(sk_X509_delete(peer_certs.get(), 0));
344 if (X509_check_issued(ca, cert->get()) != X509_V_OK)
356 // NOTE: Intentionally freeing cert that is not used anymore.
357 // Delete cert and continue aggregating issuers.
358 cert->reset(sk_X509_delete(peer_certs.get(), i));
370 X509Pointer* cert,
375 while (X509_check_issued(cert->get(), cert->get()) != X509_V_OK) {
377 if (!(ca = SSL_CTX_get_issuer(SSL_get_SSL_CTX(ssl.get()), cert->get())))
393 if (cert->get() == ca.get()) break;
395 // Delete previous cert and continue aggregating issuers.
396 *cert = std::move(ca);
495 MaybeLocal<Value> GetRawDERCertificate(Environment* env, X509* cert) {
496 int size = i2d_X509(cert, nullptr);
505 CHECK_GE(i2d_X509(cert, &serialized), 0);
511 MaybeLocal<Value> GetSerialNumber(Environment* env, X509* cert) {
512 if (ASN1_INTEGER* serial_number = X509_get_serialNumber(cert)) {
524 MaybeLocal<Value> GetKeyUsage(Environment* env, X509* cert) {
526 X509_get_ext_d2i(cert, NID_ext_key_usage, nullptr, nullptr)));
560 X509* cert) {
565 if (X509_digest(cert, method, md, &md_size)) {
574 X509* cert,
576 ASN1_TIME_print(bio.get(), X509_get0_notAfter(cert));
582 X509* cert,
584 ASN1_TIME_print(bio.get(), X509_get0_notBefore(cert));
876 X509* cert,
878 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
882 X509_EXTENSION* ext = X509_get_ext(cert, index);
894 X509* cert,
896 int index = X509_get_ext_by_NID(cert, NID_info_access, -1);
900 X509_EXTENSION* ext = X509_get_ext(cert, index);
912 X509* cert,
914 X509_NAME* issuer_name = X509_get_issuer_name(cert);
928 X509* cert,
932 X509_get_subject_name(cert),
943 static MaybeLocal<Value> GetX509NameObject(Environment* env, X509* cert) {
944 X509_NAME* name = get_name(cert);
1201 X509Pointer cert(is_server ? SSL_get_peer_certificate(ssl.get()) : nullptr);
1203 if (!cert && (ssl_certs == nullptr || sk_X509_num(ssl_certs) == 0))
1209 X509ToObject(env, cert ? cert.get() : sk_X509_value(ssl_certs, 0));
1213 StackOfX509 peer_certs = CloneSSLCerts(std::move(cert), ssl_certs);
1229 &cert,
1238 &cert,
1248 if (X509_check_issued(cert.get(), cert.get()) == X509_V_OK &&
1261 X509* cert) {
1270 auto is_ca = Boolean::New(env->isolate(), 1 == X509_check_ca(cert));
1274 GetX509NameObject<X509_get_subject_name>(env, cert)) ||
1278 GetX509NameObject<X509_get_issuer_name>(env, cert)) ||
1282 GetSubjectAltNameString(env, cert, bio)) ||
1286 GetInfoAccessString(env, cert, bio)) ||
1291 EVPKeyPointer pkey(X509_get_pubkey(cert));
1366 GetValidFrom(env, cert, bio)) ||
1370 GetValidTo(env, cert, bio))) {
1380 GetFingerprintDigest(env, EVP_sha1(), cert)) ||
1384 GetFingerprintDigest(env, EVP_sha256(), cert)) ||
1388 GetFingerprintDigest(env, EVP_sha512(), cert)) ||
1390 context, info, env->ext_key_usage_string(), GetKeyUsage(env, cert)) ||
1394 GetSerialNumber(env, cert)) ||
1396 context, info, env->raw_string(), GetRawDERCertificate(env, cert))) {