xref: /third_party/openssl/crypto/ts/ts_rsp_verify.c

20                           X509 *signer, STACK_OF(X509) **chain);
37 static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
78  *      - Checks if there is one and only one signer.
80  *      - Check the extended key usage and key usage fields of the signer
86  *      - Returns the signer certificate in 'signer', if 'signer' is not NULL.
95     X509 *signer;
122      * Get hold of the signer certificate, search only internal certificates
128     signer = sk_X509_value(signers, 0);
136     if (!ts_verify_cert(store, untrusted, signer, &chain))
146     j = PKCS7_signatureVerify(p7bio, token, si, signer);
153         *signer_out = signer;
154         X509_up_ref(signer);
172                           X509 *signer, STACK_OF(X509) **chain)
184     if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted))
289  *      - Check if the TSA name matches the signer.
295     X509 *signer = NULL;
310         && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
333         && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
338         && !ts_check_signer_name(ctx->tsa_name, signer)) {
345     X509_free(signer);
538 static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
545         && X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0)
547     gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
557         gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);

Indexes created Thu Nov 07 10:32:03 CST 2024