Lines Matching refs:issuer
366 /* Check that issuer public key algorithm matches subject signature algorithm */
545 /* Handle subject key identifier and issuer/authority key identifier */
554 /* Check if subject name matches issuer */
894 * This can be used to prune a set of possible issuer certificates which
897 * 1. issuer_name(subject) == subject_name(issuer)
898 * 2. If akid(subject) exists, it matches the respective issuer fields.
899 * 3. subject signature algorithm == issuer public key algorithm
900 * 4. If key_usage(issuer) exists, it allows for signing subject.
905 int X509_check_issued(X509 *issuer, X509 *subject)
909 if ((ret = ossl_x509_likely_issued(issuer, subject)) != X509_V_OK)
911 return ossl_x509_signing_allowed(issuer, subject);
915 int ossl_x509_likely_issued(X509 *issuer, X509 *subject)
919 if (X509_NAME_cmp(X509_get_subject_name(issuer),
923 /* set issuer->skid and subject->akid */
924 if (!ossl_x509v3_cache_extensions(issuer)
928 ret = X509_check_akid(issuer, subject->akid);
932 /* Check if the subject signature alg matches the issuer's PUBKEY alg */
933 return check_sig_alg_match(X509_get0_pubkey(issuer), subject);
937 * Check if certificate I<issuer> is allowed to issue certificate I<subject>
938 * according to the B<keyUsage> field of I<issuer> if present
943 int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject)
946 if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
948 } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
953 int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid)
959 if (akid->keyid && issuer->skid &&
960 ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))
964 ASN1_INTEGER_cmp(X509_get0_serialNumber(issuer), akid->serial))
966 /* Check issuer name */
967 if (akid->issuer) {
977 gens = akid->issuer;
985 if (nm != NULL && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)) != 0)
1039 return (x->akid != NULL ? x->akid->issuer : NULL);