Lines Matching refs:crl
64 unsigned int *preasons, X509_CRL *crl, X509 *x);
70 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
72 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
934 X509_CRL *crl = NULL, *dcrl = NULL;
952 ok = ctx->get_crl(ctx, &crl, x);
954 ok = get_crl_delta(ctx, &crl, &dcrl, x);
960 ctx->current_crl = crl;
961 ok = ctx->check_crl(ctx, crl);
978 ok = ctx->cert_crl(ctx, crl, x);
983 X509_CRL_free(crl);
985 crl = NULL;
997 X509_CRL_free(crl);
1005 static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
1017 ctx->current_crl = crl;
1019 i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
1034 if (X509_CRL_get0_nextUpdate(crl)) {
1035 i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
1063 X509_CRL *crl, *best_crl = NULL;
1067 crl = sk_X509_CRL_value(crls, i);
1069 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
1077 X509_CRL_get0_lastUpdate(crl)) == 0)
1086 best_crl = crl;
1202 unsigned int *preasons, X509_CRL *crl, X509 *x)
1210 if ((crl->idp_flags & IDP_INVALID) != 0)
1214 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
1216 } else if ((crl->idp_flags & IDP_REASONS) != 0) {
1218 if ((crl->idp_reasons & ~tmp_reasons) == 0)
1222 else if (crl->base_crl_number != NULL)
1225 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl)) != 0) {
1226 if ((crl->idp_flags & IDP_INDIRECT) == 0)
1232 if ((crl->flags & EXFLAG_CRITICAL) == 0)
1236 if (check_crl_time(ctx, crl, 0))
1240 crl_akid_check(ctx, crl, pissuer, &crl_score);
1247 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1261 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
1265 const X509_NAME *cnm = X509_CRL_get_issuer(crl);
1274 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1286 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1305 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1430 static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
1433 const X509_NAME *nm = X509_CRL_get_issuer(crl);
1450 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
1455 if ((crl->idp_flags & IDP_ONLYATTR) != 0)
1458 if ((crl->idp_flags & IDP_ONLYUSER) != 0)
1461 if ((crl->idp_flags & IDP_ONLYCA) != 0)
1464 *preasons = crl->idp_reasons;
1468 if (crldp_check_crlissuer(dp, crl, crl_score)) {
1469 if (crl->idp == NULL
1470 || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1476 return (crl->idp == NULL || crl->idp->distpoint == NULL)
1491 X509_CRL *crl = NULL, *dcrl = NULL;
1496 ok = get_crl_sk(ctx, &crl, &dcrl,
1505 if (skcrl == NULL && crl != NULL)
1508 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1514 if (crl != NULL) {
1518 *pcrl = crl;
1526 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
1558 if (crl->base_crl_number == NULL) {
1574 if ((crl->idp_flags & IDP_INVALID) != 0 &&
1580 !check_crl_time(ctx, crl, 1))
1590 int rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
1595 if (X509_CRL_verify(crl, ikey) <= 0 &&
1603 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
1614 && (crl->flags & EXFLAG_CRITICAL) != 0 &&
1621 if (X509_CRL_get0_by_cert(crl, &rev, x)) {
2025 X509_CRL *crl = NULL;
2066 crl = X509_CRL_new_ex(base->libctx, base->propq);
2067 if (crl == NULL || !X509_CRL_set_version(crl, X509_CRL_VERSION_2))
2070 if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
2073 if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
2075 if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
2079 if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
2089 if (!X509_CRL_add_ext(crl, ext, -1))
2109 if (!X509_CRL_add0_revoked(crl, rvtmp)) {
2116 if (skey != NULL && md != NULL && !X509_CRL_sign(crl, skey, md))
2119 return crl;
2123 X509_CRL_free(crl);