x509_vfy.c - OpenGrok cross reference for /third_party/openssl/crypto/x509/x509

Lines Matching refs:untrusted
256     if (ctx->cert == NULL && sk_X509_num(ctx->untrusted) >= 1)
257         ctx->cert = sk_X509_value(ctx->untrusted, 0);
887      * If no trusted certs in chain at all return untrusted and allow
1299      * untrusted certificates.
1301     for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1302         crl_issuer = sk_X509_value(ctx->untrusted, i);
1327     if (!X509_STORE_CTX_init(&crl_ctx, ctx->store, x, ctx->untrusted))
2334     ctx->untrusted = chain;
2517     return ctx->untrusted;
2522     ctx->untrusted = sk;
3004     /* Our chain starts with a single untrusted element. */
3008 #define S_DOUNTRUSTED (1 << 0) /* Search untrusted chain */
3012      * Set up search policy, untrusted if possible, trusted-first if enabled,
3017      * if no luck with untrusted first.
3019     search = ctx->untrusted != NULL ? S_DOUNTRUSTED : 0;
3028     /* Initialize empty untrusted stack. */
3034      * to our working copy of the untrusted certificate stack.
3041      * Shallow-copy the stack of untrusted certificates (with TLS, this is
3045     if (!X509_add_certs(sk_untrusted, ctx->untrusted, X509_ADD_FLAG_DEFAULT))
3069          * out of untrusted issuers and search here is not disabled.  When we
3086                  * trusted issuer of an untrusted certificate that currently
3087                  * has an untrusted issuer.  We use the alt_untrusted variable
3091                  * untrusted certificates.  While we're searching for such a
3097                  * untrusted certificates, not a "depth".
3120                  * Alternative trusted issuer for a mid-chain untrusted cert?
3121                  * Pop the untrusted cert's successors and retry.  We might now
3125                  * case we may prune some more untrusted certificates and try
3127                  * again with an even shorter untrusted chain!
3155                  * Self-signed untrusted certificates get replaced by their
3173                         /* Self-signed untrusted mimic. */
3187                  * look for untrusted certificates from the peer's chain.
3190                  * correct number of untrusted certificates, since the DANE
3210              * we were doing untrusted-first, and alt-chains are not disabled,
3211              * do that, by repeatedly losing one untrusted element at a time,
3229          * Extend chain with peer-provided untrusted certificates
3241                  * or can't find an issuer in the untrusted list we stop looking
3258             /* Check for DANE-TA trust of the topmost untrusted certificate. */