xref: /third_party/openssl/ssl/ssl_cert.c

38 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
261 int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
264     CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key;
271         r = ssl_security_cert(s, ctx, x, 0, 0);
282 int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
286         return ssl_cert_set0_chain(s, ctx, NULL);
290     if (!ssl_cert_set0_chain(s, ctx, dchain)) {
297 int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
300     CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
303     r = ssl_security_cert(s, ctx, x, 0, 0);
315 int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
317     if (!ssl_cert_add0_chain_cert(s, ctx, x))
387     X509_STORE_CTX *ctx = NULL;
396         verify_store = s->ctx->cert_store;
398     ctx = X509_STORE_CTX_new_ex(s->ctx->libctx, s->ctx->propq);
399     if (ctx == NULL) {
405     if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
409     param = X509_STORE_CTX_get0_param(ctx);
418     X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
420         (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
426         X509_STORE_CTX_set0_dane(ctx, &s->dane);
434     X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
436      * Anything non-default in "s->param" should overwrite anything in the ctx.
441         X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
443     if (s->ctx->app_verify_callback != NULL) {
444         i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg);
446         i = X509_verify_cert(ctx);
452     s->verify_result = X509_STORE_CTX_get_error(ctx);
455     if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
456         s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
467     X509_STORE_CTX_free(ctx);
507 void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
509     set0_CA_list(&ctx->ca_names, name_list);
512 const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
514     return ctx->ca_names;
519     return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names;
522 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
524     set0_CA_list(&ctx->client_ca_names, name_list);
527 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
529     return ctx->client_ca_names;
547                                       : s->ctx->client_ca_names;
574 int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
576     return add_ca_name(&ctx->ca_names, x);
588 int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
590     return add_ca_name(&ctx->client_ca_names, x);
812     OSSL_STORE_CTX *ctx = NULL;
816     if ((ctx = OSSL_STORE_open(uri, NULL, NULL, NULL, NULL)) == NULL)
819     while (!OSSL_STORE_eof(ctx) && !OSSL_STORE_error(ctx)) {
820         OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
857     OSSL_STORE_close(ctx);
874 int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
876     CERT *c = s ? s->cert : ctx->cert;
882     SSL_CTX *real_ctx = (s == NULL) ? ctx : s->ctx;
906             chain_store = s->ctx->cert_store;
908             chain_store = ctx->cert_store;
962         rv = ssl_security_cert(s, ctx, x, 0, 0);
1002 int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
1012     if (ctx != NULL)
1013         level = SSL_CTX_get_security_level(ctx);
1028 static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
1034     minbits = ssl_get_security_level_bits(s, ctx, &level);
1111 int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
1113     return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
1114                              ctx->cert->sec_ex);

Indexes created Thu Nov 07 10:32:03 CST 2024