Lines Matching defs:chain
2582 * chain. If the peer has specified peer_cert_sigalgs then we use them
2614 * Check certificate chain is consistent with TLS extensions and is usable by
2629 int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
2650 chain = cpk->chain;
2677 ok = X509_chain_check_suiteb(NULL, x, chain, suiteb_flags);
2752 /* Check signature algorithm of each cert in chain */
2766 for (i = 0; i < sk_X509_num(chain); i++) {
2767 if (!tls1_check_sig_alg(s, sk_X509_value(chain, i), default_nid)) {
2787 /* In strict mode check rest of chain too */
2790 for (i = 0; i < sk_X509_num(chain); i++) {
2791 X509 *ca = sk_X509_value(chain, i);
2835 for (i = 0; i < sk_X509_num(chain); i++) {
2836 X509 *xtmp = sk_X509_value(chain, i);
2861 * chain is invalid.
2889 /* User level utility function to check a chain is suitable */
2890 int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
2892 return tls1_check_chain(s, x, pk, chain, -1);
3013 * Check security of a chain, if |sk| includes the end entity certificate then
3014 * |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending
3103 * have a chain here that lets us look at the key OID in the