85 	X509	*cert = NULL;
273 		/* we must have gotten at least one cert, if not, fail */
281 		    &key, &cert) != 0) {
287 		/* we must have gotten a cert, if not, fail */
288 		if (cert == NULL) {
295 			 * if we are importing a user cert, and did not get
328 			cert = sk_X509_value(trustcerts, i);
329 			if (check_cert(err, cert) != 0) {
338 		if (check_cert_and_key(err, cert, key) != 0) {
347 		 * if importing more than one cert, must use implicit trust,
357 			cert = sk_X509_value(trustcerts, 0);
361 		switch (verify_trust(cert)) {
388 	/* now merge the new cert into the keystore */
390 	    get_subject_display_name(cert));
395 			cert = sk_X509_value(trustcerts, i);
396 			if (merge_ca_cert(err, cert, keystore) != 0) {
404 				    get_subject_display_name(cert));
408 		/* merge user cert */
409 		if (merge_cert_and_key(err, cert, key, alias, keystore) != 0) {
449 static VerifyStatus verify_trust(X509 *cert)
457 	/* print cert data */
458 	if (print_cert(err, cert, KEYSTORE_FORMAT_TEXT,
459 	    get_subject_display_name(cert), B_TRUE, stdout) != 0) {
497 	 * if the cert does not appear to be a CA cert
500 	if (!is_ca_cert(cert)) {
542  *	Returns: B_TRUE if certificate has attributes of a CA cert
558 	/* keyUsage if present should allow cert signing */

Indexes created Tue Jul 24 14:28:13 CEST 2018