Lines Matching defs:cert
206 STACK_OF(X509) *, X509 **cert);
224 * Parse and decrypt a PKCS#12 structure returning user key, user cert and/or
226 * or it should point to a valid STACK_OF(X509) structure. pkey and cert can
241 * cert - Points to locaiton which points to the client cert returned
252 * 1) Find the key and/or cert whose localkeyid attributes matches
254 * 2) Find the key and/or cert whose friendlyname attributes matches
256 * 3) Return the first matching key/cert pair found.
257 * 4) Return the last matching key/cert pair found.
258 * 5) Return whatever cert and/or key are available, even unmatching.
267 * selected after a cert/key pairs are isolated.
277 int keyid_len, char *name_str, EVP_PKEY **pkey, X509 **cert,
292 if (cert)
293 *cert = NULL;
333 name_str, pkey, cert, ca);
344 if (cert && *cert)
345 X509_free(*cert);
513 * Notes: If an error occurs while moving certs, the cert being move may be
517 * If there is a key which does not have a matching cert, it is moved to
526 * >= 0 - The number of certs moved from 'cert' to 'pkcerts'.
582 * No cert matching this key. Move the key if
616 * Given one or more of user private key, user cert and/or other (CA) certs,
650 X509 *cert = NULL;
670 cert = sk_X509_value(certs, i);
673 if ((bag = M_PKCS12_x5092certbag(cert)) == NULL) {
677 if (cert->aux != NULL && cert->aux->alias != NULL &&
678 cert->aux->alias->type == V_ASN1_UTF8STRING) {
679 str = utf82ascstr(cert->aux->alias);
694 if (cert->aux != NULL && cert->aux->keyid != NULL &&
695 cert->aux->keyid->type == V_ASN1_OCTET_STRING) {
696 str = cert->aux->keyid->data;
697 len = cert->aux->keyid->length;
720 cert = sk_X509_value(cacerts, i);
721 if ((bag = M_PKCS12_x5092certbag(cert)) == NULL) {
726 if (cert->aux != NULL && cert->aux->alias != NULL &&
727 cert->aux->alias->type == V_ASN1_UTF8STRING) {
728 str = utf82ascstr(cert->aux->alias);
743 if (cert->aux != NULL && cert->aux->keyid != NULL &&
744 cert->aux->keyid->type == V_ASN1_OCTET_STRING) {
745 str = cert->aux->keyid->data;
746 len = cert->aux->keyid->length;
940 * sunw_set_localkeyid() sets the localkeyid in a cert, a private key or
947 * cert - Points to a cert to set the keyidstr in.
949 * Note that setting a keyid into a cert which will not be written out as
950 * a PKCS12 cert is pointless since it will be lost.
960 X509 *cert)
968 if (cert != NULL) {
969 if (X509_keyid_set1(cert, (uchar_t *)keyid_str, keyid_len)
1161 * and returns the first matching cert/private key found.
1164 * not NULL, search the list of private keys. Move the matching cert to
1166 * cert or keys match, no match occurred.
1180 * - Pointer to receive address of first matching cert found.
1237 * a matching friendlyname and returns the first matching cert/private
1241 * is not NULL, search the list of private keys. Move the matching cert to
1243 * cert or keys match, no match occurred.
1254 * - Pointer to receive address of first matching cert found.
1309 * sunw_get_cert_fname() gets the fiendlyname from a cert. It can
1314 * cert - Points to a cert to get the friendlyName from.
1325 sunw_get_cert_fname(getdo_actions_t dowhat, X509 *cert, char **fname)
1332 if (cert == NULL || cert->aux == NULL || cert->aux->alias == NULL) {
1338 ASN1_UTF8STRING_free(cert->aux->alias);
1339 cert->aux->alias = NULL;
1343 *((uchar_t **)fname) = utf82ascstr(cert->aux->alias);
1357 * sunw_set_fname() sets the friendlyName in a cert, a private key or
1363 * cert - Points to a cert to set the fname in.
1365 * Note that setting a friendlyName into a cert which will not be written out
1366 * as a PKCS12 cert is pointless since it will be lost.
1375 sunw_set_fname(const char *ascname, EVP_PKEY *pkey, X509 *cert)
1393 if (cert != NULL) {
1394 if (cert->aux != NULL && cert->aux->alias != NULL) {
1395 ASN1_UTF8STRING_free(cert->aux->alias);
1400 if (len <= 0 || (i = X509_alias_set1(cert, data, len)) == 0) {
1462 * cert - Points to a certificate.
1467 * != 0 - The cert's public key and the private key match.
1470 sunw_check_keys(X509 *cert, EVP_PKEY *pkey)
1474 if (pkey != NULL && cert != NULL)
1475 retval = X509_check_private_key(cert, pkey);
1483 * Compare the 'not before' and the 'not after' times in the cert
1485 * cert not yet in force, cert expired or in range)
1489 * cert - Points to a cert to check
1495 sunw_check_cert_times(chk_actions_t chkwhat, X509 *cert)
1497 return (check_time(chkwhat, cert));
1524 * cert - Points to locaiton which points to the client cert returned
1542 int kstr_len, char *name_str, EVP_PKEY **pkey, X509 **cert,
1547 STACK_OF(X509) *work_ca = NULL; /* Head for cert list */
1585 work_kl, work_cl, pkey, cert);
1603 pkey, cert);
1614 /* Find the first cert and private key and return them */
1615 retval = get_key_cert(0, work_kl, pkey, work_cl, cert);
1627 * Find the last matching cert and private key and return
1631 * key which matches a client cert.
1634 retval = get_key_cert(n, work_kl, pkey, work_cl, cert);
1647 /* Find the first cert and private key and return them */
1654 retval = get_key_cert(0, tmpk, pkey, tmpc, cert);
1678 if (cert != NULL && *cert != NULL) {
1679 X509_free(*cert);
1680 *cert = NULL;
1794 * 1 - one safebag was parsed. If it contained a cert or private key, it
2021 * the kinds of information included (private keys, public keys, cert requests,
2049 * Allocate the working stacks for private key(s) and for the cert(s).
2227 * get_key_cert - Get a cert and its matching key from the stacks of certs
2237 * cert - Points to locaiton where the address of the matching client cert
2240 * The assumption is that the stacks of keys and certs contain key/cert pairs,
2242 * the key and cert selected match, each will be removed from its stack and
2246 * versa. In that case, the indicated key/cert will be returned.
2255 X509 **cert)
2272 if (cert != NULL && *cert == NULL) {
2274 *cert = sk_X509_delete(cl, n);
2275 if (*cert != NULL)
2517 * cert - The cert to check.
2523 check_time(chk_actions_t chkwhat, X509 *cert)
2528 i = X509_cmp_time(X509_get_notBefore(cert), NULL);
2538 i = X509_cmp_time(X509_get_notAfter(cert), NULL);
2561 * cert - Points to locaiton where the address of the matching client cert
2581 * - Once a cert is found, verify that the key actually matches by
2582 * comparing the private key with the public key (in the cert).
2585 * A pointer to cert and/or pkey which matches the name or keyid is stored
2595 STACK_OF(X509) *cl, X509 **cert)
2610 chkcerts = (cert != NULL || pkey != NULL) && cl != NULL;
2655 if (cert != NULL)
2656 *cert = sk_X509_delete(cl, c);
2669 * Looking for pkey to match a cert? If so, assume that
2674 if (found != 0 && cert != NULL) {
2682 } else if (cert == NULL) {