95 #define CMS_get1_certs(_p7) (_p7->d.sign->cert)
618     X509 *cert = NULL;
638     cert = (X509 *) PEM_read_bio_X509(tmp, NULL, NULL, NULL);
639     if (cert == NULL) {
644     *retcert = cert;
1005     X509 *cert = NULL;
1026     /* create a cert chain that has at least the signer's certificate */
1030     cert = sk_X509_value(id_cryptoctx->my_certs, id_cryptoctx->cert_index);
1033 	sk_X509_push(cert_stack, X509_dup(cert));
1035 	/* create a cert chain */
1046 	X509_STORE_CTX_init(&certctx, certstore, cert,
1063 	    pkiDebug("cert #%d: %s\n", i, buf);
1070     p7s->cert = cert_stack;
1078 		       X509_get_issuer_name(cert)))
1084 	  M_ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
1485     /* add trusted CAs certificates for cert verification */
1495 	pkiDebug("untrusted cert chain of size %d\n", size);
1499 	    pkiDebug("cert #%d: %s\n", i, buf);
1504 	pkiDebug("trusted cert chain of size %d\n", size);
1508 	    pkiDebug("cert #%d: %s\n", i, buf);
1544 	pkiDebug("problem with cert DN = %s (error=%d) %s\n", buf, j,
1550 	pkiDebug("received cert chain of size %d\n", size);
1554 	    pkiDebug("cert #%d: %s\n", j, buf);
1993 			  X509 *cert,
2011     if (cert == NULL) {
2016     X509_NAME_oneline(X509_get_subject_name(cert),
2018     pkiDebug("%s: looking for SANs in cert = %s\n", __FUNCTION__, buf);
2020     if ((i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0) {
2027 	if (!(ext = X509_get_ext(cert, i)) || !(ialt = X509V3_EXT_d2i(ext))) {
2200     pkiDebug("%s: looking for EKUs in cert = %s\n", __FUNCTION__, buf);
2209 	    pkiDebug("%s: found eku info in the cert\n", __FUNCTION__);
3287 	pkiDebug("cert = %s\n", buf);
3926     CK_BYTE_PTR cert = NULL, cert_id = NULL;
3944     /* If a cert id and/or label were given, use them too */
3974 	/* Look for x.509 cert */
3982 	/* Get cert and id len */
4003 	cert = malloc((size_t) attrs[0].ulValueLen + 1);
4004 	if (cert == NULL) {
4014 	/* Read the cert and id off the card */
4017 	attrs[0].pValue = cert;
4032 	pkiDebug("cert %d size %d id %d idlen %d\n", i,
4036 	cp = (unsigned char *) cert;
4048 	id_cryptoctx->creds[i]->cert = x;
4053 	free(cert);
4054         cert = NULL;
4058     if (id_cryptoctx->creds[0] == NULL || id_cryptoctx->creds[0]->cert == NULL) {
4062          * Do not let pkinit_cert_matching set the primary cert in id_cryptoctx
4072         id_cryptoctx->creds[0]->cert != NULL) {
4081     if (cert)
4082         free(cert);
4531  * 4. matches the id of the cert we chose
4536  * pkcs11 says the id of the key doesn't have to match that of the cert, but
4612 	X509 *cert;
4616 	cert = sk_X509_value(id_cryptoctx->my_certs, 0);
4617 	priv = X509_get_pubkey(cert);
4619     		pkiDebug("Failed to extract pub key from cert\n");
4937 	    EVP_PKEY *pkey, X509 *cert)
4948     if (cert && !X509_check_private_key(cert, pkey)) {
5044 	pkiDebug("%s: failed to get user's cert location\n", __FUNCTION__);
5135     id_cryptoctx->creds[0]->cert = x;
5193     id_cryptoctx->creds[cindex]->cert = x;
5225 	pkiDebug("%s: failed to get user's cert location\n", __FUNCTION__);
5315 	    pkiDebug("%s: Successfully loaded cert (and key) for %s\n",
5326 	    gettext("No suitable cert/key pairs found in directory '%s'"),
5328 	pkiDebug("%s: No cert/key pairs found in directory '%s'\n",
5464 	if (cred->cert != NULL)
5465 	    X509_free(cred->cert);
5650  * Release cert handle
5799     X509_NAME_oneline_ex(X509_get_subject_name(cd->cred->cert),
5808     X509_NAME_oneline_ex(X509_get_issuer_name(cd->cred->cert),
5818 				       cd->cred->cert, &pkinit_sans,
5856 					   cd->cred->cert,
5912     /* copy the selected cert into our id_cryptoctx */ 
5917     sk_X509_push(cd->idctx->my_certs, cd->cred->cert);
5918     cd->idctx->creds[cd->index]->cert = NULL;	    /* Don't free it twice */
5966     /* copy the selected cert into our id_cryptoctx */ 
5971     sk_X509_push(id_cryptoctx->my_certs, id_cryptoctx->creds[0]->cert);
5972     id_cryptoctx->creds[0]->cert = NULL;	/* Don't free it twice */
6258 	pkiDebug("#%d cert= %s\n", i, buf);
6463 	pkiDebug("#%d cert= %s\n", i, buf);
6528     X509 *cert = req_cryptoctx->received_cert;
6536     X509_NAME_set(&is->issuer, X509_get_issuer_name(cert));
6538     is->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
6624 		pkiDebug("#%d cert = %s is trusted by kdc\n", i, buf);
6626 		pkiDebug("#%d cert = %s is invalid\n", i, buf);
6688     X509 *cert = sk_X509_value(id_cryptoctx->my_certs,
6718     if (cert) {
6723 				    cert->cert_info->issuer);
6725 		tmp_ret = M_ASN1_INTEGER_cmp(cert->cert_info->serialNumber,
6742     if (cert == NULL) {

Indexes created Tue Jul 24 14:28:13 CEST 2018