Searched refs:cert (Results 1 - 12 of 12) sorted by relevance

/httpd/modules/ssl/
H A Dssl_engine_ocsp.c24 static const char *extract_responder_uri(X509 *cert, apr_pool_t *pool) argument
30 values = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL);
54 static apr_uri_t *determine_responder_uri(SSLSrvConfigRec *sc, X509 *cert, argument
68 s = extract_responder_uri(cert, p);
105 static OCSP_REQUEST *create_request(X509_STORE_CTX *ctx, X509 *cert, argument
112 *certid = OCSP_cert_to_id(NULL, cert, ctx->current_issuer);
129 static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c, argument
140 ruri = determine_responder_uri(sc, cert, c, pool);
145 request = create_request(ctx, cert, &certID, s, pool, sc);
202 ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, APLOGN
254 X509 *cert = X509_STORE_CTX_get_current_cert(ctx); local
[all...]
H A Dssl_engine_log.c119 apr_pool_t *p, X509 *cert, const char *format,
130 if (cert) {
144 name = SSL_X509_NAME_to_string(p, X509_get_subject_name(cert),
153 name = SSL_X509_NAME_to_string(p, X509_get_issuer_name(cert),
162 if (i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)) == -1)
166 ASN1_TIME_print(bio, X509_get_notBefore(cert));
169 ASN1_TIME_print(bio, X509_get_notAfter(cert));
202 * details of the X509 cert. For ssl_log_xerror, a pool needs to be passed in
203 * as well (for temporary allocation of the cert's subject/issuer name strings,
207 apr_pool_t *ptemp, server_rec *s, X509 *cert,
116 ssl_log_cert_error(const char *file, int line, int level, apr_status_t rv, const server_rec *s, const conn_rec *c, const request_rec *r, apr_pool_t *p, X509 *cert, const char *format, va_list ap) argument
206 ssl_log_xerror(const char *file, int line, int level, apr_status_t rv, apr_pool_t *ptemp, server_rec *s, X509 *cert, const char *fmt, ...) argument
219 ssl_log_cxerror(const char *file, int line, int level, apr_status_t rv, conn_rec *c, X509 *cert, const char *fmt, ...) argument
231 ssl_log_rxerror(const char *file, int line, int level, apr_status_t rv, request_rec *r, X509 *cert, const char *fmt, ...) argument
[all...]
H A Dssl_engine_init.c851 * server cert issuers are found under SSLCACertificatePath or in
936 X509 *cert,
941 if (!cert) {
949 if (SSL_X509_getBC(cert, &is_ca, &pathlen)) {
964 if (SSL_X509_match_name(ptemp, cert, (const char *)s->server_hostname,
987 X509 *cert; local
1076 * as soon as we no longer need access to the cert. (Strictly speaking,
1082 if (!(cert = SSL_CTX_get0_certificate(mctx->ssl_ctx))) {
1088 cert = SSL_get_certificate(ssl);
1090 if (!ssl || !cert) {
934 ssl_check_public_cert(server_rec *s, apr_pool_t *ptemp, X509 *cert, const char *key_id) argument
1465 X509 *cert; local
[all...]
H A Dssl_engine_kernel.c310 X509 *cert; local
638 /* let it pass, possibly with an "incorrect" peer cert,
715 cert = SSL_get_peer_certificate(ssl);
717 if (!cert_stack && cert) {
718 /* client cert is in the session cache, but there is
720 * sk_X509_shift-ed the peer cert out of the chain.
724 sk_X509_push(cert_stack, cert);
743 if (!cert) {
744 cert = sk_X509_value(cert_stack, 0);
747 X509_STORE_CTX_init(&cert_store_ctx, cert_store, cert, cert_stac
[all...]
H A Dssl_engine_io.c1110 X509 *cert; local
1167 cert = SSL_get_peer_certificate(filter_ctx->pssl);
1170 if (!cert
1172 X509_get_notBefore(cert)) >= 0)
1174 X509_get_notAfter(cert)) <= 0)) {
1183 if (!cert
1184 || SSL_X509_match_name(c->pool, cert, hostname_note,
1224 if (cert) {
1225 X509_free(cert);
1350 if ((cert
[all...]
H A Dssl_private.h542 /** proxy can have any number of cert/key pairs */
632 * used regardless of per-cert URL */
932 X509 *cert, const char *format, ...)
936 apr_status_t rv, conn_rec *c, X509 *cert,
941 apr_status_t rv, request_rec *r, X509 *cert,
965 /* Perform OCSP validation of the current cert in the given context.
H A Dssl_util_ssl.c164 BOOL SSL_X509_getBC(X509 *cert, int *ca, int *pathlen) argument
170 bc = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
H A Dmod_ssl_ct.c243 * SCT for cert with this fingerprint
1166 /* we may have already processed this cert for another
1503 APLOGNO(02724) "wrote server cert and chain to %s",
1816 /* Enqueue data from server for off-line audit (cert, SCT(s))
1878 /* now write the cert!!! */
2159 /* At this point we have the SCTs from the cert (if any) and the
2169 * Is there any cheaper check than server cert and SCTs all exactly
2951 X509 *cert; local
2966 cert = PEM_read_X509(pemfile, NULL, NULL, NULL);
2967 if (!cert) {
[all...]
/httpd/support/
H A Dab.c585 static void ssl_print_cert_info(BIO *bio, X509 *cert) argument
591 BIO_printf(bio, "Certificate version: %ld\n", X509_get_version(cert)+1);
593 ASN1_UTCTIME_print(bio, X509_get_notBefore(cert));
597 ASN1_UTCTIME_print(bio, X509_get_notAfter(cert));
600 pk = X509_get_pubkey(cert);
605 dn = X509_get_issuer_name(cert);
609 dn=X509_get_subject_name(cert);
614 BIO_printf(bio, "Extension Count: %d\n", X509_get_ext_count(cert));
620 X509 *cert; local
628 cert
660 X509 *cert; local
[all...]
/httpd/modules/ldap/
H A Dutil_ldap.c679 /* if we got here, the cert arrays were identical */
851 /* save away a copy of the client cert list that is presently valid */
2298 /* Client cert file in DER format */
2303 /* Client cert file in Base64 format */
2308 /* Client cert file in PKCS#12 format */
2313 /* Netscape client cert database file/directory */
2318 /* Netscape client cert nickname */
2323 /* Client cert key file in DER format */
2328 /* Client cert key file in Base64 format */
2333 /* Client cert ke
[all...]
/httpd/test/
H A Dmake_sni.sh167 # And get it signed by either our client cert issuing root authority.
330 - ssl directory with an ssl cert (signed by root)
/httpd/modules/arch/netware/
H A Dmod_nw_ssl.c294 opts.cert = key;

Completed in 530 milliseconds