185 void ssl_cert_set_default_md(CERT *cert)
189     cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
192     cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
193     cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
196     cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
217 CERT *ssl_cert_dup(CERT *cert)
230     ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
232      * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
236     ret->valid = cert->valid;
237     ret->mask_k = cert->mask_k;
238     ret->mask_a = cert->mask_a;
239     ret->export_mask_k = cert->export_mask_k;
240     ret->export_mask_a = cert->export_mask_a;
243     if (cert->rsa_tmp != NULL) {
244         RSA_up_ref(cert->rsa_tmp);
245         ret->rsa_tmp = cert->rsa_tmp;
247     ret->rsa_tmp_cb = cert->rsa_tmp_cb;
251     if (cert->dh_tmp != NULL) {
252         ret->dh_tmp = DHparams_dup(cert->dh_tmp);
257         if (cert->dh_tmp->priv_key) {
258             BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
265         if (cert->dh_tmp->pub_key) {
266             BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
274     ret->dh_tmp_cb = cert->dh_tmp_cb;
278     if (cert->ecdh_tmp) {
279         ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
285     ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
286     ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;
290         CERT_PKEY *cpk = cert->pkeys + i;
311         if (cert->pkeys[i].serverinfo != NULL) {
314                 OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
320                 cert->pkeys[i].serverinfo_length;
322                    cert->pkeys[i].serverinfo,
323                    cert->pkeys[i].serverinfo_length);
339     if (cert->conf_sigalgs) {
340         ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
343         memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen);
344         ret->conf_sigalgslen = cert->conf_sigalgslen;
348     if (cert->client_sigalgs) {
349         ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
352         memcpy(ret->client_sigalgs, cert->client_sigalgs,
353                cert->client_sigalgslen);
354         ret->client_sigalgslen = cert->client_sigalgslen;
360     if (cert->ctypes) {
361         ret->ctypes = OPENSSL_malloc(cert->ctype_num);
364         memcpy(ret->ctypes, cert->ctypes, cert->ctype_num);
365         ret->ctype_num = cert->ctype_num;
368     ret->cert_flags = cert->cert_flags;
370     ret->cert_cb = cert->cert_cb;
371     ret->cert_cb_arg = cert->cert_cb_arg;
373     if (cert->verify_store) {
374         CRYPTO_add(&cert->verify_store->references, 1,
376         ret->verify_store = cert->verify_store;
379     if (cert->chain_store) {
380         CRYPTO_add(&cert->chain_store->references, 1, CRYPTO_LOCK_X509_STORE);
381         ret->chain_store = cert->chain_store;
387     if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext))
389     if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
519      * s->cert being NULL, otherwise we could do without the initialization
715     if (s->cert->verify_store)
716         verify_store = s->cert->verify_store;
868  * much to do with CAs, either, since it will load any old cert.
1088     if (s->cert->chain_store)
1089         chain_store = s->cert->chain_store;
1175         /* Add EE cert too: it might be self signed */
1225             /* See if last cert is self signed */

Indexes created Wed Sep 11 23:09:49 MDT 2024