src/crypto/tls_openssl.c

135 	const CERT_CONTEXT *cert;
258 	if (priv->cert)
259 		CertFreeCertificateContext(priv->cert);
286 	if (strncmp(name, "cert://", 7) == 0) {
321 	X509 *cert = NULL;
327 	    (strncmp(name, "cert://", 7) != 0 &&
341 	priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
342 	if (priv->cert == NULL) {
343 		priv->cert = cryptoapi_find_cert(
346 	if (priv->cert == NULL) {
352 	cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded,
353 			priv->cert->cbCertEncoded);
354 	if (cert == NULL) {
360 	if (!CryptAcquireCertificatePrivateKey(priv->cert,
386 	if (!SSL_use_certificate(ssl, cert)) {
391 	pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
392 	X509_free(cert);
393 	cert = NULL;
407 	if (cert)
408 		X509_free(cert);
423 	X509 *cert;
445 		wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
452 		cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded,
454 		if (cert == NULL) {
456 				   "X509 DER encoding for CA cert");
460 		X509_NAME_oneline(X509_get_subject_name(cert), buf,
465 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
471 		X509_free(cert);
475 		wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
822 	/* load private key first in-case PIN is required for cert */
980 static int tls_match_altsubject_component(X509 *cert, int type,
987 	ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1002 static int tls_match_altsubject(X509 *cert, const char *match)
1036 		if (tls_match_altsubject_component(cert, type, pos, len) > 0)
1083 static struct wpabuf * get_x509_cert(X509 *cert)
1088 	int cert_len = i2d_X509(cert, NULL);
1097 	i2d_X509(cert, &tmp);
1108 	struct wpabuf *cert = NULL;
1113 	cert = get_x509_cert(err_cert);
1120 	ev.cert_fail.cert = cert;
1122 	wpabuf_free(cert);
1130 	struct wpabuf *cert = NULL;
1141 		cert = get_x509_cert(err_cert);
1142 		ev.peer_cert.cert = cert;
1145 	if (cert) {
1148 		addr[0] = wpabuf_head(cert);
1149 		len[0] = wpabuf_len(cert);
1159 	wpabuf_free(cert);
1193 		struct wpabuf *cert;
1194 		cert = get_x509_cert(err_cert);
1195 		if (!cert) {
1203 			addr[0] = wpabuf_head(cert);
1204 			len[0] = wpabuf_len(cert);
1211 			wpabuf_free(cert);
1282 				   "cert already in hash table error",
1353 		X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
1355 		if (cert == NULL) {
1361 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1370 					   "cert already in hash table error",
1373 				X509_free(cert);
1377 		X509_free(cert);
1620 	X509 *cert;
1626 	cert = NULL;
1628 	if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
1636 	if (cert) {
1637 		X509_NAME_oneline(X509_get_subject_name(cert), buf,
1642 			if (SSL_use_certificate(ssl, cert) != 1)
1645 			if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
1648 		X509_free(cert);
1664 		while ((cert = sk_X509_pop(certs)) != NULL) {
1665 			X509_NAME_oneline(X509_get_subject_name(cert), buf,
1670 			 * There is no SSL equivalent for the chain cert - so
1673 			if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
1747 			       X509 **cert)
1752 		X509 *cert;
1755 	params.cert = NULL;
1759 		wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
1764 	if (!params.cert) {
1765 		wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
1769 	*cert = params.cert;
1779 	X509 *cert;
1781 	if (tls_engine_get_cert(conn, cert_id, &cert))
1784 	if (!SSL_use_certificate(conn->ssl, cert)) {
1787                 X509_free(cert);
1790 	X509_free(cert);
1806 	X509 *cert;
1809 	if (tls_engine_get_cert(conn, ca_cert_id, &cert))
1818 		X509_free(cert);
1821 	if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1828 			wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
1832 			X509_free(cert);
1836 	X509_free(cert);