171 	/* first we make sure the chain we are going to build is
173 	if (ctx->chain == NULL)
175 		if (	((ctx->chain=sk_X509_new_null()) == NULL) ||
176 			(!sk_X509_push(ctx->chain,ctx->cert)))
193 	num=sk_X509_num(ctx->chain);
194 	x=sk_X509_value(ctx->chain,num-1);
211 		/* If we were passed a cert chain, use it first */
217 				if (!sk_X509_push(ctx->chain,xtmp))
227 				/* reparse the full chain for
235 	/* at this point, chain should contain a list of untrusted
239 	/* Examine last certificate in chain and see if it
243 	i=sk_X509_num(ctx->chain);
244 	x=sk_X509_value(ctx->chain,i-1);
249 		if (sk_X509_num(ctx->chain) == 1)
273 				(void)sk_X509_set(ctx->chain, i - 1, x);
280 			chain_ss=sk_X509_pop(ctx->chain);
283 			x=sk_X509_value(ctx->chain,num-1);
303 		if (!sk_X509_push(ctx->chain,x))
312 	/* we now have our chain, lets check it... */
329 			sk_X509_push(ctx->chain,chain_ss);
343 	/* We have the chain complete: now we need to check its purpose */
354 	/* The chain extensions are OK: check trust */
361 	X509_get_pubkey_parameters(NULL,ctx->chain);
370 	/* At this point, we have a chain and need to verify it */
392 		X509_get_pubkey_parameters(NULL,ctx->chain);
473 	       all certificates in the chain except the leaf certificate.
498 		x = sk_X509_value(ctx->chain, i);
617 	for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
619 		x = sk_X509_value(ctx->chain, i);
620 		/* Ignore self issued certs unless last in chain */
624 		 * chain including trust anchor. Trust anchor not strictly
628 		for (j = sk_X509_num(ctx->chain) - 1; j > i; j--)
630 			NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
657 /* For now just check the last certificate in the chain */
658 	i = sk_X509_num(ctx->chain) - 1;
659 	x = sk_X509_value(ctx->chain, i);
680 		last = sk_X509_num(ctx->chain) - 1;
703 	x = sk_X509_value(ctx->chain, cnum);
944  * or retrieve a chain of deltas...
1055 	if (cidx != sk_X509_num(ctx->chain) - 1)
1058 	crl_issuer = sk_X509_value(ctx->chain, cidx);
1070 	for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++)
1072 		crl_issuer = sk_X509_value(ctx->chain, cidx);
1135 	/* Check chain is acceptable */
1137 	ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1348 	chnum = sk_X509_num(ctx->chain) - 1;
1354 	 * is next certificate in chain.
1357 		issuer = sk_X509_value(ctx->chain, cnum + 1);
1360 		issuer = sk_X509_value(ctx->chain, chnum);
1488 	ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1503 		for (i = 1; i < sk_X509_num(ctx->chain); i++)
1505 			x = sk_X509_value(ctx->chain, i);
1589 	n=sk_X509_num(ctx->chain);
1592 	xi=sk_X509_value(ctx->chain,n);
1609 			xs=sk_X509_value(ctx->chain,n);
1662 			xs=sk_X509_value(ctx->chain,n);
1783 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
1790 	for (i=0; i<sk_X509_num(chain); i++)
1792 		ktmp=X509_get_pubkey(sk_X509_value(chain,i));
1815 		ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
1866 	return ctx->chain;
1873 	STACK_OF(X509) *chain;
1874 	if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
1875 	for (i = 0; i < sk_X509_num(chain); i++)
1877 		x = sk_X509_value(chain, i);
1880 	return chain;
2001 	     STACK_OF(X509) *chain)
2007 	ctx->untrusted=chain;
2012 	ctx->chain=NULL;
2148 	if (ctx->chain != NULL)
2150 		sk_X509_pop_free(ctx->chain,X509_free);
2151 		ctx->chain=NULL;

Indexes created Wed Jul 03 21:38:27 MDT 2024