src/crypto/tls_openssl.c

137 	const CERT_CONTEXT *cert;
260 	if (priv->cert)
261 		CertFreeCertificateContext(priv->cert);
288 	if (strncmp(name, "cert://", 7) == 0) {
323 	X509 *cert = NULL;
329 	    (strncmp(name, "cert://", 7) != 0 &&
343 	priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
344 	if (priv->cert == NULL) {
345 		priv->cert = cryptoapi_find_cert(
348 	if (priv->cert == NULL) {
354 	cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded,
355 			priv->cert->cbCertEncoded);
356 	if (cert == NULL) {
362 	if (!CryptAcquireCertificatePrivateKey(priv->cert,
388 	if (!SSL_use_certificate(ssl, cert)) {
393 	pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
394 	X509_free(cert);
395 	cert = NULL;
409 	if (cert)
410 		X509_free(cert);
425 	X509 *cert;
447 		wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
454 		cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded,
456 		if (cert == NULL) {
458 				   "X509 DER encoding for CA cert");
462 		X509_NAME_oneline(X509_get_subject_name(cert), buf,
467 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
473 		X509_free(cert);
477 		wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
838 	/* load private key first in-case PIN is required for cert */
996 static int tls_match_altsubject_component(X509 *cert, int type,
1003 	ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1018 static int tls_match_altsubject(X509 *cert, const char *match)
1052 		if (tls_match_altsubject_component(cert, type, pos, len) > 0)
1099 static struct wpabuf * get_x509_cert(X509 *cert)
1104 	int cert_len = i2d_X509(cert, NULL);
1113 	i2d_X509(cert, &tmp);
1124 	struct wpabuf *cert = NULL;
1129 	cert = get_x509_cert(err_cert);
1136 	ev.cert_fail.cert = cert;
1138 	wpabuf_free(cert);
1146 	struct wpabuf *cert = NULL;
1157 		cert = get_x509_cert(err_cert);
1158 		ev.peer_cert.cert = cert;
1161 	if (cert) {
1164 		addr[0] = wpabuf_head(cert);
1165 		len[0] = wpabuf_len(cert);
1175 	wpabuf_free(cert);
1218 		struct wpabuf *cert;
1219 		cert = get_x509_cert(err_cert);
1220 		if (!cert) {
1228 			addr[0] = wpabuf_head(cert);
1229 			len[0] = wpabuf_len(cert);
1236 			wpabuf_free(cert);
1311 				   "cert already in hash table error",
1395 		X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
1397 		if (cert == NULL) {
1403 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1412 					   "cert already in hash table error",
1415 				X509_free(cert);
1419 		X509_free(cert);
1709 	X509 *cert;
1715 	cert = NULL;
1717 	if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
1725 	if (cert) {
1726 		X509_NAME_oneline(X509_get_subject_name(cert), buf,
1731 			if (SSL_use_certificate(ssl, cert) != 1)
1734 			if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
1737 		X509_free(cert);
1753 		while ((cert = sk_X509_pop(certs)) != NULL) {
1754 			X509_NAME_oneline(X509_get_subject_name(cert), buf,
1759 			 * There is no SSL equivalent for the chain cert - so
1762 			if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
1836 			       X509 **cert)
1841 		X509 *cert;
1844 	params.cert = NULL;
1848 		wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
1853 	if (!params.cert) {
1854 		wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
1858 	*cert = params.cert;
1868 	X509 *cert;
1870 	if (tls_engine_get_cert(conn, cert_id, &cert))
1873 	if (!SSL_use_certificate(conn->ssl, cert)) {
1876                 X509_free(cert);
1879 	X509_free(cert);
1895 	X509 *cert;
1898 	if (tls_engine_get_cert(conn, ca_cert_id, &cert))
1907 		X509_free(cert);
1910 	if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1917 			wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
1921 			X509_free(cert);
1925 	X509_free(cert);