185 void ssl_cert_set_default_md(CERT *cert)
189     cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
192     cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
193     cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
196     cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
217 CERT *ssl_cert_dup(CERT *cert)
231     ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
233      * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
237     ret->valid = cert->valid;
238     ret->mask_k = cert->mask_k;
239     ret->mask_a = cert->mask_a;
240     ret->export_mask_k = cert->export_mask_k;
241     ret->export_mask_a = cert->export_mask_a;
244     if (cert->rsa_tmp != NULL) {
245         RSA_up_ref(cert->rsa_tmp);
246         ret->rsa_tmp = cert->rsa_tmp;
248     ret->rsa_tmp_cb = cert->rsa_tmp_cb;
252     if (cert->dh_tmp != NULL) {
253         ret->dh_tmp = DHparams_dup(cert->dh_tmp);
258         if (cert->dh_tmp->priv_key) {
259             BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
266         if (cert->dh_tmp->pub_key) {
267             BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
275     ret->dh_tmp_cb = cert->dh_tmp_cb;
279     if (cert->ecdh_tmp) {
280         ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
286     ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
287     ret->ecdh_tmp_auto = cert->ecdh_tmp_auto;
291         CERT_PKEY *cpk = cert->pkeys + i;
312         if (cert->pkeys[i].serverinfo != NULL) {
315                 OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
321                 cert->pkeys[i].serverinfo_length;
323                    cert->pkeys[i].serverinfo,
324                    cert->pkeys[i].serverinfo_length);
339     if (cert->conf_sigalgs) {
340         ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen);
343         memcpy(ret->conf_sigalgs, cert->conf_sigalgs, cert->conf_sigalgslen);
344         ret->conf_sigalgslen = cert->conf_sigalgslen;
348     if (cert->client_sigalgs) {
349         ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen);
352         memcpy(ret->client_sigalgs, cert->client_sigalgs,
353                cert->client_sigalgslen);
354         ret->client_sigalgslen = cert->client_sigalgslen;
360     if (cert->ctypes) {
361         ret->ctypes = OPENSSL_malloc(cert->ctype_num);
364         memcpy(ret->ctypes, cert->ctypes, cert->ctype_num);
365         ret->ctype_num = cert->ctype_num;
368     ret->cert_flags = cert->cert_flags;
370     ret->cert_cb = cert->cert_cb;
371     ret->cert_cb_arg = cert->cert_cb_arg;
373     if (cert->verify_store) {
374         CRYPTO_add(&cert->verify_store->references, 1,
376         ret->verify_store = cert->verify_store;
379     if (cert->chain_store) {
380         CRYPTO_add(&cert->chain_store->references, 1, CRYPTO_LOCK_X509_STORE);
381         ret->chain_store = cert->chain_store;
387     if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext))
389     if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext))
520      * s->cert being NULL, otherwise we could do without the initialization
716     if (s->cert->verify_store)
717         verify_store = s->cert->verify_store;
869  * much to do with CAs, either, since it will load any old cert.
1094     if (s->cert->chain_store)
1095         chain_store = s->cert->chain_store;
1181         /* Add EE cert too: it might be self signed */
1231             /* See if last cert is self signed */

Indexes created Thu Jun 20 12:38:36 MDT 2024