434 	X509	*cert;		/* X509 certificate */
676 				puch = xinfo->cert.ptr;
677 				cert = d2i_X509(NULL, &puch,
678 				    ntohl(xinfo->cert.vallen));
679 				peer->pkey = X509_get_pubkey(cert);
680 				X509_free(cert);
685 			    "cert %s %s 0x%x %s (%u) fs %u",
1090 	struct cert_info *cp, *xp, *yp; /* cert info/value pointer */
1162 			len = crypto_send(fp, &cert_host->cert, start);
1229 		len = crypto_send(fp, &xp->cert, start);
1869 		cp->cert.tstamp = hostval.tstamp;
1870 		cp->cert.siglen = 0;
1871 		if (cp->cert.sig == NULL)
1872 			cp->cert.sig = emalloc(sign_siglen);
1874 		EVP_SignUpdate(ctx, (u_char *)&cp->cert, 12);
1875 		EVP_SignUpdate(ctx, cp->cert.ptr,
1876 		    ntohl(cp->cert.vallen));
1877 		if (EVP_SignFinal(ctx, cp->cert.sig, &len, sign_pkey)) {
1879 			cp->cert.siglen = htonl(len);
3138 	X509	*cert;		/* X509 certificate */
3185 	cert = X509_new();
3186 	X509_set_version(cert, X509_get_version(req));
3189 	X509_set_serialNumber(cert, serial);
3190 	X509_gmtime_adj(X509_get_notBefore(cert), 0L);
3191 	X509_gmtime_adj(X509_get_notAfter(cert), YEAR);
3192 	subj = X509_get_issuer_name(cert);
3196 	X509_set_subject_name(cert, subj);
3197 	X509_set_pubkey(cert, pkey);
3201 		INSIST(X509_add_ext(cert, ext, -1));
3212 		X509_free(cert);
3215 	X509_sign(cert, sign_pkey, sign_digest);
3216 	if (X509_verify(cert, sign_pkey) <= 0) {
3219 		X509_free(cert);
3222 	len = i2d_X509(cert, NULL);
3235 	i2d_X509(cert, (unsigned char **)(intptr_t)&ptr);
3251 		X509_print_fp(stdout, cert);
3253 	X509_free(cert);
3270 	struct exten *ep,	/* cert info/value */
3302 			if (ntohl(cp->cert.fstamp) <=
3303 			    ntohl(xp->cert.fstamp)) {
3341 	X509	*cert;		/* X509 certificate */
3385 	ptr = (u_char *)xp->cert.ptr;
3386 	cert = d2i_X509(NULL, &ptr, ntohl(xp->cert.vallen));
3387 	if (cert == NULL) {
3391 	if (X509_verify(cert, yp->pkey) <= 0) {
3392 		X509_free(cert);
3396 	X509_free(cert);
3432 	X509	*cert;		/* X509 certificate */
3445 	if ((cert = d2i_X509(NULL, &ptr, len)) == NULL) {
3452 		X509_print_fp(stdout, cert);
3459 	if ((ret->pkey = X509_get_pubkey(cert)) == NULL) {
3463 		X509_free(cert);
3466 	ret->version = X509_get_version(cert);
3467 	X509_NAME_oneline(X509_get_subject_name(cert), pathbuf,
3474 		X509_free(cert);
3486 	ret->nid = X509_get_signature_nid(cert);
3489 	    (u_long)ASN1_INTEGER_get(X509_get_serialNumber(cert));
3490 	X509_NAME_oneline(X509_get_issuer_name(cert), pathbuf,
3496 		X509_free(cert);
3500 	asn_to_calendar(X509_get_notBefore(cert), &(ret->first));
3501 	asn_to_calendar(X509_get_notAfter(cert), &(ret->last));
3508 	cnt = X509_get_ext_count(cert);
3515 		ext = X509_get_ext(cert, i);
3560 		if (X509_verify(cert, ret->pkey) <= 0) {
3565 			X509_free(cert);
3578 			X509_free(cert);
3600 		X509_free(cert);
3607 	ret->cert.fstamp = htonl(fstamp);
3608 	ret->cert.vallen = htonl(len);
3609 	ret->cert.ptr = emalloc(len);
3610 	memcpy(ret->cert.ptr, asn1cert, len);
3611 	X509_free(cert);
3632 	value_free(&cinf->cert);
3762  * constructs a info/cert value structure for this machine. The

Indexes created Tue Jun 11 21:59:41 MDT 2024