581     X509 *cert = NULL;
601     cert = (X509 *) PEM_read_bio_X509(tmp, NULL, NULL, NULL);
602     if (cert == NULL) {
607     *retcert = cert;
872     X509 *cert = NULL;
893     /* create a cert chain that has at least the signer's certificate */
897     cert = sk_X509_value(id_cryptoctx->my_certs, id_cryptoctx->cert_index);
900 	sk_X509_push(cert_stack, X509_dup(cert));
902 	/* create a cert chain */
913 	X509_STORE_CTX_init(&certctx, certstore, cert,
930 	    pkiDebug("cert #%d: %s\n", i, buf);
937     p7s->cert = cert_stack;
945 		       X509_get_issuer_name(cert)))
951 	  M_ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
1290 	intermediateCAs = p7->d.sign->cert;
1291     else if (p7->d.sign->cert == NULL)
1300 	size = sk_X509_num(p7->d.sign->cert);
1302 	    sk_X509_push(intermediateCAs, sk_X509_value(p7->d.sign->cert, i));
1314     /* add trusted CAs certificates for cert verification */
1324 	pkiDebug("untrusted cert chain of size %d\n", size);
1328 	    pkiDebug("cert #%d: %s\n", i, buf);
1333 	pkiDebug("trusted cert chain of size %d\n", size);
1337 	    pkiDebug("cert #%d: %s\n", i, buf);
1372 	pkiDebug("problem with cert DN = %s (error=%d) %s\n", buf, j,
1377 	size = sk_X509_num(p7->d.sign->cert);
1378 	pkiDebug("received cert chain of size %d\n", size);
1380 	    X509 *tmp_cert = sk_X509_value(p7->d.sign->cert, j);
1382 	    pkiDebug("cert #%d: %s\n", j, buf);
1499 	if (idctx->intermediateCAs != NULL && p7->d.sign->cert)
1813 			  X509 *cert,
1831     if (cert == NULL) {
1836     X509_NAME_oneline(X509_get_subject_name(cert),
1838     pkiDebug("%s: looking for SANs in cert = %s\n", __FUNCTION__, buf);
1840     if ((i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0) {
1847 	if (!(ext = X509_get_ext(cert, i)) || !(ialt = X509V3_EXT_d2i(ext))) {
2020     pkiDebug("%s: looking for EKUs in cert = %s\n", __FUNCTION__, buf);
2029 	    pkiDebug("%s: found eku info in the cert\n", __FUNCTION__);
3104 	pkiDebug("cert = %s\n", buf);
3743     CK_BYTE_PTR cert = NULL, cert_id = NULL;
3761     /* If a cert id and/or label were given, use them too */
3791 	/* Look for x.509 cert */
3799 	/* Get cert and id len */
3820 	cert = malloc((size_t) attrs[0].ulValueLen + 1);
3821 	if (cert == NULL) {
3831 	/* Read the cert and id off the card */
3834 	attrs[0].pValue = cert;
3849 	pkiDebug("cert %d size %d id %d idlen %d\n", i,
3853 	cp = (unsigned char *) cert;
3865 	id_cryptoctx->creds[i]->cert = x;
3870 	free(cert);
3871         cert = NULL;
3875     if (id_cryptoctx->creds[0] == NULL || id_cryptoctx->creds[0]->cert == NULL) {
3879          * Do not let pkinit_cert_matching set the primary cert in id_cryptoctx
3889         id_cryptoctx->creds[0]->cert != NULL) {
3898     if (cert)
3899         free(cert);
4348  * 4. matches the id of the cert we chose
4353  * pkcs11 says the id of the key doesn't have to match that of the cert, but
4429 	X509 *cert;
4433 	cert = sk_X509_value(id_cryptoctx->my_certs, 0);
4434 	priv = X509_get_pubkey(cert);
4436     		pkiDebug("Failed to extract pub key from cert\n");
4754 	    EVP_PKEY *pkey, X509 *cert)
4765     if (cert && !X509_check_private_key(cert, pkey)) {
4858 	pkiDebug("%s: failed to get user's cert location\n", __FUNCTION__);
4949     id_cryptoctx->creds[0]->cert = x;
5007     id_cryptoctx->creds[cindex]->cert = x;
5039 	pkiDebug("%s: failed to get user's cert location\n", __FUNCTION__);
5129 	    pkiDebug("%s: Successfully loaded cert (and key) for %s\n",
5140 	    gettext("No suitable cert/key pairs found in directory '%s'"),
5142 	pkiDebug("%s: No cert/key pairs found in directory '%s'\n",
5278 	if (cred->cert != NULL)
5279 	    X509_free(cred->cert);
5464  * Release cert handle
5613     X509_NAME_oneline_ex(X509_get_subject_name(cd->cred->cert),
5622     X509_NAME_oneline_ex(X509_get_issuer_name(cd->cred->cert),
5632 				       cd->cred->cert, &pkinit_sans,
5670 					   cd->cred->cert,
5726     /* copy the selected cert into our id_cryptoctx */ 
5731     sk_X509_push(cd->idctx->my_certs, cd->cred->cert);
5732     cd->idctx->creds[cd->index]->cert = NULL;	    /* Don't free it twice */
5780     /* copy the selected cert into our id_cryptoctx */ 
5785     sk_X509_push(id_cryptoctx->my_certs, id_cryptoctx->creds[0]->cert);
5786     id_cryptoctx->creds[0]->cert = NULL;	/* Don't free it twice */
6072 	pkiDebug("#%d cert= %s\n", i, buf);
6277 	pkiDebug("#%d cert= %s\n", i, buf);
6342     X509 *cert = req_cryptoctx->received_cert;
6350     X509_NAME_set(&is->issuer, X509_get_issuer_name(cert));
6352     is->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
6438 		pkiDebug("#%d cert = %s is trusted by kdc\n", i, buf);
6440 		pkiDebug("#%d cert = %s is invalid\n", i, buf);
6502     X509 *cert = sk_X509_value(id_cryptoctx->my_certs,
6532     if (cert) {
6537 				    cert->cert_info->issuer);
6539 		tmp_ret = M_ASN1_INTEGER_cmp(cert->cert_info->serialNumber,
6556     if (cert == NULL) {

Indexes created Fri Jul 05 22:58:02 MDT 2024