221  * other (CA) certs. Note either ca should be NULL, *ca should be NULL,
229  *   matchty  - Info about which certs/keys to return if many are in the file.
239  *               authority' certs/trust anchors.
242  * and/or 'name_str', as appropriate.  Go through the lists of certs and
256  *   Append to the CA list, the certs which do not have matching private
259  * If none of the bits are set, no client certs or private keys will be
260  * returned.  CA (aka trust anchor) certs can be.
262  * Notes: If #3 is selected, then #4 will never occur.  CA certs will be
353  * Parse and decrypt a PEM file, returning any user keys and certs.
369  *   certs    - Points to address of a stack of client certs to return.
376  *   Note:  Client certs and and their matching private keys will be in any
379  *   Certs which have no matching private key are assumed to be ca certs.
388     STACK_OF(EVP_PKEY) **pkey, STACK_OF(X509) **certs)
396 	 * ca certs.
414 	retval = set_results(pkey, &work_kl, certs, &work_ca, NULL, NULL, NULL,
432  * various certs. Note these should either be NULL, *whatever should
440  *   certs    - Points to address of a stack of client certs return.
442  *   Note:  The certs and keys being returned are in random order.
452     STACK_OF(X509) **certs)
460 	 * ca certs.
480 	retval = set_results(pkey, &work_kl, certs, &work_ca, NULL,
494  * sunw_split_certs() - Given a list of certs and a list of private keys,
495  *     moves certs which match one of the keys to a different stack.
499  *   allcerts - Points to a stack of certs to be searched.
500  *   keycerts - Points to address of a stack of certs with matching private
505  *              certs.  Keys are moved from 'allkeys' here when they have no
506  *              matching certs.  If this is NULL, matchless keys will be
509  *   Notes:  If an error occurs while moving certs, the cert being move may be
510  *   lost.  'keycerts' may only contain part of the matching certs.  The number
511  *   of certs successfully moved can be found by checking sk_X509_num(keycerts).
516  *   If all certs are removed from 'certs' and/or 'pkeys', it will be the
522  *  >= 0 - The number of certs moved from 'cert' to 'pkcerts'.
612  * Given one or more of user private key, user cert and/or other (CA) certs,
621  *   certs    - Points to stack of client (public ke) certs
622  *   cacerts  - Points to stack of 'certificate authority' certs (or trust
634     STACK_OF(X509) *certs, STACK_OF(X509) *cacerts)
663 	if (certs != NULL && sk_X509_num(certs) > 0) {
665 		for (i = 0; i < sk_X509_num(certs); i++) {
666 			cert = sk_X509_value(certs, i);
714 		/* Put all certs in structure */
761 	if (certs != NULL || cacerts != NULL && certs_there) {
1152  * sunw_find_localkeyid() searches stacks of certs and private keys,
1155  * Look for a keyid in a stack of certs.  if 'certs' is NULL and 'pkeys' is
1163  *   pkeys    - Points to a stack of private keys which match the certs.
1165  *   certs    - Points to a stack of certs to search.  If NULL, search the
1184 STACK_OF(X509) *certs, EVP_PKEY **matching_pkey, X509 **matching_cert)
1193 	    (pkeys == NULL || certs == NULL) ||
1195 	    (certs != NULL && matching_cert == NULL)) {
1212 	retval = find_attr(NID_localKeyID, cmpstr, pkeys, &tmp_pkey, certs,
1228  * sunw_find_fname() searches stacks of certs and private keys for one with
1232  * Look for a friendlyname in a stack of certs.  if 'certs' is NULL and 'pkeys'
1239  *   pkeys    - Points to a stack of private keys which match the certs.
1241  *   certs    - Points to a stack of certs to search.  If NULL, search the
1255 sunw_find_fname(char *fname, STACK_OF(EVP_PKEY) *pkeys, STACK_OF(X509) *certs,
1265 	    (pkeys == NULL && certs == NULL) ||
1267 	    (certs != NULL && matching_cert == NULL)) {
1285 	retval = find_attr(NID_friendlyName, cmpstr, pkeys, &tmp_pkey, certs,
1508  *   matchty  - Info about which certs/keys to return if many are in the file.
1518  *              authority' certs/trust anchors.
1563 	 * Go through the lists of certs and private keys which were
1620 		 * them.  Since keys which don't have matching client certs
1622 		 * client certs to compute the position of the last private
1690  *         individual bags.  Return stacks of certs, private keys found and
1691  *         CA certs found.
1699  *    1 - PKCS12 data object was parsed and lists of certs and private keys
1754  *    1 - Stack of safebags was parsed and lists of certs and private keys
1780  *   cl         - Stack of certs found so far.  New certificates will be
1787  *        was added to the stack of certs or private keys found, respectively.
2014  * certs).  Other interfaces that read files require that the application
2025     STACK_OF(EVP_PKEY) **pkeys, STACK_OF(X509) **certs)
2140 	retval = set_results(pkeys, &work_kl, certs, &work_cl, NULL, NULL,
2188  * move_certs - Given two stacks of certs, remove the certs from
2192  *   dst 	- the stack to receive the certs from 'src'
2193  *   src	- the stack whose certs are to be moved.
2197  *   >= 0       - The number of certs that were copied.
2219  * get_key_cert - Get a cert and its matching key from the stacks of certs
2225  *              certs below.
2228  *   cl       - Points to a stack of client certs with matching private keys.
2232  * The assumption is that the stacks of keys and certs contain key/cert pairs,
2237  * A stack of certs can be passed in without a stack of private keys, and vise
2548  *   cl       - Points to a stack of client certs with matching private keys.
2552  * This function is designed to process lists of certs and private keys.
2554  * for certs and for keys.  For certs, only a few attributes are retained.
2560  *   - If there there is no stack of certs but a stack of private keys exists,
2562  *     of certs and no private keys, search the certs.
2564  *   - If there are both certs and keys, assume that the matching certs and
2566  *     order.  Search for the name or keyid in the stack of certs.  If it is
2658 		 * lists of certs and their matching pkeys are in the same
2693  * set_results - Given two pointers to stacks of private keys, certs or CA
2694  *     CA certs, either copy the second stack to the first, or append the
2700  *   certs    - Points to stack of certs
2701  *   work_cl  - Points to working stack of certs
2702  *   cacerts  - Points to stack of CA certs
2703  *   work_ca  - Points to working stack of CA certs
2708  *   of keys or certs.  The second of the pair points at a 'working stack'
2728     STACK_OF(X509) **certs, STACK_OF(X509) **work_cl,
2746 	if (certs != NULL && work_cl != NULL && *work_cl != NULL &&
2748 		if (*certs == NULL) {
2749 			*certs = *work_cl;
2752 			if (move_certs(*certs, *work_cl) < 0) {

Indexes created Thu Jul 11 22:23:02 MDT 2024