Lines Matching refs:cert
26 const OSSL_CMP_MSG *msg, X509 *cert) in verify_signature() argument
33 if (!ossl_assert(cmp_ctx != NULL && msg != NULL && cert != NULL)) in verify_signature()
41 && (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) { in verify_signature()
46 pubkey = X509_get_pubkey(cert); in verify_signature()
64 res = ossl_x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS); in verify_signature()
107 X509_STORE *trusted_store, X509 *cert) in OSSL_CMP_validate_cert_path() argument
113 if (ctx == NULL || cert == NULL) { in OSSL_CMP_validate_cert_path()
125 cert, ctx->untrusted)) in OSSL_CMP_validate_cert_path()
142 static int verify_cb_cert(X509_STORE *ts, X509 *cert, int err) in verify_cb_cert() argument
151 && X509_STORE_CTX_init(csc, ts, cert, NULL)) { in verify_cb_cert()
153 X509_STORE_CTX_set_current_cert(csc, cert); in verify_cb_cert()
225 static int already_checked(const X509 *cert, in already_checked() argument
231 if (X509_cmp(sk_X509_value(already_checked, i - 1), cert) == 0) in already_checked()
245 const char *desc1, const char *desc2, X509 *cert, in cert_acceptable() argument
251 int self_issued = X509_check_issued(cert, cert) == X509_V_OK; in cert_acceptable()
258 if ((str = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0)) != NULL) in cert_acceptable()
262 str = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); in cert_acceptable()
268 if (already_checked(cert, already_checked1) in cert_acceptable()
269 || already_checked(cert, already_checked2)) { in cert_acceptable()
274 time_cmp = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), in cert_acceptable()
275 X509_get0_notAfter(cert)); in cert_acceptable()
283 && verify_cb_cert(ts, cert, err) <= 0) in cert_acceptable()
288 "cert subject", X509_get_subject_name(cert), in cert_acceptable()
292 if (!check_kid(ctx, X509_get0_subject_key_id(cert), msg->header->senderKID)) in cert_acceptable()
295 if (!ossl_x509v3_cache_extensions(cert)) { in cert_acceptable()
299 if (!verify_signature(ctx, msg, cert)) { in cert_acceptable()
368 static int check_msg_given_cert(const OSSL_CMP_CTX *ctx, X509 *cert, in check_msg_given_cert() argument
372 cert, NULL, NULL, msg) in check_msg_given_cert()
373 && (check_cert_path(ctx, ctx->trusted, cert) in check_msg_given_cert()
374 || check_cert_path_3gpp(ctx, msg, cert)); in check_msg_given_cert()
398 X509 *cert = sk_X509_value(certs, i); in check_msg_with_certs() local
400 if (!ossl_assert(cert != NULL)) in check_msg_with_certs()
402 if (!cert_acceptable(ctx, "cert from", desc, cert, in check_msg_with_certs()
406 if (mode_3gpp ? check_cert_path_3gpp(ctx, msg, cert) in check_msg_with_certs()
407 : check_cert_path(ctx, ctx->trusted, cert)) { in check_msg_with_certs()
409 return ossl_cmp_ctx_set1_validatedSrvCert(ctx, cert); in check_msg_with_certs()