Lines Matching refs:crl
67 unsigned int *preasons, X509_CRL *crl, X509 *x);
73 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
75 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
1032 X509_CRL *crl = NULL, *dcrl = NULL; in check_cert() local
1050 ok = ctx->get_crl(ctx, &crl, x); in check_cert()
1052 ok = get_crl_delta(ctx, &crl, &dcrl, x); in check_cert()
1058 ctx->current_crl = crl; in check_cert()
1059 ok = ctx->check_crl(ctx, crl); in check_cert()
1076 ok = ctx->cert_crl(ctx, crl, x); in check_cert()
1081 X509_CRL_free(crl); in check_cert()
1083 crl = NULL; in check_cert()
1095 X509_CRL_free(crl); in check_cert()
1103 static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) in check_crl_time() argument
1115 ctx->current_crl = crl; in check_crl_time()
1117 i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime); in check_crl_time()
1132 if (X509_CRL_get0_nextUpdate(crl)) { in check_crl_time()
1133 i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime); in check_crl_time()
1161 X509_CRL *crl, *best_crl = NULL; in get_crl_sk() local
1165 crl = sk_X509_CRL_value(crls, i); in get_crl_sk()
1167 crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); in get_crl_sk()
1175 X509_CRL_get0_lastUpdate(crl)) == 0) in get_crl_sk()
1184 best_crl = crl; in get_crl_sk()
1300 unsigned int *preasons, X509_CRL *crl, X509 *x) in get_crl_score() argument
1308 if ((crl->idp_flags & IDP_INVALID) != 0) in get_crl_score()
1312 if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) in get_crl_score()
1314 } else if ((crl->idp_flags & IDP_REASONS) != 0) { in get_crl_score()
1316 if ((crl->idp_reasons & ~tmp_reasons) == 0) in get_crl_score()
1320 else if (crl->base_crl_number != NULL) in get_crl_score()
1323 if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl)) != 0) { in get_crl_score()
1324 if ((crl->idp_flags & IDP_INDIRECT) == 0) in get_crl_score()
1330 if ((crl->flags & EXFLAG_CRITICAL) == 0) in get_crl_score()
1334 if (check_crl_time(ctx, crl, 0)) in get_crl_score()
1338 crl_akid_check(ctx, crl, pissuer, &crl_score); in get_crl_score()
1345 if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { in get_crl_score()
1359 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, in crl_akid_check() argument
1363 const X509_NAME *cnm = X509_CRL_get_issuer(crl); in crl_akid_check()
1372 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { in crl_akid_check()
1384 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { in crl_akid_check()
1403 if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { in crl_akid_check()
1528 static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) in crldp_check_crlissuer() argument
1531 const X509_NAME *nm = X509_CRL_get_issuer(crl); in crldp_check_crlissuer()
1548 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, in crl_crldp_check() argument
1553 if ((crl->idp_flags & IDP_ONLYATTR) != 0) in crl_crldp_check()
1556 if ((crl->idp_flags & IDP_ONLYUSER) != 0) in crl_crldp_check()
1559 if ((crl->idp_flags & IDP_ONLYCA) != 0) in crl_crldp_check()
1562 *preasons = crl->idp_reasons; in crl_crldp_check()
1566 if (crldp_check_crlissuer(dp, crl, crl_score)) { in crl_crldp_check()
1567 if (crl->idp == NULL in crl_crldp_check()
1568 || idp_check_dp(dp->distpoint, crl->idp->distpoint)) { in crl_crldp_check()
1574 return (crl->idp == NULL || crl->idp->distpoint == NULL) in crl_crldp_check()
1589 X509_CRL *crl = NULL, *dcrl = NULL; in get_crl_delta() local
1594 ok = get_crl_sk(ctx, &crl, &dcrl, in get_crl_delta()
1603 if (skcrl == NULL && crl != NULL) in get_crl_delta()
1606 get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); in get_crl_delta()
1612 if (crl != NULL) { in get_crl_delta()
1616 *pcrl = crl; in get_crl_delta()
1624 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) in check_crl() argument
1656 if (crl->base_crl_number == NULL) { in check_crl()
1672 if ((crl->idp_flags & IDP_INVALID) != 0 && in check_crl()
1678 !check_crl_time(ctx, crl, 1)) in check_crl()
1688 int rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); in check_crl()
1693 if (X509_CRL_verify(crl, ikey) <= 0 && in check_crl()
1701 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) in cert_crl() argument
1712 && (crl->flags & EXFLAG_CRITICAL) != 0 && in cert_crl()
1719 if (X509_CRL_get0_by_cert(crl, &rev, x)) { in cert_crl()
2139 X509_CRL *crl = NULL; in X509_CRL_diff() local
2180 crl = X509_CRL_new_ex(base->libctx, base->propq); in X509_CRL_diff()
2181 if (crl == NULL || !X509_CRL_set_version(crl, X509_CRL_VERSION_2)) { in X509_CRL_diff()
2186 if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) { in X509_CRL_diff()
2191 if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer))) { in X509_CRL_diff()
2195 if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer))) { in X509_CRL_diff()
2201 if (X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0) <= 0) { in X509_CRL_diff()
2213 if (!X509_CRL_add_ext(crl, ext, -1)) { in X509_CRL_diff()
2237 if (!X509_CRL_add0_revoked(crl, rvtmp)) { in X509_CRL_diff()
2245 if (skey != NULL && md != NULL && !X509_CRL_sign(crl, skey, md)) { in X509_CRL_diff()
2250 return crl; in X509_CRL_diff()
2253 X509_CRL_free(crl); in X509_CRL_diff()
