X509_VERIFY_PARAM *param = ctx->param;
int depth,i,ok=0;
int num;
- int (*cb)(int ok,X509_STORE_CTX *ctx);
+ int (*cb)(int xok,X509_STORE_CTX *xctx);
STACK_OF(X509) *sktmp=NULL;
if (ctx->cert == NULL)
{
#else
int i, ok=0, must_be_ca;
X509 *x;
- int (*cb)(int ok,X509_STORE_CTX *ctx);
+ int (*cb)(int xok,X509_STORE_CTX *xctx);
int proxy_path_length = 0;
- int allow_proxy_certs = !!(ctx->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+ int allow_proxy_certs =
+ !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
cb=ctx->verify_cb;
/* must_be_ca can have 1 of 3 values:
#else
int i, ok;
X509 *x;
- int (*cb)(int ok,X509_STORE_CTX *ctx);
+ int (*cb)(int xok,X509_STORE_CTX *xctx);
cb=ctx->verify_cb;
/* For now just check the last certificate in the chain */
i = sk_X509_num(ctx->chain) - 1;
for (i = 0; i < sk_X509_CRL_num(crls); i++)
{
crl = sk_X509_CRL_value(crls, i);
- if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+ if (nm && X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
continue;
if (check_crl_time(ctx, crl, 0))
{
*pcrl = crl;
- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);
+ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
return 1;
}
best_crl = crl;
{
int ok;
X509_CRL *crl = NULL;
- X509_OBJECT xobj;
+ STACK_OF(X509_CRL) *skcrl;
X509_NAME *nm;
nm = X509_get_issuer_name(x);
ok = get_crl_sk(ctx, &crl, nm, ctx->crls);
return 1;
}
- ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj);
+ /* Lookup CRLs from store */
- if (!ok)
+ skcrl = ctx->lookup_crls(ctx, nm);
+
+ /* If no CRLs found and a near match from get_crl_sk use that */
+ if (!skcrl)
{
- /* If we got a near match from get_crl_sk use that */
if (crl)
{
*pcrl = crl;
return 0;
}
- *pcrl = xobj.data.crl;
+ get_crl_sk(ctx, &crl, NULL, skcrl);
+
+ sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
+
+ /* If we got any kind of CRL use it and return success */
if (crl)
- X509_CRL_free(crl);
- return 1;
+ {
+ *pcrl = crl;
+ return 1;
+ }
+
+ return 0;
}
/* Check CRL validity */
}
}
- if (!check_crl_time(ctx, crl, 1))
+ ok = check_crl_time(ctx, crl, 1);
+ if (!ok)
goto err;
ok = 1;
ctx->param->policies, ctx->param->flags);
if (ret == 0)
{
- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
+ X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE);
return 0;
}
/* Invalid or inconsistent extensions */
int ok=0,n;
X509 *xs,*xi;
EVP_PKEY *pkey=NULL;
- int (*cb)(int ok,X509_STORE_CTX *ctx);
+ int (*cb)(int xok,X509_STORE_CTX *xctx);
cb=ctx->verify_cb;
xs->valid = 1;
- if (!check_cert_time(ctx, xs))
+ ok = check_cert_time(ctx, xs);
+ if (!ok)
goto end;
/* The last error (if any) is still in the error value */
offset=0;
else
{
- if ((*str != '+') && (str[5] != '-'))
+ if ((*str != '+') && (*str != '-'))
return 0;
offset=((str[1]-'0')*10+(str[2]-'0'))*60;
offset+=(str[3]-'0')*10+(str[4]-'0');
else
ctx->cert_crl = cert_crl;
+ if (store && store->lookup_certs)
+ ctx->lookup_certs = store->lookup_certs;
+ else
+ ctx->lookup_certs = X509_STORE_get1_certs;
+
+ if (store && store->lookup_crls)
+ ctx->lookup_crls = store->lookup_crls;
+ else
+ ctx->lookup_crls = X509_STORE_get1_crls;
+
ctx->check_policy = check_policy;