OPENSSL_free(ctx);
}
-int X509_STORE_lock(X509_STORE *s)
+int X509_STORE_lock(X509_STORE *xs)
{
- return CRYPTO_THREAD_write_lock(s->lock);
+ return CRYPTO_THREAD_write_lock(xs->lock);
}
-int X509_STORE_unlock(X509_STORE *s)
+int X509_STORE_unlock(X509_STORE *xs)
{
- return CRYPTO_THREAD_unlock(s->lock);
+ return CRYPTO_THREAD_unlock(xs->lock);
}
int X509_LOOKUP_init(X509_LOOKUP *ctx)
return ctx->store_ctx;
}
-
static int x509_object_cmp(const X509_OBJECT *const *a,
const X509_OBJECT *const *b)
{
return NULL;
}
-void X509_STORE_free(X509_STORE *vfy)
+void X509_STORE_free(X509_STORE *xs)
{
int i;
STACK_OF(X509_LOOKUP) *sk;
X509_LOOKUP *lu;
- if (vfy == NULL)
+ if (xs == NULL)
return;
- CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock);
- REF_PRINT_COUNT("X509_STORE", vfy);
+ CRYPTO_DOWN_REF(&xs->references, &i, xs->lock);
+ REF_PRINT_COUNT("X509_STORE", xs);
if (i > 0)
return;
REF_ASSERT_ISNT(i < 0);
- sk = vfy->get_cert_methods;
+ sk = xs->get_cert_methods;
for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
lu = sk_X509_LOOKUP_value(sk, i);
X509_LOOKUP_shutdown(lu);
X509_LOOKUP_free(lu);
}
sk_X509_LOOKUP_free(sk);
- sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free);
+ sk_X509_OBJECT_pop_free(xs->objs, X509_OBJECT_free);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
- X509_VERIFY_PARAM_free(vfy->param);
- CRYPTO_THREAD_lock_free(vfy->lock);
- OPENSSL_free(vfy);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, xs, &xs->ex_data);
+ X509_VERIFY_PARAM_free(xs->param);
+ CRYPTO_THREAD_lock_free(xs->lock);
+ OPENSSL_free(xs);
}
-int X509_STORE_up_ref(X509_STORE *vfy)
+int X509_STORE_up_ref(X509_STORE *xs)
{
int i;
- if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0)
+ if (CRYPTO_UP_REF(&xs->references, &i, xs->lock) <= 0)
return 0;
- REF_PRINT_COUNT("X509_STORE", vfy);
+ REF_PRINT_COUNT("X509_STORE", xs);
REF_ASSERT_ISNT(i < 2);
- return ((i > 1) ? 1 : 0);
+ return i > 1 ? 1 : 0;
}
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m)
{
int i;
STACK_OF(X509_LOOKUP) *sk;
X509_LOOKUP *lu;
- sk = v->get_cert_methods;
+ sk = xs->get_cert_methods;
for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
lu = sk_X509_LOOKUP_value(sk, i);
if (m == lu->method) {
return NULL;
}
- lu->store_ctx = v;
- if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+ lu->store_ctx = xs;
+ if (sk_X509_LOOKUP_push(xs->get_cert_methods, lu))
return lu;
/* malloc failed */
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
return NULL;
}
-X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
+/* Also fill the cache (ctx->store->objs) with all matching certificates. */
+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *ctx,
X509_LOOKUP_TYPE type,
const X509_NAME *name)
{
if (ret == NULL)
return NULL;
- if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) {
+ if (!X509_STORE_CTX_get_by_subject(ctx, type, name, ret)) {
X509_OBJECT_free(ret);
return NULL;
}
}
/*
+ * May be called with |ret| == NULL just for the side effect of
+ * caching all certs matching the given subject DN in |ctx->store->objs|.
* Returns 1 if successful,
* 0 if not found or X509_LOOKUP_by_subject_ex() returns an error,
* -1 on failure
*/
-static int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *vs,
+static int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *ctx,
X509_LOOKUP_TYPE type,
const X509_NAME *name,
X509_OBJECT *ret)
{
- X509_STORE *store = vs->store;
+ X509_STORE *store = ctx->store;
X509_LOOKUP *lu;
X509_OBJECT stmp, *tmp;
int i, j;
if (lu->method == NULL)
return -1;
j = X509_LOOKUP_by_subject_ex(lu, type, name, &stmp,
- vs->libctx, vs->propq);
+ ctx->libctx, ctx->propq);
if (j != 0) { /* non-zero value is considered success here */
tmp = &stmp;
break;
return 1;
}
-/* Also fill the cache with all matching certificates */
-int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
+/* Also fill the cache |ctx->store->objs| with all matching certificates. */
+int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *ctx,
X509_LOOKUP_TYPE type,
const X509_NAME *name, X509_OBJECT *ret)
{
- return ossl_x509_store_ctx_get_by_subject(vs, type, name, ret) > 0;
+ return ossl_x509_store_ctx_get_by_subject(ctx, type, name, ret) > 0;
}
-static int x509_store_add(X509_STORE *store, void *x, int crl) {
+static int x509_store_add(X509_STORE *store, void *x, int crl)
+{
X509_OBJECT *obj;
int ret = 0, added = 0;
return ret;
}
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x)
{
- if (!x509_store_add(ctx, x, 0)) {
+ if (!x509_store_add(xs, x, 0)) {
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
return 0;
}
return 1;
}
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x)
{
- if (!x509_store_add(ctx, x, 1)) {
+ if (!x509_store_add(xs, x, 1)) {
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
return 0;
}
return sk_X509_OBJECT_value(h, idx);
}
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v)
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs)
{
- return v->objs;
+ return xs->objs;
}
STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store)
} else if (x->type == X509_LU_CRL) {
if (X509_CRL_match(obj->data.crl, x->data.crl) == 0)
return obj;
- } else
+ } else {
return obj;
+ }
}
return NULL;
}
return ret;
}
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags)
{
- return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+ return X509_VERIFY_PARAM_set_flags(xs->param, flags);
}
-int X509_STORE_set_depth(X509_STORE *ctx, int depth)
+int X509_STORE_set_depth(X509_STORE *xs, int depth)
{
- X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+ X509_VERIFY_PARAM_set_depth(xs->param, depth);
return 1;
}
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose)
{
- return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
+ return X509_VERIFY_PARAM_set_purpose(xs->param, purpose);
}
-int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+int X509_STORE_set_trust(X509_STORE *xs, int trust)
{
- return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
+ return X509_VERIFY_PARAM_set_trust(xs->param, trust);
}
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *param)
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *param)
{
- return X509_VERIFY_PARAM_set1(ctx->param, param);
+ return X509_VERIFY_PARAM_set1(xs->param, param);
}
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx)
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs)
{
- return ctx->param;
+ return xs->param;
}
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify)
{
- ctx->verify = verify;
+ xs->verify = verify;
}
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx)
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs)
{
- return ctx->verify;
+ return xs->verify;
}
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+void X509_STORE_set_verify_cb(X509_STORE *xs,
X509_STORE_CTX_verify_cb verify_cb)
{
- ctx->verify_cb = verify_cb;
+ xs->verify_cb = verify_cb;
}
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx)
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs)
{
- return ctx->verify_cb;
+ return xs->verify_cb;
}
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+void X509_STORE_set_get_issuer(X509_STORE *xs,
X509_STORE_CTX_get_issuer_fn get_issuer)
{
- ctx->get_issuer = get_issuer;
+ xs->get_issuer = get_issuer;
}
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx)
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs)
{
- return ctx->get_issuer;
+ return xs->get_issuer;
}
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+void X509_STORE_set_check_issued(X509_STORE *xs,
X509_STORE_CTX_check_issued_fn check_issued)
{
- ctx->check_issued = check_issued;
+ xs->check_issued = check_issued;
}
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx)
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *xs)
{
- return ctx->check_issued;
+ return xs->check_issued;
}
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
- X509_STORE_CTX_check_revocation_fn check_revocation)
+void X509_STORE_set_check_revocation(X509_STORE *xs,
+ X509_STORE_CTX_check_revocation_fn cb)
{
- ctx->check_revocation = check_revocation;
+ xs->check_revocation = cb;
}
-X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(const X509_STORE *ctx)
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(const X509_STORE *xs)
{
- return ctx->check_revocation;
+ return xs->check_revocation;
}
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+void X509_STORE_set_get_crl(X509_STORE *xs,
X509_STORE_CTX_get_crl_fn get_crl)
{
- ctx->get_crl = get_crl;
+ xs->get_crl = get_crl;
}
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx)
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs)
{
- return ctx->get_crl;
+ return xs->get_crl;
}
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+void X509_STORE_set_check_crl(X509_STORE *xs,
X509_STORE_CTX_check_crl_fn check_crl)
{
- ctx->check_crl = check_crl;
+ xs->check_crl = check_crl;
}
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx)
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs)
{
- return ctx->check_crl;
+ return xs->check_crl;
}
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+void X509_STORE_set_cert_crl(X509_STORE *xs,
X509_STORE_CTX_cert_crl_fn cert_crl)
{
- ctx->cert_crl = cert_crl;
+ xs->cert_crl = cert_crl;
}
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx)
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs)
{
- return ctx->cert_crl;
+ return xs->cert_crl;
}
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+void X509_STORE_set_check_policy(X509_STORE *xs,
X509_STORE_CTX_check_policy_fn check_policy)
{
- ctx->check_policy = check_policy;
+ xs->check_policy = check_policy;
}
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx)
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *xs)
{
- return ctx->check_policy;
+ return xs->check_policy;
}
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
X509_STORE_CTX_lookup_certs_fn lookup_certs)
{
- ctx->lookup_certs = lookup_certs;
+ xs->lookup_certs = lookup_certs;
}
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx)
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *xs)
{
- return ctx->lookup_certs;
+ return xs->lookup_certs;
}
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
X509_STORE_CTX_lookup_crls_fn lookup_crls)
{
- ctx->lookup_crls = lookup_crls;
+ xs->lookup_crls = lookup_crls;
}
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx)
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs)
{
- return ctx->lookup_crls;
+ return xs->lookup_crls;
}
-void X509_STORE_set_cleanup(X509_STORE *ctx,
- X509_STORE_CTX_cleanup_fn ctx_cleanup)
+void X509_STORE_set_cleanup(X509_STORE *xs,
+ X509_STORE_CTX_cleanup_fn cleanup)
{
- ctx->cleanup = ctx_cleanup;
+ xs->cleanup = cleanup;
}
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx)
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs)
{
- return ctx->cleanup;
+ return xs->cleanup;
}
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data)
{
- return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+ return CRYPTO_set_ex_data(&xs->ex_data, idx, data);
}
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx)
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx)
{
- return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+ return CRYPTO_get_ex_data(&xs->ex_data, idx);
}
X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx)
ERR_pop_to_mark();
if (certs == NULL)
return -1;
+
/* Look for exact match */
for (i = 0; i < sk_X509_num(certs); i++) {
xtmp = sk_X509_value(certs, i);
return rv;
}
-/* Check that the given certificate 'x' is issued by the certificate 'issuer' */
+/* Check that the given certificate |x| is issued by the certificate |issuer| */
static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
{
int err = ossl_x509_likely_issued(issuer, x);
static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
{
*issuer = find_issuer(ctx, ctx->other_ctx, x);
- if (*issuer != NULL)
- return X509_up_ref(*issuer) ? 1 : -1;
- return 0;
+ if (*issuer == NULL)
+ return 0;
+ return X509_up_ref(*issuer) ? 1 : -1;
}
/*-
* Alternative lookup method: look from a STACK stored in other_ctx.
* Returns NULL on internal/fatal error, empty stack if not found.
*/
-static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx,
- const X509_NAME *nm)
+static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, const X509_NAME *nm)
{
STACK_OF(X509) *sk = sk_X509_new_null();
X509 *x;
res = lookup_cert_match(&mx, ctx, x);
if (res < 0)
return res;
- if (mx == NULL)
+ if (res == 0)
return X509_TRUST_UNTRUSTED;
/*
return X509_cmp_time(ctm, NULL);
}
+/* returns 0 on error, otherwise 1 if ctm > cmp_time, else -1 */
int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
{
static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
dane->pdpth = -1;
}
- /*
- * Self-signed untrusted certificates get replaced by their
- * trusted matching issuer. Otherwise, grow the chain.
- */
- if (!self_signed) {
+ if (!self_signed) { /* untrusted not self-signed certificate */
+ /* Grow the chain by trusted issuer */
if (!sk_X509_push(ctx->chain, issuer)) {
X509_free(issuer);
goto memerr;
goto int_err;
} else {
/*
- * We have a self-signed certificate that has the same
+ * We have a self-signed untrusted cert that has the same
* subject name (and perhaps keyid and/or serial number) as
* a trust anchor. We must have an exact match to avoid
* possible impersonation via key substitution etc.
X509_free(issuer);
ok = 0;
} else { /* curr "==" issuer */
+ /*
+ * Replace self-signed untrusted certificate
+ * by its trusted matching issuer.
+ */
X509_free(curr);
ctx->num_untrusted = --num;
(void)sk_X509_set(ctx->chain, num, issuer);
}
/*
- * Extend chain with peer-provided untrusted certificates
+ * Try to extend chain with peer-provided untrusted certificate
*/
if ((search & S_DOUNTRUSTED) != 0) {
num = sk_X509_num(ctx->chain);
/* Drop this issuer from future consideration */
(void)sk_X509_delete_ptr(sk_untrusted, issuer);
+ /* Grow the chain by untrusted issuer */
if (!X509_add_cert(ctx->chain, issuer, X509_ADD_FLAG_UP_REF))
goto int_err;
is no longer valid.
If I<ctx> is NULL nothing is done.
+X509_STORE_CTX_init() sets up I<ctx> for a subsequent verification operation.
It must be called before each call to L<X509_verify_cert(3)> or
L<X509_STORE_CTX_verify(3)>, i.e., a context is only good for one verification.
If you want to verify a further certificate or chain with the same I<ctx>
typedef x509_store_st X509_STORE;
- int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
- int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+ int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+ int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
int X509_STORE_set_depth(X509_STORE *store, int depth);
- int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
- int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
- int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+ int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+ int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+ int X509_STORE_set_trust(X509_STORE *xs, int trust);
X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store,
X509_LOOKUP_METHOD *meth);
- int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
+ int X509_STORE_set_default_paths_ex(X509_STORE *xs, OSSL_LIB_CTX *libctx,
const char *propq);
- int X509_STORE_set_default_paths(X509_STORE *ctx);
- int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+ int X509_STORE_set_default_paths(X509_STORE *xs);
+ int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
OSSL_LIB_CTX *libctx, const char *propq);
- int X509_STORE_load_file(X509_STORE *ctx, const char *file);
- int X509_STORE_load_path(X509_STORE *ctx, const char *dir);
- int X509_STORE_load_store_ex(X509_STORE *ctx, const char *uri,
+ int X509_STORE_load_file(X509_STORE *xs, const char *file);
+ int X509_STORE_load_path(X509_STORE *xs, const char *dir);
+ int X509_STORE_load_store_ex(X509_STORE *xs, const char *uri,
OSSL_LIB_CTX *libctx, const char *propq);
- int X509_STORE_load_store(X509_STORE *ctx, const char *uri);
- int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
+ int X509_STORE_load_store(X509_STORE *xs, const char *uri);
+ int X509_STORE_load_locations_ex(X509_STORE *xs, const char *file,
const char *dir, OSSL_LIB_CTX *libctx,
const char *propq);
- int X509_STORE_load_locations(X509_STORE *ctx,
+ int X509_STORE_load_locations(X509_STORE *xs,
const char *file, const char *dir);
=head1 DESCRIPTION
#include <openssl/x509_vfy.h>
- X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
- int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
- STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *ctx);
- STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
+ X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
+ int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+ STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+ STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
=head1 DESCRIPTION
-X509_STORE_set1_param() sets the verification parameters
-to B<pm> for B<ctx>.
+X509_STORE_set1_param() sets the verification parameters to I<pm> for I<xs>.
X509_STORE_get0_param() retrieves an internal pointer to the verification
-parameters for B<ctx>. The returned pointer must not be freed by the
+parameters for I<xs>. The returned pointer must not be freed by the
calling application
X509_STORE_get0_objects() retrieves an internal pointer to the store's
#include <openssl/x509_vfy.h>
X509_STORE *X509_STORE_new(void);
- void X509_STORE_free(X509_STORE *v);
- int X509_STORE_lock(X509_STORE *v);
- int X509_STORE_unlock(X509_STORE *v);
- int X509_STORE_up_ref(X509_STORE *v);
+ void X509_STORE_free(X509_STORE *xs);
+ int X509_STORE_lock(X509_STORE *xs);
+ int X509_STORE_unlock(X509_STORE *xs);
+ int X509_STORE_up_ref(X509_STORE *xs);
=head1 DESCRIPTION
const X509_NAME *nm);
typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
- void X509_STORE_set_verify_cb(X509_STORE *ctx,
+ void X509_STORE_set_verify_cb(X509_STORE *xs,
X509_STORE_CTX_verify_cb verify_cb);
X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE_CTX *ctx);
- void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+ void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE_CTX *ctx);
- void X509_STORE_set_get_issuer(X509_STORE *ctx,
+ void X509_STORE_set_get_issuer(X509_STORE *xs,
X509_STORE_CTX_get_issuer_fn get_issuer);
- void X509_STORE_set_check_issued(X509_STORE *ctx,
+ void X509_STORE_set_check_issued(X509_STORE *xs,
X509_STORE_CTX_check_issued_fn check_issued);
X509_STORE_CTX_check_issued_fn
X509_STORE_get_check_issued(const X509_STORE_CTX *ctx);
- void X509_STORE_set_check_revocation(X509_STORE *ctx,
+ void X509_STORE_set_check_revocation(X509_STORE *xs,
X509_STORE_CTX_check_revocation_fn check_revocation);
X509_STORE_CTX_check_revocation_fn
X509_STORE_get_check_revocation(const X509_STORE_CTX *ctx);
- void X509_STORE_set_get_crl(X509_STORE *ctx,
+ void X509_STORE_set_get_crl(X509_STORE *xs,
X509_STORE_CTX_get_crl_fn get_crl);
X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE_CTX *ctx);
- void X509_STORE_set_check_crl(X509_STORE *ctx,
+ void X509_STORE_set_check_crl(X509_STORE *xs,
X509_STORE_CTX_check_crl_fn check_crl);
X509_STORE_CTX_check_crl_fn
X509_STORE_get_check_crl(const X509_STORE_CTX *ctx);
- void X509_STORE_set_cert_crl(X509_STORE *ctx,
+ void X509_STORE_set_cert_crl(X509_STORE *xs,
X509_STORE_CTX_cert_crl_fn cert_crl);
X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE_CTX *ctx);
- void X509_STORE_set_check_policy(X509_STORE *ctx,
+ void X509_STORE_set_check_policy(X509_STORE *xs,
X509_STORE_CTX_check_policy_fn check_policy);
X509_STORE_CTX_check_policy_fn
X509_STORE_get_check_policy(const X509_STORE_CTX *ctx);
- void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+ void X509_STORE_set_lookup_certs(X509_STORE *xs,
X509_STORE_CTX_lookup_certs_fn lookup_certs);
X509_STORE_CTX_lookup_certs_fn
X509_STORE_get_lookup_certs(const X509_STORE_CTX *ctx);
- void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+ void X509_STORE_set_lookup_crls(X509_STORE *xs,
X509_STORE_CTX_lookup_crls_fn lookup_crls);
X509_STORE_CTX_lookup_crls_fn
X509_STORE_get_lookup_crls(const X509_STORE_CTX *ctx);
- void X509_STORE_set_cleanup(X509_STORE *ctx,
+ void X509_STORE_set_cleanup(X509_STORE *xs,
X509_STORE_CTX_cleanup_fn cleanup);
X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE_CTX *ctx);
/* Aliases */
void X509_STORE_set_verify_cb_func(X509_STORE *st,
X509_STORE_CTX_verify_cb verify_cb);
- void X509_STORE_set_verify_func(X509_STORE *ctx,
+ void X509_STORE_set_verify_func(X509_STORE *xs,
X509_STORE_CTX_verify_fn verify);
- void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
+ void X509_STORE_set_lookup_crls_cb(X509_STORE *xs,
X509_STORE_CTX_lookup_crls_fn lookup_crls);
=head1 DESCRIPTION
-X509_STORE_set_verify_cb() sets the verification callback of I<ctx> to
+X509_STORE_set_verify_cb() sets the verification callback of I<xs> to
I<verify_cb> overwriting the previous callback.
The callback assigned with this function becomes a default for the one
that can be assigned directly to the corresponding B<X509_STORE_CTX>,
please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
X509_STORE_set_verify() sets the final chain verification function for
-I<ctx> to I<verify>.
+I<xs> to I<verify>.
Its purpose is to go through the chain of certificates and check that
all signatures are valid and that the current time is within the
limits of each certificate's first and last validity time.
function will be used instead.>
X509_STORE_CTX_get1_issuer() tries to find a certificate from the I<store>
-component of I<ctx> with a subject name matching the issuer name of I<x>.
-On success it assigns to I<*issuer> the first match that is currently valid,
-or at least the most recently expired match if there is no currently valid one.
+component of I<ctx> that has a subject name matching the issuer name of I<x>
+and is accepted by the I<check_issued> function in I<ctx>.
+On success it assigns to I<*issuer> the first match that has a suitable validity
+period or otherwise has the latest expiration date of all matching certificates.
If the function returns 1 the caller is responsible for freeing I<*issuer>.
+Note that this search does not support backtracking.
-X509_STORE_set_get_issuer() sets the function I<get_issuer>
+X509_STORE_set_get_issuer() sets the function I<get_issuer> that is used
to get the "best" candidate issuer certificate of the given certificate I<x>.
When such a certificate is found, I<get_issuer> must up-ref and assign it
to I<*issuer> and then return 1.
X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a);
int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
X509_STORE *X509_STORE_new(void);
-void X509_STORE_free(X509_STORE *v);
-int X509_STORE_lock(X509_STORE *ctx);
-int X509_STORE_unlock(X509_STORE *ctx);
-int X509_STORE_up_ref(X509_STORE *v);
-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v);
-STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *st);
-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
+void X509_STORE_free(X509_STORE *xs);
+int X509_STORE_lock(X509_STORE *xs);
+int X509_STORE_unlock(X509_STORE *xs);
+int X509_STORE_up_ref(X509_STORE *xs);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *xs);
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *xs,
const X509_NAME *nm);
STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *st,
const X509_NAME *nm);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *pm);
-X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx);
+int X509_STORE_set_flags(X509_STORE *xs, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *xs, int purpose);
+int X509_STORE_set_trust(X509_STORE *xs, int trust);
+int X509_STORE_set1_param(X509_STORE *xs, const X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *xs);
-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+void X509_STORE_set_verify(X509_STORE *xs, X509_STORE_CTX_verify_fn verify);
#define X509_STORE_set_verify_func(ctx, func) \
X509_STORE_set_verify((ctx),(func))
void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
X509_STORE_CTX_verify_fn verify);
-X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx);
-void X509_STORE_set_verify_cb(X509_STORE *ctx,
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *xs);
+void X509_STORE_set_verify_cb(X509_STORE *xs,
X509_STORE_CTX_verify_cb verify_cb);
# define X509_STORE_set_verify_cb_func(ctx,func) \
X509_STORE_set_verify_cb((ctx),(func))
-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx);
-void X509_STORE_set_get_issuer(X509_STORE *ctx,
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *xs);
+void X509_STORE_set_get_issuer(X509_STORE *xs,
X509_STORE_CTX_get_issuer_fn get_issuer);
-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx);
-void X509_STORE_set_check_issued(X509_STORE *ctx,
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *xs);
+void X509_STORE_set_check_issued(X509_STORE *xs,
X509_STORE_CTX_check_issued_fn check_issued);
-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx);
-void X509_STORE_set_check_revocation(X509_STORE *ctx,
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *s);
+void X509_STORE_set_check_revocation(X509_STORE *xs,
X509_STORE_CTX_check_revocation_fn check_revocation);
X509_STORE_CTX_check_revocation_fn
- X509_STORE_get_check_revocation(const X509_STORE *ctx);
-void X509_STORE_set_get_crl(X509_STORE *ctx,
+ X509_STORE_get_check_revocation(const X509_STORE *xs);
+void X509_STORE_set_get_crl(X509_STORE *xs,
X509_STORE_CTX_get_crl_fn get_crl);
-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_crl(X509_STORE *ctx,
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *xs);
+void X509_STORE_set_check_crl(X509_STORE *xs,
X509_STORE_CTX_check_crl_fn check_crl);
-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx);
-void X509_STORE_set_cert_crl(X509_STORE *ctx,
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *xs);
+void X509_STORE_set_cert_crl(X509_STORE *xs,
X509_STORE_CTX_cert_crl_fn cert_crl);
-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx);
-void X509_STORE_set_check_policy(X509_STORE *ctx,
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *xs);
+void X509_STORE_set_check_policy(X509_STORE *xs,
X509_STORE_CTX_check_policy_fn check_policy);
-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx);
-void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *s);
+void X509_STORE_set_lookup_certs(X509_STORE *xs,
X509_STORE_CTX_lookup_certs_fn lookup_certs);
-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx);
-void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *s);
+void X509_STORE_set_lookup_crls(X509_STORE *xs,
X509_STORE_CTX_lookup_crls_fn lookup_crls);
#define X509_STORE_set_lookup_crls_cb(ctx, func) \
X509_STORE_set_lookup_crls((ctx), (func))
-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx);
-void X509_STORE_set_cleanup(X509_STORE *ctx,
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *xs);
+void X509_STORE_set_cleanup(X509_STORE *xs,
X509_STORE_CTX_cleanup_fn cleanup);
-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *xs);
#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
-void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx);
+int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
+void *X509_STORE_get_ex_data(const X509_STORE *xs, int idx);
X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
X509_STORE_CTX *X509_STORE_CTX_new(void);
# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
#endif
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *xs, X509_LOOKUP_METHOD *m);
X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
const X509_LOOKUP_METHOD *method);
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+int X509_STORE_add_cert(X509_STORE *xs, X509 *x);
+int X509_STORE_add_crl(X509_STORE *xs, X509_CRL *x);
int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs,
X509_LOOKUP_TYPE type,
X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
-int X509_STORE_load_file(X509_STORE *ctx, const char *file);
-int X509_STORE_load_path(X509_STORE *ctx, const char *path);
-int X509_STORE_load_store(X509_STORE *ctx, const char *store);
-int X509_STORE_load_locations(X509_STORE *ctx,
- const char *file,
- const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
+int X509_STORE_load_file(X509_STORE *xs, const char *file);
+int X509_STORE_load_path(X509_STORE *xs, const char *path);
+int X509_STORE_load_store(X509_STORE *xs, const char *store);
+int X509_STORE_load_locations(X509_STORE *s, const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *xs);
-int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file,
+int X509_STORE_load_file_ex(X509_STORE *xs, const char *file,
OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_store_ex(X509_STORE *ctx, const char *store,
+int X509_STORE_load_store_ex(X509_STORE *xs, const char *store,
OSSL_LIB_CTX *libctx, const char *propq);
-int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file,
- const char *dir, OSSL_LIB_CTX *libctx,
- const char *propq);
-int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx,
- const char *propq);
+int X509_STORE_load_locations_ex(X509_STORE *xs,
+ const char *file, const char *dir,
+ OSSL_LIB_CTX *libctx, const char *propq);
+int X509_STORE_set_default_paths_ex(X509_STORE *xs,
+ OSSL_LIB_CTX *libctx, const char *propq);
#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
projects / openssl.git / commitdiff