/*-
* Return 1 if given cert is considered self-signed, 0 if not, or -1 on error.
* This actually verifies self-signedness only if requested.
- * It calls X509v3_cache_extensions()
+ * It calls ossl_x509v3_cache_extensions()
* to match issuer and subject names (i.e., the cert being self-issued) and any
* present authority key identifier to match the subject key identifier, etc.
*/
ERR_raise(ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
return -1;
}
- if (!x509v3_cache_extensions(cert))
+ if (!ossl_x509v3_cache_extensions(cert))
return -1;
if ((cert->ex_flags & EXFLAG_SS) == 0)
return 0;
if (ctx->check_issued(ctx, x, issuer)
&& (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
|| !sk_X509_contains(ctx->chain, issuer))) {
- if (x509_check_cert_time(ctx, issuer, -1))
+ if (ossl_x509_check_cert_time(ctx, issuer, -1))
return issuer;
if (rv == NULL || ASN1_TIME_compare(X509_get0_notAfter(issuer),
X509_get0_notAfter(rv)) > 0)
/* Check that the given certificate 'x' is issued by the certificate 'issuer' */
static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
{
- int err = x509_likely_issued(issuer, x);
+ int err = ossl_x509_likely_issued(issuer, x);
if (err == X509_V_OK)
return 1;
*
* Return 1 on success, 0 otherwise.
*/
-int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
+int ossl_x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
{
time_t *ptime;
int i;
* We report the issuer as NULL because all we have is a bare key.
*/
xi = NULL;
- } else if (x509_likely_issued(xi, xi) != X509_V_OK
+ } else if (ossl_x509_likely_issued(xi, xi) != X509_V_OK
/* exceptional case: last cert in the chain is not self-issued */
&& ((ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) == 0)) {
if (n > 0) {
* we are free to ignore any key usage restrictions on such certs.
*/
int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0
- ? X509_V_OK : x509_signing_allowed(xi, xs);
+ ? X509_V_OK : ossl_x509_signing_allowed(xi, xs);
CB_FAIL_IF(ret != X509_V_OK, ctx, xi, issuer_depth, ret);
if ((pkey = X509_get0_pubkey(xi)) == NULL) {
/* in addition to RFC 5280, do also for trusted (root) cert */
/* Calls verify callback as needed */
- if (!x509_check_cert_time(ctx, xs, n))
+ if (!ossl_x509_check_cert_time(ctx, xs, n))
return 0;
/*
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
case X509_V_ERR_CERT_HAS_EXPIRED:
- return 0; /* Callback already issued by x509_check_cert_time() */
+ return 0; /* Callback already issued by ossl_x509_check_cert_time() */
default: /* A preliminary error has become final */
return verify_cb_cert(ctx, NULL, num - 1, ctx->error);
case X509_V_OK: