}
if (X509_verify(xs,pkey) <= 0)
{
- EVP_PKEY_free(pkey);
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs;
ok=(*cb)(0,ctx);
- if (!ok) goto end;
+ if (!ok)
+ {
+ EVP_PKEY_free(pkey);
+ goto end;
+ }
}
EVP_PKEY_free(pkey);
pkey=NULL;
return(ok);
}
-int X509_cmp_current_time(ASN1_UTCTIME *ctm)
+int X509_cmp_current_time(ASN1_TIME *ctm)
{
char *str;
- ASN1_UTCTIME atm;
+ ASN1_TIME atm;
time_t offset;
char buff1[24],buff2[24],*p;
int i,j;
p=buff1;
i=ctm->length;
str=(char *)ctm->data;
- if ((i < 11) || (i > 17)) return(0);
- memcpy(p,str,10);
- p+=10;
- str+=10;
+ if(ctm->type == V_ASN1_UTCTIME) {
+ if ((i < 11) || (i > 17)) return(0);
+ memcpy(p,str,10);
+ p+=10;
+ str+=10;
+ } else {
+ if(i < 13) return 0;
+ memcpy(p,str,12);
+ p+=12;
+ str+=12;
+ }
if ((*str == 'Z') || (*str == '-') || (*str == '+'))
{ *(p++)='0'; *(p++)='0'; }
- else { *(p++)= *(str++); *(p++)= *(str++); }
+ else
+ {
+ *(p++)= *(str++);
+ *(p++)= *(str++);
+ /* Skip any fractional seconds... */
+ if(*str == '.')
+ {
+ str++;
+ while((*str >= '0') && (*str <= '9')) str++;
+ }
+
+ }
*(p++)='Z';
*(p++)='\0';
if (*str == '-')
offset= -offset;
}
- atm.type=V_ASN1_UTCTIME;
+ atm.type=ctm->type;
atm.length=sizeof(buff2);
atm.data=(unsigned char *)buff2;
- X509_gmtime_adj(&atm,-offset);
+ X509_gmtime_adj(&atm,-offset*60);
- i=(buff1[0]-'0')*10+(buff1[1]-'0');
- if (i < 50) i+=100; /* cf. RFC 2459 */
- j=(buff2[0]-'0')*10+(buff2[1]-'0');
- if (j < 50) j+=100;
+ if(ctm->type == V_ASN1_UTCTIME)
+ {
+ i=(buff1[0]-'0')*10+(buff1[1]-'0');
+ if (i < 50) i+=100; /* cf. RFC 2459 */
+ j=(buff2[0]-'0')*10+(buff2[1]-'0');
+ if (j < 50) j+=100;
- if (i < j) return (-1);
- if (i > j) return (1);
+ if (i < j) return (-1);
+ if (i > j) return (1);
+ }
i=strcmp(buff1,buff2);
if (i == 0) /* wait a second then return younger :-) */
return(-1);
return(i);
}
-ASN1_UTCTIME *X509_gmtime_adj(ASN1_UTCTIME *s, long adj)
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
{
time_t t;
time(&t);
t+=adj;
- return(ASN1_UTCTIME_set(s,t));
+ if(!s) return ASN1_TIME_set(s, t);
+ if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
+ return ASN1_GENERALIZEDTIME_set(s, t);
}
int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
int ret=1;
if (x == NULL) return(0);
- obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
+ obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
if (obj == NULL)
{
X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
X509_OBJECT_up_ref_count(obj);
- r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
+ r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
if (r != NULL)
{ /* oops, put it back */
- lh_delete(ctx->certs,(char *)obj);
+ lh_delete(ctx->certs,obj);
X509_OBJECT_free_contents(obj);
- Free(obj);
- lh_insert(ctx->certs,(char *)r);
+ OPENSSL_free(obj);
+ lh_insert(ctx->certs,r);
X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
ret=0;
}
int ret=1;
if (x == NULL) return(0);
- obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
+ obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
if (obj == NULL)
{
X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
X509_OBJECT_up_ref_count(obj);
- r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
+ r=(X509_OBJECT *)lh_insert(ctx->certs,obj);
if (r != NULL)
{ /* oops, put it back */
- lh_delete(ctx->certs,(char *)obj);
+ lh_delete(ctx->certs,obj);
X509_OBJECT_free_contents(obj);
- Free(obj);
- lh_insert(ctx->certs,(char *)r);
+ OPENSSL_free(obj);
+ lh_insert(ctx->certs,r);
X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
ret=0;
}
return(ctx->chain);
}
-STACK_OF(X509) *X509_STORE_CTX_rget_chain(X509_STORE_CTX *ctx)
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
{
int i;
X509 *x;
if(!purpose) purpose = def_purpose;
/* If we have a purpose then check it is valid */
if(purpose) {
+ X509_PURPOSE *ptmp;
idx = X509_PURPOSE_get_by_id(purpose);
if(idx == -1) {
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
X509_R_UNKNOWN_PURPOSE_ID);
return 0;
}
- /* If trust not set then get from purpose default */
- if(!trust) {
- X509_PURPOSE *ptmp;
- ptmp = X509_PURPOSE_iget(idx);
- trust = ptmp->trust;
+ ptmp = X509_PURPOSE_get0(idx);
+ if(ptmp->trust == X509_TRUST_DEFAULT) {
+ idx = X509_PURPOSE_get_by_id(def_purpose);
+ if(idx == -1) {
+ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+ X509_R_UNKNOWN_PURPOSE_ID);
+ return 0;
+ }
+ ptmp = X509_PURPOSE_get0(idx);
}
+ /* If trust not set then get from purpose default */
+ if(!trust) trust = ptmp->trust;
}
if(trust) {
idx = X509_TRUST_get_by_id(trust);