BIO_free(bio);
}
- /*
- * TODO we could check policies here too, e.g.:
- * if (cert_error == X509_V_OK && ok == 2)
- * policies_print(NULL, ctx);
- */
-
return ok;
}
return 0;
BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
break;
- /* TODO possibly combine with ipaddr_to_asc() */
case IANA_AFI_IPV6:
if (!addr_expand(addr, bs, 16, fill))
return 0;
} else if (strcmp(val->name, "pathlen") == 0) {
if (!X509V3_get_value_int(val, &bcons->pathlen))
goto err;
- /* TODO add sanity check on int value - at least, must be >= 0 */
} else {
ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NAME);
X509V3_conf_add_error_name_value(val);
case 4: /* IPv4 */
BIO_snprintf(buf, sizeof(buf), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
break;
- /* TODO possibly combine with static i2r_address() in v3_addr.c */
case 16: /* IPv6 */
for (out = buf, i = 8, remain = sizeof(buf);
i-- > 0 && bytes >= 0;
return v->objs;
}
-/* TODO param type could be constified as change to lock is intermittent */
STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store)
{
STACK_OF(X509) *sk;
CB_FAIL_IF(x->altname != NULL
&& sk_GENERAL_NAME_num(x->altname) <= 0,
ctx, x, i, X509_V_ERR_EMPTY_SUBJECT_ALT_NAME);
- /* TODO add more checks on SAN entries */
/* Check sig alg consistency acc. to RFC 5280 section 4.1.1.2 */
CB_FAIL_IF(X509_ALGOR_cmp(&x->sig_alg, &x->cert_info.signature) != 0,
ctx, x, i, X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY);
rvn = sk_X509_REVOKED_value(revs, i);
/*
- * Add only if not also in base. TODO: need something cleverer here
- * for some more complex CRLs covering multiple CAs.
+ * Add only if not also in base.
+ * Need something cleverer here for some more complex CRLs covering
+ * multiple CAs.
*/
if (!X509_CRL_get0_by_serial(base, &rvtmp, &rvn->serialNumber)) {
rvtmp = X509_REVOKED_dup(rvn);
}
}
}
- /* TODO: optionally prune deleted entries */
if (skey != NULL && md != NULL && !X509_CRL_sign(crl, skey, md))
goto memerr;
return pubkey;
}
-/* TODO should better be called X509_PUBKEY_set1 */
int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
{
X509_PUBKEY *pk = NULL;
void X509_INFO_free(X509_INFO *a);
char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
-/* TODO move this block of decls to asn1.h when 'breaking change' is possible */
#ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0
int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
ASN1_INTEGER *X509_get_serialNumber(X509 *x);
const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
int X509_set_issuer_name(X509 *x, const X509_NAME *name);
-X509_NAME *X509_get_issuer_name(const X509 *a); /* TODO change to get0_ */
+X509_NAME *X509_get_issuer_name(const X509 *a);
int X509_set_subject_name(X509 *x, const X509_NAME *name);
-X509_NAME *X509_get_subject_name(const X509 *a); /* TODO change to get0_ */
+X509_NAME *X509_get_subject_name(const X509 *a);
const ASN1_TIME * X509_get0_notBefore(const X509 *x);
ASN1_TIME *X509_getm_notBefore(const X509 *x);
int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
long X509_REQ_get_version(const X509_REQ *req);
int X509_REQ_set_version(X509_REQ *x, long version);
-X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); /* TODO change to get0_ */
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
int X509_REQ_set_subject_name(X509_REQ *req, const X509_NAME *name);
void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
const X509_ALGOR **palg);
OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
OSSL_DEPRECATEDIN_1_1_0 ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
#endif
-X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); /* TODO change to get0_ */
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,