📄 x509_vfy.c
字号:
/* ctx->error=0; not needed */ while (n >= 0) { ctx->error_depth=n; if (!xs->valid) { if ((pkey=X509_get_pubkey(xi)) == NULL) { ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; ctx->current_cert=xi; ok=(*cb)(0,ctx); if (!ok) goto end; } if (X509_verify(xs,pkey) <= 0) { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; ok=(*cb)(0,ctx); if (!ok) goto end; } pkey=NULL; i=X509_cmp_current_time(X509_get_notBefore(xs)); if (i == 0) { ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; ctx->current_cert=xs; ok=(*cb)(0,ctx); if (!ok) goto end; } if (i > 0) { ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; ctx->current_cert=xs; ok=(*cb)(0,ctx); if (!ok) goto end; } xs->valid=1; } i=X509_cmp_current_time(X509_get_notAfter(xs)); if (i == 0) { ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; ctx->current_cert=xs; ok=(*cb)(0,ctx); if (!ok) goto end; } if (i < 0) { ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; ctx->current_cert=xs; ok=(*cb)(0,ctx); if (!ok) goto end; } /* CRL CHECK */ /* The last error (if any) is still in the error value */ ctx->current_cert=xs; ok=(*cb)(1,ctx); if (!ok) goto end; n--; if (n >= 0) { xi=xs; xs=(X509 *)sk_value(ctx->chain,n); } } ok=1;end: return(ok); }int X509_cmp_current_time(ctm)ASN1_UTCTIME *ctm; { char *str; ASN1_UTCTIME atm; time_t offset; char buff1[24],buff2[24],*p; int i,j; p=buff1; i=ctm->length; str=(char *)ctm->data; if ((i < 11) || (i > 17)) return(0); memcpy(p,str,10); p+=10; str+=10; if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++)='0'; *(p++)='0'; } else { *(p++)= *(str++); *(p++)= *(str++); } *(p++)='Z'; *(p++)='\0'; if (*str == 'Z') offset=0; else { if ((*str != '+') && (str[5] != '-')) return(0); offset=((str[1]-'0')*10+(str[2]-'0'))*60; offset+=(str[3]-'0')*10+(str[4]-'0'); if (*str == '-') offset= -offset; } atm.type=V_ASN1_UTCTIME; atm.length=sizeof(buff2); atm.data=(unsigned char *)buff2; X509_gmtime_adj(&atm,-offset); i=(buff1[0]-'0')*10+(buff1[1]-'0'); if (i < 70) i+=100; j=(buff2[0]-'0')*10+(buff2[1]-'0'); if (j < 70) j+=100; if (i < j) return (-1); if (i > j) return (1); i=strcmp(buff1,buff2); if (i == 0) /* wait a second then return younger :-) */ return(-1); else return(i); }ASN1_UTCTIME *X509_gmtime_adj(s, adj)ASN1_UTCTIME *s;long adj; { time_t t; time(&t); t+=adj; return(ASN1_UTCTIME_set(s,t)); }int X509_get_pubkey_parameters(pkey,chain)EVP_PKEY *pkey;STACK *chain; { EVP_PKEY *ktmp=NULL,*ktmp2; int i,j; if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1); for (i=0; i<sk_num(chain); i++) { ktmp=X509_get_pubkey((X509 *)sk_value(chain,i)); if (ktmp == NULL) { X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); return(0); } if (!EVP_PKEY_missing_parameters(ktmp)) break; else { ktmp=NULL; } } if (ktmp == NULL) { X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); return(0); } /* first, populate the other certs */ for (j=i-1; j >= 0; j--) { ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j)); EVP_PKEY_copy_parameters(ktmp2,ktmp); } if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp); return(1); }int X509_STORE_add_cert(ctx,x)X509_STORE *ctx;X509 *x; { X509_OBJECT *obj,*r; int ret=1; if (x == NULL) return(0); obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT)); if (obj == NULL) { X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); return(0); } obj->type=X509_LU_X509; obj->data.x509=x; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); X509_OBJECT_up_ref_count(obj); r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); if (r != NULL) { /* oops, put it back */ lh_delete(ctx->certs,(char *)obj); X509_OBJECT_free_contents(obj); Free(obj); lh_insert(ctx->certs,(char *)r); X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); ret=0; } CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); return(ret); }int X509_STORE_add_crl(ctx,x)X509_STORE *ctx;X509_CRL *x; { X509_OBJECT *obj,*r; int ret=1; if (x == NULL) return(0); obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT)); if (obj == NULL) { X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); return(0); } obj->type=X509_LU_CRL; obj->data.crl=x; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); X509_OBJECT_up_ref_count(obj); r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); if (r != NULL) { /* oops, put it back */ lh_delete(ctx->certs,(char *)obj); X509_OBJECT_free_contents(obj); Free(obj); lh_insert(ctx->certs,(char *)r); X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); ret=0; } CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); return(ret); }int X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)long argl;char *argp;int (*new_func)();int (*dup_func)();void (*free_func)(); { x509_store_ctx_num++; return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1, &x509_store_ctx_method, argl,argp,new_func,dup_func,free_func)); }int X509_STORE_CTX_set_ex_data(ctx,idx,data)X509_STORE_CTX *ctx;int idx;char *data; { return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data)); }char *X509_STORE_CTX_get_ex_data(ctx,idx)X509_STORE_CTX *ctx;int idx; { return(CRYPTO_get_ex_data(&ctx->ex_data,idx)); }int X509_STORE_CTX_get_error(ctx)X509_STORE_CTX *ctx; { return(ctx->error); }void X509_STORE_CTX_set_error(ctx,err)X509_STORE_CTX *ctx;int err; { ctx->error=err; }int X509_STORE_CTX_get_error_depth(ctx)X509_STORE_CTX *ctx; { return(ctx->error_depth); }X509 *X509_STORE_CTX_get_current_cert(ctx)X509_STORE_CTX *ctx; { return(ctx->current_cert); }STACK *X509_STORE_CTX_get_chain(ctx)X509_STORE_CTX *ctx; { return(ctx->chain); }void X509_STORE_CTX_set_cert(ctx,x)X509_STORE_CTX *ctx;X509 *x; { ctx->cert=x; }void X509_STORE_CTX_set_chain(ctx,sk)X509_STORE_CTX *ctx;STACK *sk; { ctx->untrusted=sk; }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -