lib/libcrypto/cms/cms.h
197
int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
lib/libcrypto/cms/cms.h
200
int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
lib/libcrypto/cms/cms.h
213
int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
lib/libcrypto/cms/cms.h
251
int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
lib/libcrypto/cms/cms.h
252
int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
lib/libcrypto/cms/cms.h
270
int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
lib/libcrypto/cms/cms.h
336
int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
lib/libcrypto/cms/cms.h
342
X509 *cert);
lib/libcrypto/cms/cms_env.c
340
CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
lib/libcrypto/cms/cms_env.c
347
return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
lib/libcrypto/cms/cms_kari.c
140
CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
lib/libcrypto/cms/cms_kari.c
150
return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert);
lib/libcrypto/cms/cms_kari.c
152
return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert);
lib/libcrypto/cms/cms_kari.c
195
CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, X509 *cert)
lib/libcrypto/cms/cms_kari.c
200
return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert);
lib/libcrypto/cms/cms_kari.c
202
return cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, cert);
lib/libcrypto/cms/cms_lib.c
533
CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
lib/libcrypto/cms/cms_lib.c
545
if (!X509_cmp(cch->d.certificate, cert)) {
lib/libcrypto/cms/cms_lib.c
555
cch->d.certificate = cert;
lib/libcrypto/cms/cms_lib.c
562
CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
lib/libcrypto/cms/cms_lib.c
566
r = CMS_add0_cert(cms, cert);
lib/libcrypto/cms/cms_lib.c
568
X509_up_ref(cert);
lib/libcrypto/cms/cms_lib.c
714
cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
lib/libcrypto/cms/cms_lib.c
718
ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
lib/libcrypto/cms/cms_lib.c
722
return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
lib/libcrypto/cms/cms_lib.c
726
cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
lib/libcrypto/cms/cms_lib.c
728
const ASN1_OCTET_STRING *cert_keyid = cms_X509_get0_subject_key_id(cert);
lib/libcrypto/cms/cms_lib.c
737
cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
lib/libcrypto/cms/cms_lib.c
744
if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
lib/libcrypto/cms/cms_lib.c
746
if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
lib/libcrypto/cms/cms_lib.c
761
cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
lib/libcrypto/cms/cms_lib.c
766
cert_keyid = cms_X509_get0_subject_key_id(cert);
lib/libcrypto/cms/cms_local.h
418
int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
lib/libcrypto/cms/cms_local.h
421
int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
lib/libcrypto/cms/cms_local.h
427
int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
lib/libcrypto/cms/cms_local.h
428
int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
lib/libcrypto/cms/cms_local.h
429
int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
lib/libcrypto/cms/cms_local.h
430
int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);
lib/libcrypto/cms/cms_sd.c
207
cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
lib/libcrypto/cms/cms_sd.c
211
if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert))
lib/libcrypto/cms/cms_sd.c
216
if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert))
lib/libcrypto/cms/cms_sd.c
249
cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
lib/libcrypto/cms/cms_sd.c
252
return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
lib/libcrypto/cms/cms_sd.c
254
return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert);
lib/libcrypto/cms/cms_sd.c
564
CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
lib/libcrypto/cms/cms_sd.c
566
return cms_SignerIdentifier_cert_cmp(si->sid, cert);
lib/libcrypto/cms/cms_smime.c
676
X509 *cert)
lib/libcrypto/cms/cms_smime.c
687
if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
lib/libcrypto/cms/cms_smime.c
694
return cert == NULL ? 0 : -1;
lib/libcrypto/cms/cms_smime.c
701
CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
lib/libcrypto/cms/cms_smime.c
723
r = cms_kari_set1_pkey(cms, ri, pk, cert);
lib/libcrypto/cms/cms_smime.c
733
else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
lib/libcrypto/cms/cms_smime.c
738
if (cert) {
lib/libcrypto/cms/cms_smime.c
762
if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
lib/libcrypto/cms/cms_smime.c
838
CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, BIO *dcont,
lib/libcrypto/cms/cms_smime.c
854
if (!cert)
lib/libcrypto/cms/cms_smime.c
858
if (!pk && !cert && !dcont && !out)
lib/libcrypto/cms/cms_smime.c
860
if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
lib/libcrypto/ct/ct.h
126
int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
lib/libcrypto/ct/ct_local.h
151
X509 *cert;
lib/libcrypto/ct/ct_local.h
179
int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
lib/libcrypto/ct/ct_policy.c
104
CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
lib/libcrypto/ct/ct_policy.c
106
if (!X509_up_ref(cert))
lib/libcrypto/ct/ct_policy.c
108
ctx->cert = cert;
lib/libcrypto/ct/ct_policy.c
141
return ctx->cert;
lib/libcrypto/ct/ct_policy.c
97
X509_free(ctx->cert);
lib/libcrypto/ct/ct_sct.c
468
if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
lib/libcrypto/ct/ct_sct_ctx.c
103
ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
lib/libcrypto/ct/ct_sct_ctx.c
105
int ret = X509_get_ext_by_NID(cert, nid, -1);
lib/libcrypto/ct/ct_sct_ctx.c
109
X509_get_ext_by_NID(cert, nid, ret) >= 0;
lib/libcrypto/ct/ct_sct_ctx.c
120
ct_x509_cert_fixup(X509 *cert, X509 *presigner)
lib/libcrypto/ct/ct_sct_ctx.c
130
certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
lib/libcrypto/ct/ct_sct_ctx.c
145
if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
lib/libcrypto/ct/ct_sct_ctx.c
150
X509_EXTENSION *certext = X509_get_ext(cert, certidx);
lib/libcrypto/ct/ct_sct_ctx.c
165
SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
lib/libcrypto/ct/ct_sct_ctx.c
172
int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
lib/libcrypto/ct/ct_sct_ctx.c
184
certderlen = i2d_X509(cert, &certder);
lib/libcrypto/ct/ct_sct_ctx.c
190
idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
lib/libcrypto/ct/ct_sct_ctx.c
217
pretmp = X509_dup(cert);
lib/libcrypto/ocsp/ocsp.h
215
int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
lib/libcrypto/ocsp/ocsp.h
266
int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
lib/libcrypto/ocsp/ocsp_cl.c
129
OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
lib/libcrypto/ocsp/ocsp_cl.c
138
if (!cert)
lib/libcrypto/ocsp/ocsp_cl.c
143
if (!sk_X509_push(sig->certs, cert))
lib/libcrypto/ocsp/ocsp_cl.c
145
X509_up_ref(cert);
lib/libcrypto/ocsp/ocsp_srv.c
218
OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
lib/libcrypto/ocsp/ocsp_srv.c
223
if (!sk_X509_push(resp->certs, cert))
lib/libcrypto/ocsp/ocsp_srv.c
225
X509_up_ref(cert);
lib/libcrypto/ocsp/ocsp_vfy.c
326
ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
lib/libcrypto/ocsp/ocsp_vfy.c
348
iname = X509_get_subject_name(cert);
lib/libcrypto/ocsp/ocsp_vfy.c
353
X509_pubkey_digest(cert, dgst, md, NULL);
lib/libcrypto/ocsp/ocsp_vfy.c
365
ret = ocsp_match_issuerid(cert, tmpid, NULL);
lib/libcrypto/ocsp/ocsp_vfy.c
72
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
lib/libcrypto/pkcs12/p12_crt.c
101
if (pkey && cert) {
lib/libcrypto/pkcs12/p12_crt.c
102
if (!X509_check_private_key(cert, pkey))
lib/libcrypto/pkcs12/p12_crt.c
104
if (!X509_digest(cert, EVP_sha1(), keyid, &keyidlen))
lib/libcrypto/pkcs12/p12_crt.c
108
if (cert) {
lib/libcrypto/pkcs12/p12_crt.c
109
bag = PKCS12_add_cert(&bags, cert);
lib/libcrypto/pkcs12/p12_crt.c
173
PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
lib/libcrypto/pkcs12/p12_crt.c
182
if (!(bag = PKCS12_x5092certbag(cert)))
lib/libcrypto/pkcs12/p12_crt.c
188
name = (char *)X509_alias_get0(cert, &namelen);
lib/libcrypto/pkcs12/p12_crt.c
192
keyid = X509_keyid_get0(cert, &keyidlen);
lib/libcrypto/pkcs12/p12_crt.c
73
PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
lib/libcrypto/pkcs12/p12_crt.c
96
if (!pkey && !cert && !ca) {
lib/libcrypto/pkcs12/p12_kiss.c
135
cert != NULL && *cert == NULL) {
lib/libcrypto/pkcs12/p12_kiss.c
138
*cert = x;
lib/libcrypto/pkcs12/p12_kiss.c
164
if (cert != NULL)
lib/libcrypto/pkcs12/p12_kiss.c
165
X509_free(*cert);
lib/libcrypto/pkcs12/p12_kiss.c
84
PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
lib/libcrypto/pkcs12/p12_kiss.c
92
if (cert != NULL)
lib/libcrypto/pkcs12/p12_kiss.c
93
*cert = NULL;
lib/libcrypto/pkcs12/pkcs12.h
210
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
lib/libcrypto/pkcs12/pkcs12.h
213
X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
lib/libcrypto/pkcs12/pkcs12_local.h
122
PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
lib/libcrypto/pkcs7/pk7_asn1.c
275
.offset = offsetof(PKCS7_SIGNED, cert),
lib/libcrypto/pkcs7/pk7_asn1.c
582
X509_free(ri->cert);
lib/libcrypto/pkcs7/pk7_asn1.c
764
.offset = offsetof(PKCS7_SIGN_ENVELOPE, cert),
lib/libcrypto/pkcs7/pk7_doit.c
153
pkey = X509_get_pubkey(ri->cert);
lib/libcrypto/pkcs7/pk7_doit.c
934
STACK_OF(X509) *cert;
lib/libcrypto/pkcs7/pk7_doit.c
948
cert = p7->d.sign->cert;
lib/libcrypto/pkcs7/pk7_doit.c
950
cert = p7->d.signed_and_enveloped->cert;
lib/libcrypto/pkcs7/pk7_doit.c
958
x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
lib/libcrypto/pkcs7/pk7_doit.c
967
if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
lib/libcrypto/pkcs7/pk7_lib.c
314
sk = &(p7->d.sign->cert);
lib/libcrypto/pkcs7/pk7_lib.c
317
sk = &(p7->d.signed_and_enveloped->cert);
lib/libcrypto/pkcs7/pk7_lib.c
589
p7i->cert = x509;
lib/libcrypto/pkcs7/pk7_lib.c
603
return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
lib/libcrypto/pkcs7/pk7_smime.c
315
signer, p7->d.sign->cert)) {
lib/libcrypto/pkcs7/pk7_smime.c
464
if (!signer && !(flags & PKCS7_NOINTERN) && p7->d.sign->cert)
lib/libcrypto/pkcs7/pk7_smime.c
466
X509_find_by_issuer_and_serial(p7->d.sign->cert,
lib/libcrypto/pkcs7/pk7_smime.c
528
PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
lib/libcrypto/pkcs7/pk7_smime.c
544
if (cert && !X509_check_private_key(cert, pkey)) {
lib/libcrypto/pkcs7/pk7_smime.c
549
if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
lib/libcrypto/pkcs7/pkcs7.h
104
X509 *cert; /* get the pub-key from this */
lib/libcrypto/pkcs7/pkcs7.h
112
STACK_OF(X509) *cert; /* [ 0 ] */
lib/libcrypto/pkcs7/pkcs7.h
137
STACK_OF(X509) *cert; /* [ 0 ] */
lib/libcrypto/pkcs7/pkcs7.h
388
int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
lib/libcrypto/ts/ts.h
546
const char *cert, TS_RESP_CTX *ctx);
lib/libcrypto/ts/ts_conf.c
100
if ((cert = BIO_new_file(file, "r")) == NULL)
lib/libcrypto/ts/ts_conf.c
102
x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
lib/libcrypto/ts/ts_conf.c
107
BIO_free(cert);
lib/libcrypto/ts/ts_conf.c
212
TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert,
lib/libcrypto/ts/ts_conf.c
218
if (!cert)
lib/libcrypto/ts/ts_conf.c
219
cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
lib/libcrypto/ts/ts_conf.c
220
if (!cert) {
lib/libcrypto/ts/ts_conf.c
224
if (!(cert_obj = TS_CONF_load_cert(cert)))
lib/libcrypto/ts/ts_conf.c
97
BIO *cert = NULL;
lib/libcrypto/ts/ts_rsp_sign.c
250
X509 *cert = sk_X509_value(ctx->certs, i);
lib/libcrypto/ts/ts_rsp_sign.c
251
CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509);
lib/libcrypto/ts/ts_rsp_sign.c
769
X509 *cert = sk_X509_value(ctx->certs, i);
lib/libcrypto/ts/ts_rsp_sign.c
770
PKCS7_add_certificate(p7, cert);
lib/libcrypto/ts/ts_rsp_sign.c
861
X509 *cert = sk_X509_value(certs, i);
lib/libcrypto/ts/ts_rsp_sign.c
862
if (!(cid = ESS_CERT_ID_new_init(cert, 1)) ||
lib/libcrypto/ts/ts_rsp_sign.c
876
ESS_CERT_ID_new_init(X509 *cert, int issuer_needed)
lib/libcrypto/ts/ts_rsp_sign.c
883
X509_check_purpose(cert, -1, 0);
lib/libcrypto/ts/ts_rsp_sign.c
888
if (!X509_digest(cert, TS_HASH_EVP, cert_hash, NULL))
lib/libcrypto/ts/ts_rsp_sign.c
89
static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed);
lib/libcrypto/ts/ts_rsp_sign.c
904
if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
lib/libcrypto/ts/ts_rsp_sign.c
912
ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
lib/libcrypto/ts/ts_rsp_verify.c
283
X509 *cert;
lib/libcrypto/ts/ts_rsp_verify.c
290
cert = sk_X509_value(chain, 0);
lib/libcrypto/ts/ts_rsp_verify.c
292
if (TS_find_cert(cert_ids, cert) != 0)
lib/libcrypto/ts/ts_rsp_verify.c
302
cert = sk_X509_value(chain, i);
lib/libcrypto/ts/ts_rsp_verify.c
304
if (TS_find_cert(cert_ids, cert) < 0)
lib/libcrypto/ts/ts_rsp_verify.c
313
cert = sk_X509_value(chain, 0);
lib/libcrypto/ts/ts_rsp_verify.c
315
if (TS_find_cert_v2(cert_ids_v2, cert) != 0)
lib/libcrypto/ts/ts_rsp_verify.c
325
cert = sk_X509_value(chain, i);
lib/libcrypto/ts/ts_rsp_verify.c
327
if (TS_find_cert_v2(cert_ids_v2, cert) < 0)
lib/libcrypto/ts/ts_rsp_verify.c
376
TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
lib/libcrypto/ts/ts_rsp_verify.c
381
if (!cert_ids || !cert)
lib/libcrypto/ts/ts_rsp_verify.c
384
if (!X509_digest(cert, TS_HASH_EVP, cert_hash, NULL))
lib/libcrypto/ts/ts_rsp_verify.c
388
if (X509_check_purpose(cert, -1, 0) == -1)
lib/libcrypto/ts/ts_rsp_verify.c
401
if (is == NULL || TS_issuer_serial_cmp(is, cert) == 0)
lib/libcrypto/ts/ts_rsp_verify.c
411
TS_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert)
lib/libcrypto/ts/ts_rsp_verify.c
427
if (!X509_digest(cert, md, cert_digest, &len))
lib/libcrypto/ts/ts_rsp_verify.c
436
if (is == NULL || TS_issuer_serial_cmp(is, cert) == 0)
lib/libcrypto/ts/ts_rsp_verify.c
445
TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert)
lib/libcrypto/ts/ts_rsp_verify.c
449
if (is == NULL || cert == NULL || sk_GENERAL_NAME_num(is->issuer) != 1)
lib/libcrypto/ts/ts_rsp_verify.c
455
X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert)))
lib/libcrypto/ts/ts_rsp_verify.c
459
if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert)))
lib/libcrypto/ts/ts_rsp_verify.c
77
static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
lib/libcrypto/ts/ts_rsp_verify.c
79
static int TS_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert);
lib/libcrypto/ts/ts_rsp_verify.c
80
static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert);
lib/libcrypto/x509/x509_addr.c
1848
verify_error(X509_STORE_CTX *ctx, X509 *cert, int error, int depth)
lib/libcrypto/x509/x509_addr.c
1853
ctx->current_cert = cert;
lib/libcrypto/x509/x509_addr.c
1875
X509 *cert = NULL;
lib/libcrypto/x509/x509_addr.c
1898
cert = sk_X509_value(chain, depth);
lib/libcrypto/x509/x509_addr.c
1899
if ((X509_get_extension_flags(cert) & EXFLAG_INVALID) != 0) {
lib/libcrypto/x509/x509_addr.c
1900
if ((ret = verify_error(ctx, cert,
lib/libcrypto/x509/x509_addr.c
1904
if ((ext = cert->rfc3779_addr) == NULL)
lib/libcrypto/x509/x509_addr.c
1907
if ((ret = verify_error(ctx, cert,
lib/libcrypto/x509/x509_addr.c
1926
cert = sk_X509_value(chain, depth);
lib/libcrypto/x509/x509_addr.c
1928
if ((X509_get_extension_flags(cert) & EXFLAG_INVALID) != 0) {
lib/libcrypto/x509/x509_addr.c
1929
if ((ret = verify_error(ctx, cert,
lib/libcrypto/x509/x509_addr.c
1934
if ((parent = cert->rfc3779_addr) == NULL) {
lib/libcrypto/x509/x509_addr.c
1942
if ((ret = verify_error(ctx, cert,
lib/libcrypto/x509/x509_addr.c
1970
if ((ret = verify_error(ctx, cert,
lib/libcrypto/x509/x509_addr.c
2007
if ((ret = verify_error(ctx, cert,
lib/libcrypto/x509/x509_addr.c
2016
if ((parent = cert->rfc3779_addr) != NULL) {
lib/libcrypto/x509/x509_addr.c
2023
if ((ret = verify_error(ctx, cert,
lib/libcrypto/x509/x509_akey.c
169
X509 *cert;
lib/libcrypto/x509/x509_akey.c
196
cert = ctx->issuer_cert;
lib/libcrypto/x509/x509_akey.c
199
i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
lib/libcrypto/x509/x509_akey.c
200
if ((i >= 0) && (ext = X509_get_ext(cert, i)))
lib/libcrypto/x509/x509_akey.c
209
isname = X509_NAME_dup(X509_get_issuer_name(cert));
lib/libcrypto/x509/x509_akey.c
210
serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
lib/libcrypto/x509/x509_conf.c
368
X509 *cert)
lib/libcrypto/x509/x509_conf.c
372
if (cert)
lib/libcrypto/x509/x509_conf.c
373
sk = &cert->cert_info->extensions;
lib/libcrypto/x509/x509_constraints.c
1071
x509_constraints_extract_constraints(X509 *cert,
lib/libcrypto/x509/x509_constraints.c
1077
NAME_CONSTRAINTS *nc = cert->nc;
lib/libcrypto/x509/x509_constraints.c
1231
X509 *cert;
lib/libcrypto/x509/x509_constraints.c
1243
if ((cert = sk_X509_value(chain, 0)) == NULL)
lib/libcrypto/x509/x509_constraints.c
1245
if (!x509_constraints_extract_names(names, cert, 1, &verify_err))
lib/libcrypto/x509/x509_constraints.c
1248
if ((cert = sk_X509_value(chain, i)) == NULL)
lib/libcrypto/x509/x509_constraints.c
1250
if (cert->nc != NULL) {
lib/libcrypto/x509/x509_constraints.c
1261
if (!x509_constraints_extract_constraints(cert,
lib/libcrypto/x509/x509_constraints.c
1279
if (!x509_constraints_extract_names(names, cert, 0,
lib/libcrypto/x509/x509_constraints.c
761
X509 *cert, int is_leaf, int *error)
lib/libcrypto/x509/x509_constraints.c
770
while ((name = sk_GENERAL_NAME_value(cert->altname, i++)) != NULL) {
lib/libcrypto/x509/x509_constraints.c
858
subject_name = X509_get_subject_name(cert);
lib/libcrypto/x509/x509_internal.h
126
X509 *cert, int include_cn, int *error);
lib/libcrypto/x509/x509_internal.h
127
int x509_constraints_extract_constraints(X509 *cert,
lib/libcrypto/x509/x509_local.h
336
X509 *cert; /* The cert to check */
lib/libcrypto/x509/x509_policy.c
502
process_policy_mappings(const X509 *cert,
lib/libcrypto/x509/x509_policy.c
515
mappings = X509_get_ext_d2i(cert, NID_policy_mappings, &critical, NULL);
lib/libcrypto/x509/x509_policy.c
875
X509 *cert;
lib/libcrypto/x509/x509_policy.c
901
cert = sk_X509_value(certs, i);
lib/libcrypto/x509/x509_policy.c
902
if (!x509v3_cache_extensions(cert))
lib/libcrypto/x509/x509_policy.c
904
is_self_issued = (cert->ex_flags & EXFLAG_SI) != 0;
lib/libcrypto/x509/x509_policy.c
921
if (!process_certificate_policies(cert, level,
lib/libcrypto/x509/x509_policy.c
924
*out_current_cert = cert;
lib/libcrypto/x509/x509_policy.c
946
level = process_policy_mappings(cert, current_level,
lib/libcrypto/x509/x509_policy.c
950
*out_current_cert = cert;
lib/libcrypto/x509/x509_policy.c
970
if (!process_policy_constraints(cert, &explicit_policy,
lib/libcrypto/x509/x509_policy.c
973
*out_current_cert = cert;
lib/libcrypto/x509/x509_verify.c
1116
leaf = ctx->xsc->cert;
lib/libcrypto/x509/x509_verify.c
152
x509_verify_chain_append(struct x509_verify_chain *chain, X509 *cert,
lib/libcrypto/x509/x509_verify.c
163
if (!x509_constraints_extract_names(chain->names, cert,
lib/libcrypto/x509/x509_verify.c
169
X509_up_ref(cert);
lib/libcrypto/x509/x509_verify.c
170
if (!sk_X509_push(chain->certs, cert)) {
lib/libcrypto/x509/x509_verify.c
171
X509_free(cert);
lib/libcrypto/x509/x509_verify.c
237
x509_verify_cert_cache_extensions(X509 *cert)
lib/libcrypto/x509/x509_verify.c
239
return x509v3_cache_extensions(cert);
lib/libcrypto/x509/x509_verify.c
243
x509_verify_cert_self_signed(X509 *cert)
lib/libcrypto/x509/x509_verify.c
245
return (cert->ex_flags & EXFLAG_SS) ? 1 : 0;
lib/libcrypto/x509/x509_verify.c
250
x509_verify_check_chain_end(X509 *cert, int full_chain)
lib/libcrypto/x509/x509_verify.c
253
return x509_verify_cert_self_signed(cert);
lib/libcrypto/x509/x509_verify.c
258
x509_verify_ctx_cert_is_root(struct x509_verify_ctx *ctx, X509 *cert,
lib/libcrypto/x509/x509_verify.c
264
if (!x509_verify_cert_cache_extensions(cert))
lib/libcrypto/x509/x509_verify.c
276
i), cert) == 0)
lib/libcrypto/x509/x509_verify.c
277
return x509_verify_check_chain_end(cert,
lib/libcrypto/x509/x509_verify.c
282
cert)) != NULL) {
lib/libcrypto/x509/x509_verify.c
284
return x509_verify_check_chain_end(cert, full_chain);
lib/libcrypto/x509/x509_verify.c
289
if (X509_cmp(sk_X509_value(ctx->roots, i), cert) == 0)
lib/libcrypto/x509/x509_verify.c
290
return x509_verify_check_chain_end(cert,
lib/libcrypto/x509/x509_verify.c
34
static int x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert,
lib/libcrypto/x509/x509_verify.c
36
static int x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert,
lib/libcrypto/x509/x509_verify.c
38
static void x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert,
lib/libcrypto/x509/x509_verify.c
40
static int x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert,
lib/libcrypto/x509/x509_verify.c
439
X509 *cert = sk_X509_value(ctx->xsc->chain, depth);
lib/libcrypto/x509/x509_verify.c
440
if (!x509_verify_cert_error(ctx, cert,
lib/libcrypto/x509/x509_verify.c
571
x509_verify_consider_candidate(struct x509_verify_ctx *ctx, X509 *cert,
lib/libcrypto/x509/x509_verify.c
593
if (!x509_verify_parent_signature(candidate, cert, &ctx->error)) {
lib/libcrypto/x509/x509_verify.c
639
x509_verify_cert_error(struct x509_verify_ctx *ctx, X509 *cert, size_t depth,
lib/libcrypto/x509/x509_verify.c
647
ctx->xsc->current_cert = cert;
lib/libcrypto/x509/x509_verify.c
654
x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert,
lib/libcrypto/x509/x509_verify.c
672
(void)x509_verify_cert_error(ctx, cert, depth,
lib/libcrypto/x509/x509_verify.c
694
if (cert->ex_flags & EXFLAG_SS)
lib/libcrypto/x509/x509_verify.c
702
if ((ret = ctx->xsc->get_issuer(&candidate, ctx->xsc, cert)) < 0) {
lib/libcrypto/x509/x509_verify.c
703
x509_verify_cert_error(ctx, cert, depth,
lib/libcrypto/x509/x509_verify.c
708
if (x509_verify_potential_parent(ctx, candidate, cert)) {
lib/libcrypto/x509/x509_verify.c
711
x509_verify_consider_candidate(ctx, cert,
lib/libcrypto/x509/x509_verify.c
721
if (x509_verify_potential_parent(ctx, candidate, cert)) {
lib/libcrypto/x509/x509_verify.c
724
x509_verify_consider_candidate(ctx, cert,
lib/libcrypto/x509/x509_verify.c
735
if (x509_verify_potential_parent(ctx, candidate, cert)) {
lib/libcrypto/x509/x509_verify.c
736
x509_verify_consider_candidate(ctx, cert,
lib/libcrypto/x509/x509_verify.c
747
ctx->xsc->current_cert = cert;
lib/libcrypto/x509/x509_verify.c
756
x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert, char *name)
lib/libcrypto/x509/x509_verify.c
783
if (X509_check_ip_asc(cert, candidate + 1, 0) <= 0) {
lib/libcrypto/x509/x509_verify.c
793
if (X509_check_host(cert, candidate, len, flags, NULL) <= 0) {
lib/libcrypto/x509/x509_verify.c
802
return x509_verify_cert_error(ctx, cert, 0, ctx->error, 0);
lib/libcrypto/x509/x509_verify.c
822
x509_verify_cert_times(X509 *cert, time_t *cmp_time, int *error)
lib/libcrypto/x509/x509_verify.c
831
if (!x509_verify_asn1_time_to_time_t(X509_get_notBefore(cert), 0,
lib/libcrypto/x509/x509_verify.c
840
if (!x509_verify_asn1_time_to_time_t(X509_get_notAfter(cert), 1,
lib/libcrypto/x509/x509_verify.c
854
x509_verify_validate_constraints(X509 *cert,
lib/libcrypto/x509/x509_verify.c
864
if (cert->nc != NULL) {
lib/libcrypto/x509/x509_verify.c
875
if (!x509_constraints_extract_constraints(cert,
lib/libcrypto/x509/x509_verify.c
894
x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca)
lib/libcrypto/x509/x509_verify.c
896
if (!x509_verify_cert_cache_extensions(cert)) {
lib/libcrypto/x509/x509_verify.c
904
if (cert->ex_flags & EXFLAG_CRITICAL) {
lib/libcrypto/x509/x509_verify.c
909
if (need_ca && (!(cert->ex_flags & EXFLAG_BCONS) &&
lib/libcrypto/x509/x509_verify.c
910
(cert->ex_flags & EXFLAG_CA))) {
lib/libcrypto/x509/x509_verify.c
914
if (ctx->purpose > 0 && X509_check_purpose(cert, ctx->purpose, need_ca)) {
lib/libcrypto/x509/x509_verify.c
924
x509_verify_cert_valid(struct x509_verify_ctx *ctx, X509 *cert,
lib/libcrypto/x509/x509_verify.c
934
if (!x509_verify_cert_extensions(ctx, cert, should_be_ca))
lib/libcrypto/x509/x509_verify.c
940
!X509_check_issued(issuer_candidate, cert))
lib/libcrypto/x509/x509_verify.c
941
if (!x509_verify_cert_error(ctx, cert, depth,
lib/libcrypto/x509/x509_verify.c
947
if (!x509_verify_cert_times(cert, ctx->check_time,
lib/libcrypto/x509/x509_verify.c
949
if (!x509_verify_cert_error(ctx, cert, depth,
lib/libcrypto/x509/x509_verify.c
955
if (!x509_verify_validate_constraints(cert, current_chain,
lib/libcrypto/x509/x509_verify.c
956
&ctx->error) && !x509_verify_cert_error(ctx, cert, depth,
lib/libcrypto/x509/x509_vfy.c
147
static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
lib/libcrypto/x509/x509_vfy.c
171
ctx->current_cert = ctx->cert;
lib/libcrypto/x509/x509_vfy.c
199
X509 *x = ctx->cert;
lib/libcrypto/x509/x509_vfy.c
2147
ctx->cert = x;
lib/libcrypto/x509/x509_vfy.c
2280
ctx->cert = leaf;
lib/libcrypto/x509/x509_vfy.c
2439
return ctx->cert;
lib/libcrypto/x509/x509_vfy.c
245
if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
lib/libcrypto/x509/x509_vfy.c
250
X509_up_ref(ctx->cert);
lib/libcrypto/x509/x509_vfy.c
2539
check_key_level(X509_STORE_CTX *ctx, X509 *cert)
lib/libcrypto/x509/x509_vfy.c
2545
if ((pkey = X509_get0_pubkey(cert)) == NULL)
lib/libcrypto/x509/x509_vfy.c
2561
check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
lib/libcrypto/x509/x509_vfy.c
2565
if (!X509_get_signature_info(cert, NULL, NULL, &bits, NULL))
lib/libcrypto/x509/x509_vfy.c
2581
X509 *cert = sk_X509_value(ctx->chain, i);
lib/libcrypto/x509/x509_vfy.c
2588
if (!check_key_level(ctx, cert) &&
lib/libcrypto/x509/x509_vfy.c
2589
!verify_cb_cert(ctx, cert, i,
lib/libcrypto/x509/x509_vfy.c
2601
if (!check_sig_level(ctx, cert) &&
lib/libcrypto/x509/x509_vfy.c
2602
!verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK))
lib/libcrypto/x509/x509_vfy.c
589
if (ctx->cert == NULL) {
lib/libcrypto/x509/x509_vfy.c
625
if (!check_key_level(ctx, ctx->cert) &&
lib/libcrypto/x509/x509_vfy.c
626
!verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL))
lib/libcrypto/x509/x509v3.h
612
X509 *cert);
lib/libfido2/src/cred.c
281
X509 *cert = NULL;
lib/libfido2/src/cred.c
294
(cert = d2i_X509_bio(rawcert, NULL)) == NULL ||
lib/libfido2/src/cred.c
295
(pkey = X509_get_pubkey(cert)) == NULL) {
lib/libfido2/src/cred.c
321
X509_free(cert);
lib/libfido2/src/u2f.c
69
X509 *cert = NULL;
lib/libfido2/src/u2f.c
79
if ((cert = d2i_X509(NULL, &end, (long)*len)) == NULL || end <= *buf ||
lib/libfido2/src/u2f.c
94
if (cert != NULL)
lib/libfido2/src/u2f.c
95
X509_free(cert);
lib/libssl/s3_lib.c
1508
DH_free(s->cert->dhe_params);
lib/libssl/s3_lib.c
1509
s->cert->dhe_params = dhe_params;
lib/libssl/s3_lib.c
1517
s->cert->dhe_params_auto = state;
lib/libssl/s3_lib.c
1681
if (ssl->cert->key != NULL)
lib/libssl/s3_lib.c
1682
*out_chain = ssl->cert->key->chain;
lib/libssl/s3_lib.c
1923
s->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp;
lib/libssl/s3_lib.c
1958
DH_free(ctx->cert->dhe_params);
lib/libssl/s3_lib.c
1959
ctx->cert->dhe_params = dhe_params;
lib/libssl/s3_lib.c
1967
ctx->cert->dhe_params_auto = state;
lib/libssl/s3_lib.c
2082
if (ctx->cert->key != NULL)
lib/libssl/s3_lib.c
2083
*out_chain = ctx->cert->key->chain;
lib/libssl/s3_lib.c
2097
_SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *cert)
lib/libssl/s3_lib.c
2103
if (sk_X509_push(ctx->extra_certs, cert) == 0)
lib/libssl/s3_lib.c
2114
*certs = ctx->cert->key->chain;
lib/libssl/s3_lib.c
2262
ctx->cert->dhe_params_cb =
lib/libssl/s3_lib.c
2300
SSL_CERT *cert;
lib/libssl/s3_lib.c
2303
cert = s->cert;
lib/libssl/s3_lib.c
2343
ssl_set_cert_masks(cert, c);
lib/libssl/s3_lib.c
2344
mask_k = cert->mask_k;
lib/libssl/s3_lib.c
2345
mask_a = cert->mask_a;
lib/libssl/ssl_both.c
170
CBB cert;
lib/libssl/ssl_both.c
175
if (!CBB_add_u24_length_prefixed(cbb, &cert))
lib/libssl/ssl_both.c
177
if (!CBB_add_space(&cert, &data, cert_len))
lib/libssl/ssl_cert.c
181
ssl_cert_dup(SSL_CERT *cert)
lib/libssl/ssl_cert.c
196
ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
lib/libssl/ssl_cert.c
198
ret->valid = cert->valid;
lib/libssl/ssl_cert.c
199
ret->mask_k = cert->mask_k;
lib/libssl/ssl_cert.c
200
ret->mask_a = cert->mask_a;
lib/libssl/ssl_cert.c
202
if (cert->dhe_params != NULL) {
lib/libssl/ssl_cert.c
203
ret->dhe_params = DHparams_dup(cert->dhe_params);
lib/libssl/ssl_cert.c
209
ret->dhe_params_cb = cert->dhe_params_cb;
lib/libssl/ssl_cert.c
210
ret->dhe_params_auto = cert->dhe_params_auto;
lib/libssl/ssl_cert.c
213
if (cert->pkeys[i].x509 != NULL) {
lib/libssl/ssl_cert.c
214
ret->pkeys[i].x509 = cert->pkeys[i].x509;
lib/libssl/ssl_cert.c
218
if (cert->pkeys[i].privatekey != NULL) {
lib/libssl/ssl_cert.c
219
ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
lib/libssl/ssl_cert.c
242
if (cert->pkeys[i].chain != NULL) {
lib/libssl/ssl_cert.c
244
X509_chain_up_ref(cert->pkeys[i].chain)) == NULL)
lib/libssl/ssl_cert.c
249
ret->security_cb = cert->security_cb;
lib/libssl/ssl_cert.c
250
ret->security_level = cert->security_level;
lib/libssl/ssl_cert.c
251
ret->security_ex_data = cert->security_ex_data;
lib/libssl/ssl_cert.c
302
return ssl->cert;
lib/libssl/ssl_cert.c
304
return ctx->cert;
lib/libssl/ssl_cert.c
354
ssl_cert_add0_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert)
lib/libssl/ssl_cert.c
366
if (!ssl_security_cert(ctx, ssl, cert, 0, &ssl_err)) {
lib/libssl/ssl_cert.c
375
if (!sk_X509_push(cpk->chain, cert))
lib/libssl/ssl_cert.c
382
ssl_cert_add1_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert)
lib/libssl/ssl_cert.c
384
if (!ssl_cert_add0_chain_cert(ctx, ssl, cert))
lib/libssl/ssl_cert.c
387
X509_up_ref(cert);
lib/libssl/ssl_cert.c
397
X509 *cert;
lib/libssl/ssl_cert.c
406
cert = sk_X509_value(certs, 0);
lib/libssl/ssl_cert.c
407
if (!X509_STORE_CTX_init(ctx, s->ctx->cert_store, cert, certs)) {
lib/libssl/ssl_ciph.c
1074
cert->security_level = level;
lib/libssl/ssl_ciph.c
1114
const char *rule_str, SSL_CERT *cert)
lib/libssl/ssl_ciph.c
1245
&head, &tail, ca_list, cert, &tls13_seen);
lib/libssl/ssl_ciph.c
1253
cert, &tls13_seen);
lib/libssl/ssl_ciph.c
857
CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list, SSL_CERT *cert,
lib/libssl/ssl_clnt.c
1098
X509 *cert = NULL;
lib/libssl/ssl_clnt.c
1138
if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL) {
lib/libssl/ssl_clnt.c
1145
if (!sk_X509_push(certs, cert)) {
lib/libssl/ssl_clnt.c
1149
cert = NULL;
lib/libssl/ssl_clnt.c
1182
X509_free(cert);
lib/libssl/ssl_clnt.c
2122
pkey = s->cert->key->privatekey;
lib/libssl/ssl_clnt.c
2175
if (s->cert->key->x509 == NULL ||
lib/libssl/ssl_clnt.c
2176
s->cert->key->privatekey == NULL)
lib/libssl/ssl_clnt.c
2223
(s->s3->hs.tls12.cert_request == 2) ? NULL : s->cert->key))
lib/libssl/ssl_lib.c
1003
return (X509_check_private_key(ctx->cert->key->x509,
lib/libssl/ssl_lib.c
1004
ctx->cert->key->privatekey));
lib/libssl/ssl_lib.c
1016
if (ssl->cert == NULL) {
lib/libssl/ssl_lib.c
1020
if (ssl->cert->key->x509 == NULL) {
lib/libssl/ssl_lib.c
1024
if (ssl->cert->key->privatekey == NULL) {
lib/libssl/ssl_lib.c
1028
return (X509_check_private_key(ssl->cert->key->x509,
lib/libssl/ssl_lib.c
1029
ssl->cert->key->privatekey));
lib/libssl/ssl_lib.c
1647
ctx->cipher_list_tls13, str, ctx->cert);
lib/libssl/ssl_lib.c
1684
ciphers_tls13, str, s->cert);
lib/libssl/ssl_lib.c
2135
if ((ret->cert = ssl_cert_new()) == NULL)
lib/libssl/ssl_lib.c
2152
NULL, SSL_DEFAULT_CIPHER_LIST, ret->cert);
lib/libssl/ssl_lib.c
2231
ssl_cert_free(ctx->cert);
lib/libssl/ssl_lib.c
227
ctx->cert);
lib/libssl/ssl_lib.c
2382
c = s->cert;
lib/libssl/ssl_lib.c
2410
c = s->cert;
lib/libssl/ssl_lib.c
2439
if (s->cert->dhe_params_auto == 2) {
lib/libssl/ssl_lib.c
267
if ((s->cert = ssl_cert_dup(ctx->cert)) == NULL)
lib/libssl/ssl_lib.c
2937
ssl_cert_free(ret->cert);
lib/libssl/ssl_lib.c
2938
if ((ret->cert = ssl_cert_dup(s->cert)) == NULL)
lib/libssl/ssl_lib.c
3070
return (s->cert->key->x509);
lib/libssl/ssl_lib.c
3078
return (s->cert->key->privatekey);
lib/libssl/ssl_lib.c
3251
if ((new_cert = ssl_cert_dup(ctx->cert)) == NULL)
lib/libssl/ssl_lib.c
3253
ssl_cert_free(ssl->cert);
lib/libssl/ssl_lib.c
3254
ssl->cert = new_cert;
lib/libssl/ssl_lib.c
3428
if (ctx->cert == NULL)
lib/libssl/ssl_lib.c
3431
return ctx->cert->key->x509;
lib/libssl/ssl_lib.c
3438
if (ctx->cert == NULL)
lib/libssl/ssl_lib.c
3441
return ctx->cert->key->privatekey;
lib/libssl/ssl_lib.c
3599
return ctx->cert->security_level;
lib/libssl/ssl_lib.c
3606
ctx->cert->security_level = level;
lib/libssl/ssl_lib.c
3613
return ssl->cert->security_level;
lib/libssl/ssl_lib.c
3620
ssl->cert->security_level = level;
lib/libssl/ssl_lib.c
567
ssl_cert_free(s->cert);
lib/libssl/ssl_lib.c
914
X509 *cert;
lib/libssl/ssl_lib.c
919
if ((cert = s->session->peer_cert) == NULL)
lib/libssl/ssl_lib.c
922
X509_up_ref(cert);
lib/libssl/ssl_lib.c
924
return cert;
lib/libssl/ssl_lib.c
975
tmp = t->cert;
lib/libssl/ssl_lib.c
976
if (f->cert != NULL) {
lib/libssl/ssl_lib.c
977
CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
lib/libssl/ssl_lib.c
978
t->cert = f->cert;
lib/libssl/ssl_lib.c
980
t->cert = NULL;
lib/libssl/ssl_lib.c
994
if ((ctx == NULL) || (ctx->cert == NULL) ||
lib/libssl/ssl_lib.c
995
(ctx->cert->key->x509 == NULL)) {
lib/libssl/ssl_lib.c
999
if (ctx->cert->key->privatekey == NULL) {
lib/libssl/ssl_local.h
1214
SSL_CERT *ssl_cert_dup(SSL_CERT *cert);
lib/libssl/ssl_local.h
1219
int ssl_cert_add0_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert);
lib/libssl/ssl_local.h
1220
int ssl_cert_add1_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert);
lib/libssl/ssl_local.h
1248
const char *rule_str, SSL_CERT *cert);
lib/libssl/ssl_local.h
799
SSL_CERT *cert;
lib/libssl/ssl_local.h
885
SSL_CERT *cert;
lib/libssl/ssl_seclevel.c
227
return ctx->cert->security_cb(NULL, ctx, secop, bits, nid,
lib/libssl/ssl_seclevel.c
228
other, ctx->cert->security_ex_data);
lib/libssl/ssl_seclevel.c
234
return ssl->cert->security_cb(ssl, NULL, secop, bits, nid, other,
lib/libssl/ssl_seclevel.c
235
ssl->cert->security_ex_data);
lib/libssl/ssl_srvr.c
1338
if (s->cert->dhe_params_auto != 0) {
lib/libssl/ssl_srvr.c
1350
DH *dh_params = s->cert->dhe_params;
lib/libssl/ssl_srvr.c
1352
if (dh_params == NULL && s->cert->dhe_params_cb != NULL)
lib/libssl/ssl_srvr.c
1353
dh_params = s->cert->dhe_params_cb(s, 0,
lib/libssl/ssl_srvr.c
1663
pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey;
lib/libssl/ssl_srvr.c
2052
X509 *cert = NULL;
lib/libssl/ssl_srvr.c
2125
if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL) {
lib/libssl/ssl_srvr.c
2131
if (!sk_X509_push(certs, cert)) {
lib/libssl/ssl_srvr.c
2135
cert = NULL;
lib/libssl/ssl_srvr.c
2160
X509_free(cert);
lib/libssl/t1_lib.c
736
SSL_CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
lib/libssl/t1_lib.c
811
s->cert->key = certpkey;
lib/libssl/tls13_client.c
567
X509 *cert = NULL;
lib/libssl/tls13_client.c
593
if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL)
lib/libssl/tls13_client.c
598
if (!sk_X509_push(certs, cert))
lib/libssl/tls13_client.c
601
cert = NULL;
lib/libssl/tls13_client.c
638
X509_free(cert);
lib/libssl/tls13_client.c
653
X509 *cert;
lib/libssl/tls13_client.c
681
if ((cert = ctx->ssl->session->peer_cert) == NULL)
lib/libssl/tls13_client.c
683
if ((pkey = X509_get0_pubkey(cert)) == NULL)
lib/libssl/tls13_client.c
849
cpk = &s->cert->pkeys[SSL_PKEY_ECC];
lib/libssl/tls13_client.c
855
cpk = &s->cert->pkeys[SSL_PKEY_RSA];
lib/libssl/tls13_client.c
879
X509 *cert;
lib/libssl/tls13_client.c
904
cert = sk_X509_value(chain, i);
lib/libssl/tls13_client.c
905
if (!tls13_cert_add(ctx, &cert_list, cert, tlsext_client_build))
lib/libssl/tls13_internal.h
410
int tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert,
lib/libssl/tls13_lib.c
589
tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert,
lib/libssl/tls13_lib.c
596
if ((cert_len = i2d_X509(cert, NULL)) < 0)
lib/libssl/tls13_lib.c
603
if (i2d_X509(cert, &data) != cert_len)
lib/libssl/tls13_server.c
602
cpk = &s->cert->pkeys[SSL_PKEY_ECC];
lib/libssl/tls13_server.c
608
cpk = &s->cert->pkeys[SSL_PKEY_RSA];
lib/libssl/tls13_server.c
633
X509 *cert;
lib/libssl/tls13_server.c
674
cert = sk_X509_value(chain, i);
lib/libssl/tls13_server.c
681
if (i == 0 && cert == cpk->x509)
lib/libssl/tls13_server.c
689
if (!tls13_cert_add(ctx, &cert_list, cert, NULL))
lib/libssl/tls13_server.c
868
X509 *cert = NULL;
lib/libssl/tls13_server.c
896
if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL)
lib/libssl/tls13_server.c
901
if (!sk_X509_push(certs, cert))
lib/libssl/tls13_server.c
904
cert = NULL;
lib/libssl/tls13_server.c
929
X509_free(cert);
lib/libssl/tls13_server.c
944
X509 *cert;
lib/libssl/tls13_server.c
972
if ((cert = ctx->ssl->session->peer_cert) == NULL)
lib/libssl/tls13_server.c
974
if ((pkey = X509_get0_pubkey(cert)) == NULL)
lib/libtls/tls.c
285
tls_cert_hash(X509 *cert, char **hash)
lib/libtls/tls.c
293
if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1)
lib/libtls/tls.c
312
tls_cert_pubkey_hash(X509 *cert, char **hash)
lib/libtls/tls.c
320
if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
lib/libtls/tls_client.c
456
X509 *cert = NULL;
lib/libtls/tls_client.c
480
cert = SSL_get_peer_certificate(ctx->ssl_conn);
lib/libtls/tls_client.c
481
if (cert == NULL) {
lib/libtls/tls_client.c
486
if (tls_check_name(ctx, cert, ctx->servername, &match) == -1)
lib/libtls/tls_client.c
506
X509_free(cert);
lib/libtls/tls_config.c
388
tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
lib/libtls/tls_config.c
396
if (tls_keypair_set_cert_mem(keypair, &config->error, cert, cert_len) != 0)
lib/libtls/tls_config.c
416
tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
lib/libtls/tls_config.c
419
return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
lib/libtls/tls_config.c
432
tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
lib/libtls/tls_config.c
436
return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
lib/libtls/tls_config.c
475
tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
lib/libtls/tls_config.c
479
cert, len);
lib/libtls/tls_config.c
664
tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
lib/libtls/tls_config.c
668
if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
lib/libtls/tls_config.c
688
tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
lib/libtls/tls_config.c
691
return tls_config_set_keypair_mem_internal(config, cert, cert_len,
lib/libtls/tls_config.c
704
tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
lib/libtls/tls_config.c
708
return tls_config_set_keypair_mem_internal(config, cert, cert_len,
lib/libtls/tls_internal.h
244
int tls_check_name(struct tls *ctx, X509 *cert, const char *servername,
lib/libtls/tls_keypair.c
136
X509 **cert)
lib/libtls/tls_keypair.c
143
X509_free(*cert);
lib/libtls/tls_keypair.c
144
*cert = NULL;
lib/libtls/tls_keypair.c
157
if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
lib/libtls/tls_keypair.c
35
X509 *cert = NULL;
lib/libtls/tls_keypair.c
46
if (tls_keypair_load_cert(keypair, error, &cert) == -1)
lib/libtls/tls_keypair.c
48
if (tls_cert_pubkey_hash(cert, &keypair->pubkey_hash) == -1)
lib/libtls/tls_keypair.c
54
X509_free(cert);
lib/libtls/tls_keypair.c
79
const uint8_t *cert, size_t len)
lib/libtls/tls_keypair.c
81
if (tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len) == -1)
lib/libtls/tls_signer.c
102
if ((bio = BIO_new_mem_buf(cert, cert_len)) == NULL) {
lib/libtls/tls_signer.c
173
char *cert = NULL, *key = NULL;
lib/libtls/tls_signer.c
178
&cert, &cert_len) == -1)
lib/libtls/tls_signer.c
185
rv = tls_signer_add_keypair_mem(signer, cert, cert_len, key, key_len);
lib/libtls/tls_signer.c
188
free(cert);
lib/libtls/tls_signer.c
90
tls_signer_add_keypair_mem(struct tls_signer *signer, const uint8_t *cert,
lib/libtls/tls_verify.c
101
altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name, &critical,
lib/libtls/tls_verify.c
213
tls_get_common_name_internal(X509 *cert, char **out_common_name,
lib/libtls/tls_verify.c
230
subject_name = X509_get_subject_name(cert);
lib/libtls/tls_verify.c
319
tls_get_common_name(struct tls *ctx, X509 *cert, const char *in_name,
lib/libtls/tls_verify.c
325
if (tls_get_common_name_internal(cert, out_common_name, &errcode,
lib/libtls/tls_verify.c
341
tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
lib/libtls/tls_verify.c
348
if (tls_get_common_name(ctx, cert, name, &common_name) == -1)
lib/libtls/tls_verify.c
376
tls_check_name(struct tls *ctx, X509 *cert, const char *name, int *match)
lib/libtls/tls_verify.c
382
if (tls_check_subject_altname(ctx, cert, name, match,
lib/libtls/tls_verify.c
393
return tls_check_common_name(ctx, cert, name, match);
lib/libtls/tls_verify.c
88
tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
regress/lib/libcrypto/cms/cmstest.c
153
X509 *cert = NULL;
regress/lib/libcrypto/cms/cmstest.c
166
if ((cert = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL)) == NULL)
regress/lib/libcrypto/cms/cmstest.c
168
if (!sk_X509_push(certs, cert))
regress/lib/libcrypto/cms/cmstest.c
198
if (!CMS_decrypt(ci, pkey, cert, NULL, bio_mem, 0)) {
regress/lib/libcrypto/cms/cmstest.c
235
X509_free(cert);
regress/lib/libcrypto/cms/cmstest.c
250
X509 *cert = NULL;
regress/lib/libcrypto/cms/cmstest.c
264
if ((cert = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL)) == NULL)
regress/lib/libcrypto/cms/cmstest.c
266
if (!sk_X509_push(certs, cert))
regress/lib/libcrypto/cms/cmstest.c
289
if ((ci = CMS_sign(cert, pkey, NULL, bio_mem, 0)) == NULL) {
regress/lib/libcrypto/cms/cmstest.c
343
X509_free(cert);
regress/lib/libcrypto/ct/cttest.c
162
cert_from_file(const char *filename, X509 **cert)
regress/lib/libcrypto/ct/cttest.c
174
*cert = x;
regress/lib/libcrypto/ct/cttest.c
275
X509 *cert = NULL;
regress/lib/libcrypto/ct/cttest.c
281
cert_from_file(test_cert_file, &cert);
regress/lib/libcrypto/ct/cttest.c
283
if ((idx = X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1)) == -1) {
regress/lib/libcrypto/ct/cttest.c
287
if ((ext = X509_get_ext(cert, idx)) == NULL) {
regress/lib/libcrypto/ct/cttest.c
304
X509_free(cert);
regress/lib/libcrypto/ct/cttest.c
406
X509 *cert = NULL, *issuer = NULL;
regress/lib/libcrypto/ct/cttest.c
411
cert_from_file(test_cert_file, &cert);
regress/lib/libcrypto/ct/cttest.c
425
if (!CT_POLICY_EVAL_CTX_set1_cert(ct_policy, cert))
regress/lib/libcrypto/ct/cttest.c
451
X509_free(cert);
regress/lib/libcrypto/pkcs7/pkcs7test.c
134
X509 *cert;
regress/lib/libcrypto/pkcs7/pkcs7test.c
158
cert = PEM_read_bio_X509_AUX(bio_cert, NULL, NULL, NULL);
regress/lib/libcrypto/pkcs7/pkcs7test.c
159
if (cert == NULL)
regress/lib/libcrypto/pkcs7/pkcs7test.c
161
sk_X509_push(certs, cert);
regress/lib/libcrypto/pkcs7/pkcs7test.c
204
if (PKCS7_decrypt(p7, pkey, cert, bio_out, 0) != 1)
regress/lib/libcrypto/pkcs7/pkcs7test.c
223
p7 = PKCS7_sign(cert, pkey, certs, bio_content, 0);
regress/lib/libcrypto/pkcs7/pkcs7test.c
261
if (PKCS7_sign_add_signer(p7, cert, pkey, NULL, flags) == NULL)
regress/lib/libcrypto/pkcs7/pkcs7test.c
296
X509_free(cert);
regress/lib/libcrypto/x509/bettertls/verify.c
104
STACK_OF(X509) *roots = NULL, *bundle = NULL, *cert = NULL;
regress/lib/libcrypto/x509/bettertls/verify.c
118
if (!certs_from_file(cert_file, &cert))
regress/lib/libcrypto/x509/bettertls/verify.c
120
if (sk_X509_num(cert) < 1)
regress/lib/libcrypto/x509/bettertls/verify.c
122
leaf = sk_X509_shift(cert);
regress/lib/libcrypto/x509/bettertls/verify.c
187
sk_X509_pop_free(cert, X509_free);
regress/lib/libcrypto/x509/verify.c
224
X509 *cert = sk_X509_value(chain, i);
regress/lib/libcrypto/x509/verify.c
226
X509_get_subject_name(cert), 0,
regress/lib/libssl/interop/botan/client.cpp
132
Botan::X509_Certificate cert(file);
regress/lib/libssl/interop/botan/client.cpp
133
m_ca.add_certificate(cert);
regress/lib/libssl/ssl/ssltest.c
365
X509 *cert = NULL;
regress/lib/libssl/ssl/ssltest.c
373
if ((cert = SSL_get_peer_certificate(c_ssl)) == NULL)
regress/lib/libssl/ssl/ssltest.c
375
if ((pkey = X509_get0_pubkey(cert)) == NULL)
regress/lib/libssl/ssl/ssltest.c
403
X509_free(cert);
regress/lib/libssl/verify/verify.c
105
.cert = NULL,
regress/lib/libssl/verify/verify.c
111
.cert = "server-common-wildcard.pem",
regress/lib/libssl/verify/verify.c
122
.cert = NULL,
regress/lib/libssl/verify/verify.c
128
.cert = "server-subca-chainS.pem",
regress/lib/libssl/verify/verify.c
150
if (!SSL_CTX_use_certificate_file(ctx, config->cert,
regress/lib/libssl/verify/verify.c
34
const char *cert;
regress/lib/libssl/verify/verify.c
52
.cert = NULL,
regress/lib/libssl/verify/verify.c
58
.cert = "server-unusual-wildcard.pem",
regress/lib/libssl/verify/verify.c
70
.cert = NULL,
regress/lib/libssl/verify/verify.c
76
.cert = "server-unusual-wildcard.pem",
regress/lib/libssl/verify/verify.c
87
.cert = NULL,
regress/lib/libssl/verify/verify.c
93
.cert = "server-common-wildcard.pem",
regress/lib/libtls/keypair/keypairtest.c
118
if (compare_mem("certificate", cert, cert_len, kp->cert_mem,
regress/lib/libtls/keypair/keypairtest.c
140
if (tls_keypair_set_cert_mem(kp, &err, cert, cert_len) == -1) {
regress/lib/libtls/keypair/keypairtest.c
153
if (compare_mem("certificate", cert, cert_len, kp->cert_mem,
regress/lib/libtls/keypair/keypairtest.c
186
free((uint8_t *)cert);
regress/lib/libtls/keypair/keypairtest.c
88
const uint8_t *cert, *key, *ocsp_staple;
regress/lib/libtls/keypair/keypairtest.c
94
load_file(cert_file, &cert, &cert_len);
regress/lib/libtls/verify/verifytest.c
25
extern int tls_check_name(struct tls *ctx, X509 *cert, const char *name,
regress/lib/libtls/verify/verifytest.c
437
cert_add_alt_names(X509 *cert, struct verify_test *vt)
regress/lib/libtls/verify/verifytest.c
454
if (X509_add1_ext_i2d(cert, NID_subject_alt_name,
regress/lib/libtls/verify/verifytest.c
466
X509 *cert;
regress/lib/libtls/verify/verifytest.c
471
if ((cert = X509_new()) == NULL)
regress/lib/libtls/verify/verifytest.c
482
if (X509_set_subject_name(cert, name) == 0)
regress/lib/libtls/verify/verifytest.c
490
cert_add_alt_names(cert, vt);
regress/lib/libtls/verify/verifytest.c
494
if (tls_check_name(tls, cert, vt->name, &match) != vt->want_return) {
regress/lib/libtls/verify/verifytest.c
508
X509_free(cert);
regress/sbin/isakmpd/x509/x509test.c
164
X509 *cert;
regress/sbin/isakmpd/x509/x509test.c
212
cert = PEM_read_bio_X509 (certfile, NULL, NULL, NULL);
regress/sbin/isakmpd/x509/x509test.c
214
cert = PEM_read_bio_X509 (certfile, NULL, NULL);
regress/sbin/isakmpd/x509/x509test.c
217
if (cert == NULL)
regress/sbin/isakmpd/x509/x509test.c
223
pkey_pub = X509_get_pubkey (cert);
regress/sbin/isakmpd/x509/x509test.c
249
err = X509_verify (cert, pkey_pub);
regress/sbin/isakmpd/x509/x509test.c
277
if (!x509_check_subjectaltname (idpayload, sizeof idpayload, cert))
regress/usr.bin/ssh/unittests/authopt/tests.c
289
struct sshkey *cert;
regress/usr.bin/ssh/unittests/authopt/tests.c
297
sshkey_free(cert); \
regress/usr.bin/ssh/unittests/authopt/tests.c
302
cert = load_key("no_" keybase ".cert"); \
regress/usr.bin/ssh/unittests/authopt/tests.c
305
opts = sshauthopt_from_cert(cert); \
regress/usr.bin/ssh/unittests/authopt/tests.c
309
cert = load_key("only_" keybase ".cert"); \
regress/usr.bin/ssh/unittests/authopt/tests.c
313
opts = sshauthopt_from_cert(cert); \
regress/usr.bin/ssh/unittests/authopt/tests.c
325
cert = load_key("all_permit.cert");
regress/usr.bin/ssh/unittests/authopt/tests.c
327
opts = sshauthopt_from_cert(cert);
regress/usr.bin/ssh/unittests/authopt/tests.c
332
cert = load_key("no_permit.cert");
regress/usr.bin/ssh/unittests/authopt/tests.c
335
opts = sshauthopt_from_cert(cert);
regress/usr.bin/ssh/unittests/authopt/tests.c
340
cert = load_key("force_command.cert");
regress/usr.bin/ssh/unittests/authopt/tests.c
344
opts = sshauthopt_from_cert(cert);
regress/usr.bin/ssh/unittests/authopt/tests.c
349
cert = load_key("sourceaddr.cert");
regress/usr.bin/ssh/unittests/authopt/tests.c
353
opts = sshauthopt_from_cert(cert);
regress/usr.bin/ssh/unittests/authopt/tests.c
361
cert = load_key(keybase ".cert"); \
regress/usr.bin/ssh/unittests/authopt/tests.c
362
opts = sshauthopt_from_cert(cert); \
regress/usr.bin/ssh/unittests/authopt/tests.c
364
sshkey_free(cert); \
regress/usr.bin/ssh/unittests/authopt/tests.c
376
struct sshkey *cert;
regress/usr.bin/ssh/unittests/authopt/tests.c
388
cert = load_key(keyname ".cert"); \
regress/usr.bin/ssh/unittests/authopt/tests.c
389
cert_opts = sshauthopt_from_cert(cert); \
regress/usr.bin/ssh/unittests/authopt/tests.c
406
sshkey_free(cert); \
regress/usr.bin/ssh/unittests/sshkey/test_file.c
105
ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa");
regress/usr.bin/ssh/unittests/sshkey/test_file.c
114
ASSERT_STRING_EQ(k2->cert->signature_type, "rsa-sha2-512");
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
415
ASSERT_PTR_NE(k1->cert, NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
416
k1->cert->type = SSH2_CERT_TYPE_USER;
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
417
k1->cert->serial = 1234;
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
418
k1->cert->key_id = strdup("estragon");
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
419
ASSERT_PTR_NE(k1->cert->key_id, NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
420
k1->cert->principals = calloc(4, sizeof(*k1->cert->principals));
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
421
ASSERT_PTR_NE(k1->cert->principals, NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
422
k1->cert->principals[0] = strdup("estragon");
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
423
k1->cert->principals[1] = strdup("vladimir");
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
424
k1->cert->principals[2] = strdup("pozzo");
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
425
k1->cert->principals[3] = strdup("lucky");
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
426
ASSERT_PTR_NE(k1->cert->principals[0], NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
427
ASSERT_PTR_NE(k1->cert->principals[1], NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
428
ASSERT_PTR_NE(k1->cert->principals[2], NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
429
ASSERT_PTR_NE(k1->cert->principals[3], NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
430
k1->cert->nprincipals = 4;
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
431
k1->cert->valid_after = 0;
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
432
k1->cert->valid_before = (uint64_t)-1;
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
433
sshbuf_free(k1->cert->critical);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
434
k1->cert->critical = sshbuf_new();
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
435
ASSERT_PTR_NE(k1->cert->critical, NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
436
sshbuf_free(k1->cert->extensions);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
437
k1->cert->extensions = sshbuf_new();
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
438
ASSERT_PTR_NE(k1->cert->extensions, NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
439
put_opt(k1->cert->critical, "force-command", "/usr/bin/true");
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
440
put_opt(k1->cert->critical, "source-address", "127.0.0.1");
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
441
put_opt(k1->cert->extensions, "permit-X11-forwarding", NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
442
put_opt(k1->cert->extensions, "permit-agent-forwarding", NULL);
regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
443
ASSERT_INT_EQ(sshkey_from_private(k2, &k1->cert->signature_key), 0);
regress/usr.sbin/rpki-client/constraints-dummy.c
9
constraints_validate(const char *fn, const struct cert *cert)
regress/usr.sbin/rpki-client/test-aspa.c
43
struct cert *cert = NULL;
regress/usr.sbin/rpki-client/test-aspa.c
66
if ((p = aspa_parse(&cert, argv[i], -1, buf, len)) == NULL) {
regress/usr.sbin/rpki-client/test-aspa.c
71
aspa_print(cert, p);
regress/usr.sbin/rpki-client/test-aspa.c
74
cert_free(cert);
regress/usr.sbin/rpki-client/test-aspa.c
75
cert = NULL;
regress/usr.sbin/rpki-client/test-cert.c
44
struct cert *p;
regress/usr.sbin/rpki-client/test-mft.c
45
struct cert *cert = NULL;
regress/usr.sbin/rpki-client/test-mft.c
68
if ((p = mft_parse(&cert, argv[i], -1, buf, len)) == NULL) {
regress/usr.sbin/rpki-client/test-mft.c
73
mft_print(cert, p);
regress/usr.sbin/rpki-client/test-mft.c
76
cert_free(cert);
regress/usr.sbin/rpki-client/test-mft.c
77
cert = NULL;
regress/usr.sbin/rpki-client/test-roa.c
42
struct cert *cert = NULL;
regress/usr.sbin/rpki-client/test-roa.c
65
if ((p = roa_parse(&cert, argv[i], -1, buf, len)) == NULL) {
regress/usr.sbin/rpki-client/test-roa.c
70
roa_print(cert, p);
regress/usr.sbin/rpki-client/test-roa.c
73
cert_free(cert);
regress/usr.sbin/rpki-client/test-roa.c
74
cert = NULL;
regress/usr.sbin/rpki-client/test-rsc.c
45
struct cert *cert = NULL;
regress/usr.sbin/rpki-client/test-rsc.c
68
if ((p = rsc_parse(&cert, argv[i], -1, buf, len)) == NULL) {
regress/usr.sbin/rpki-client/test-rsc.c
73
rsc_print(cert, p);
regress/usr.sbin/rpki-client/test-rsc.c
76
cert_free(cert);
regress/usr.sbin/rpki-client/test-rsc.c
77
cert = NULL;
regress/usr.sbin/rpki-client/test-spl.c
43
struct cert *cert = NULL;
regress/usr.sbin/rpki-client/test-spl.c
66
if ((p = spl_parse(&cert, argv[i], -1, buf, len)) == NULL) {
regress/usr.sbin/rpki-client/test-spl.c
71
spl_print(cert, p);
regress/usr.sbin/rpki-client/test-spl.c
74
cert_free(cert);
regress/usr.sbin/rpki-client/test-spl.c
75
cert = NULL;
regress/usr.sbin/rpki-client/test-tak.c
43
struct cert *cert = NULL;
regress/usr.sbin/rpki-client/test-tak.c
66
if ((p = tak_parse(&cert, argv[i], -1, buf, len)) == NULL) {
regress/usr.sbin/rpki-client/test-tak.c
71
tak_print(cert, p);
regress/usr.sbin/rpki-client/test-tak.c
74
cert_free(cert);
regress/usr.sbin/rpki-client/test-tak.c
75
cert = NULL;
sbin/iked/ca.c
1211
X509 *cert;
sbin/iked/ca.c
1224
cert = X509_OBJECT_get0_X509(xo);
sbin/iked/ca.c
1225
if ((issuer = X509_get_issuer_name(cert)) == NULL)
sbin/iked/ca.c
1230
if (ca_x509_subject_cmp(cert, id) == 0)
sbin/iked/ca.c
1231
return (cert);
sbin/iked/ca.c
1234
if (ca_x509_subjectaltname_cmp(cert, id) == 0)
sbin/iked/ca.c
1235
return (cert);
sbin/iked/ca.c
1249
X509 *cert;
sbin/iked/ca.c
1258
cert = X509_OBJECT_get0_X509(xo);
sbin/iked/ca.c
1261
if (ca_x509_subject_cmp(cert, id) == 0)
sbin/iked/ca.c
1262
return (cert);
sbin/iked/ca.c
1265
if (ca_x509_subjectaltname_cmp(cert, id) == 0)
sbin/iked/ca.c
1266
return (cert);
sbin/iked/ca.c
1279
X509 *cert;
sbin/iked/ca.c
1287
cert = X509_OBJECT_get0_X509(xo);
sbin/iked/ca.c
1288
ca_cert_info(msg, cert);
sbin/iked/ca.c
1293
ca_cert_local(struct iked *env, X509 *cert)
sbin/iked/ca.c
1303
if ((certkey = X509_get0_pubkey(cert)) == NULL) {
sbin/iked/ca.c
1321
ca_cert_info(const char *msg, X509 *cert)
sbin/iked/ca.c
1329
if ((asn1_serial = X509_get_serialNumber(cert)) == NULL ||
sbin/iked/ca.c
1334
name = X509_get_issuer_name(cert);
sbin/iked/ca.c
1342
name = X509_get_subject_name(cert);
sbin/iked/ca.c
1346
ca_x509_subjectaltname_log(cert, msg);
sbin/iked/ca.c
1386
X509 *cert;
sbin/iked/ca.c
1398
cert = X509_OBJECT_get0_X509(xo);
sbin/iked/ca.c
1399
if ((subject = X509_get_subject_name(cert)) == NULL ||
sbin/iked/ca.c
1878
X509 *cert = NULL;
sbin/iked/ca.c
1890
cert = (X509 *)data;
sbin/iked/ca.c
1895
if ((cert = d2i_X509_bio(rawcert, NULL)) == NULL)
sbin/iked/ca.c
1900
if (X509_get_subject_name(cert) == NULL) {
sbin/iked/ca.c
1906
if ((pkey = X509_get0_pubkey(cert)) == NULL) {
sbin/iked/ca.c
1918
if (ca_x509_subject_cmp(cert, id) < 0) {
sbin/iked/ca.c
1924
if (ca_x509_subjectaltname_cmp(cert, id) != 0) {
sbin/iked/ca.c
1937
X509_STORE_CTX_init(csc, store->ca_cas, cert, untrusted);
sbin/iked/ca.c
1950
if (X509_STORE_CTX_get1_issuer(issuerp, csc, cert) != 1) {
sbin/iked/ca.c
1972
if (cert != NULL) {
sbin/iked/ca.c
1973
subj = X509_get_subject_name(cert);
sbin/iked/ca.c
1986
X509_free(cert);
sbin/iked/ca.c
1995
ca_x509_subject_cmp(X509 *cert, struct iked_static_id *id)
sbin/iked/ca.c
2004
if ((subject = X509_get_subject_name(cert)) == NULL)
sbin/iked/ca.c
2022
ca_x509_subjectaltname_do(X509 *cert, int mode, const char *logmsg,
sbin/iked/ca.c
2034
if ((stack = X509_get_ext_d2i(cert, NID_subject_alt_name,
sbin/iked/ca.c
2127
ca_x509_subjectaltname_log(X509 *cert, const char *logmsg)
sbin/iked/ca.c
2129
return ca_x509_subjectaltname_do(cert, MODE_ALT_LOG, logmsg, NULL, NULL);
sbin/iked/ca.c
2133
ca_x509_subjectaltname_cmp(X509 *cert, struct iked_static_id *id)
sbin/iked/ca.c
2135
return ca_x509_subjectaltname_do(cert, MODE_ALT_CMP, NULL, id, NULL);
sbin/iked/ca.c
2139
ca_x509_subjectaltname_get(X509 *cert, struct iked_id *retid)
sbin/iked/ca.c
2141
return ca_x509_subjectaltname_do(cert, MODE_ALT_GET, NULL, NULL, retid);
sbin/iked/ca.c
232
X509 *cert;
sbin/iked/ca.c
298
cert = d2i_X509_bio(rawcert, NULL);
sbin/iked/ca.c
300
if (cert == NULL) {
sbin/iked/ca.c
306
if (!sk_X509_push(untrusted, cert)) {
sbin/iked/ca.c
309
X509_free(cert);
sbin/iked/ca.c
463
ca_setscert(struct iked *env, struct iked_sahdr *sh, uint8_t type, X509 *cert)
sbin/iked/ca.c
470
if ((buf = ca_x509_serialize(cert)) == NULL)
sbin/iked/ca.c
606
X509 *issuer = NULL, *cert;
sbin/iked/ca.c
643
cert = ca_by_subjectaltname(store->ca_certs, &id);
sbin/iked/ca.c
644
if (cert) {
sbin/iked/ca.c
646
if ((certkey = X509_get0_pubkey(cert)) != NULL) {
sbin/iked/ca.c
716
X509 *cert;
sbin/iked/ca.c
724
if ((cert = ca_by_issuer(store->ca_certs, subject, id)) != NULL) {
sbin/iked/ca.c
725
*dst = cert;
sbin/iked/ca.c
734
cert = X509_OBJECT_get0_X509(xo);
sbin/iked/ca.c
735
if ((issuer = X509_get_issuer_name(cert)) == NULL)
sbin/iked/ca.c
738
if ((subj = X509_get_subject_name(cert)) == NULL)
sbin/iked/ca.c
746
*dst = cert;
sbin/iked/ca.c
764
X509 *ca = NULL, *cert = NULL;
sbin/iked/ca.c
78
int ca_x509_subjectaltname_get(X509 *cert, struct iked_id *);
sbin/iked/ca.c
831
cert = chain[chain_len - 1];
sbin/iked/ca.c
832
if (!ca_cert_local(env, cert)) {
sbin/iked/ca.c
853
if (cert == NULL && more)
sbin/iked/ca.c
856
if (cert == NULL)
sbin/iked/ca.c
857
cert = ca_by_subjectaltname(store->ca_certs, &id);
sbin/iked/ca.c
860
if (cert != NULL)
sbin/iked/ca.c
864
if (cert == NULL) {
sbin/iked/ca.c
881
subj = X509_get_subject_name(cert);
sbin/iked/ca.c
891
if ((buf = ca_x509_serialize(cert)) == NULL)
sbin/iked/crypto.c
778
X509 *cert = NULL;
sbin/iked/crypto.c
794
if ((cert = d2i_X509_bio(rawcert, NULL)) == NULL)
sbin/iked/crypto.c
796
if ((pkey = X509_get_pubkey(cert)) == NULL)
sbin/iked/crypto.c
843
X509_free(cert);
sbin/iked/crypto.c
856
X509_free(cert);
sbin/iked/eap.c
132
if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
sbin/iked/eap.c
134
cert->cert_type = certid->id_type;
sbin/iked/eap.c
137
len = ibuf_size(certid->id_buf) + sizeof(*cert);
sbin/iked/eap.c
147
if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
sbin/iked/eap.c
149
cert->cert_type = sa->sa_scert[i].id_type;
sbin/iked/eap.c
152
len = ibuf_size(sa->sa_scert[i].id_buf) + sizeof(*cert);
sbin/iked/eap.c
92
struct ikev2_cert *cert;
sbin/iked/ikev2.c
1122
cert = ibuf_data(msg->msg_cert.id_buf);
sbin/iked/ikev2.c
1126
if (ca_setcert(env, &sa->sa_hdr, id, certtype, cert, certlen, PROC_CERT) == -1)
sbin/iked/ikev2.c
1600
struct ikev2_cert *cert;
sbin/iked/ikev2.c
1656
if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
sbin/iked/ikev2.c
1658
cert->cert_type = certid->id_type;
sbin/iked/ikev2.c
1661
len = ibuf_size(certid->id_buf) + sizeof(*cert);
sbin/iked/ikev2.c
1671
if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
sbin/iked/ikev2.c
1673
cert->cert_type = sa->sa_scert[i].id_type;
sbin/iked/ikev2.c
1676
len = ibuf_size(sa->sa_scert[i].id_buf) + sizeof(*cert);
sbin/iked/ikev2.c
2111
struct ikev2_cert *cert;
sbin/iked/ikev2.c
2123
if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
sbin/iked/ikev2.c
2126
cert->cert_type = type;
sbin/iked/ikev2.c
2127
len = sizeof(*cert);
sbin/iked/ikev2.c
2129
if (certreq != NULL && cert->cert_type == IKEV2_CERT_X509_CERT) {
sbin/iked/ikev2.c
3914
struct ikev2_cert *cert;
sbin/iked/ikev2.c
3975
if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
sbin/iked/ikev2.c
3977
cert->cert_type = certid->id_type;
sbin/iked/ikev2.c
3980
len = ibuf_size(certid->id_buf) + sizeof(*cert);
sbin/iked/ikev2.c
3990
if ((cert = ibuf_reserve(e,
sbin/iked/ikev2.c
3991
sizeof(*cert))) == NULL)
sbin/iked/ikev2.c
3993
cert->cert_type = sa->sa_scert[i].id_type;
sbin/iked/ikev2.c
3998
+ sizeof(*cert);
sbin/iked/ikev2.c
7751
X509 *cert = NULL;
sbin/iked/ikev2.c
7759
(cert = d2i_X509_bio(rawcert, NULL)) == NULL)
sbin/iked/ikev2.c
7761
ca_cert_info(msg, cert);
sbin/iked/ikev2.c
7763
if (cert)
sbin/iked/ikev2.c
7764
X509_free(cert);
sbin/iked/ikev2.c
950
uint8_t *cert = NULL;
sbin/iked/ikev2_pld.c
791
struct ikev2_cert *cert)
sbin/iked/ikev2_pld.c
795
if (left < sizeof(*cert)) {
sbin/iked/ikev2_pld.c
797
"(%zu < %zu)", __func__, left, sizeof(*cert));
sbin/iked/ikev2_pld.c
800
memcpy(cert, msgbuf + offset, sizeof(*cert));
sbin/iked/ikev2_pld.c
801
if (cert->cert_type == IKEV2_CERT_NONE) {
sbin/iked/ikev2_pld.c
813
struct ikev2_cert cert;
sbin/iked/ikev2_pld.c
821
if (ikev2_validate_cert(msg, offset, left, &cert))
sbin/iked/ikev2_pld.c
823
offset += sizeof(cert);
sbin/iked/ikev2_pld.c
826
len = left - sizeof(cert);
sbin/iked/ikev2_pld.c
829
__func__, print_map(cert.cert_type, ikev2_cert_map), len);
sbin/iked/ikev2_pld.c
837
if (cert.cert_type == IKEV2_CERT_BUNDLE) {
sbin/iked/ikev2_pld.c
862
certid->id_type = cert.cert_type;
sbin/iked/ikev2_pld.c
870
struct ikev2_cert *cert)
sbin/iked/ikev2_pld.c
874
if (left < sizeof(*cert)) {
sbin/iked/ikev2_pld.c
876
"(%zu < %zu)", __func__, left, sizeof(*cert));
sbin/iked/ikev2_pld.c
879
memcpy(cert, msgbuf + offset, sizeof(*cert));
sbin/iked/ikev2_pld.c
888
struct ikev2_cert cert;
sbin/iked/ikev2_pld.c
894
if (ikev2_validate_certreq(msg, offset, left, &cert))
sbin/iked/ikev2_pld.c
896
offset += sizeof(cert);
sbin/iked/ikev2_pld.c
899
len = left - sizeof(cert);
sbin/iked/ikev2_pld.c
902
__func__, print_map(cert.cert_type, ikev2_cert_map), len);
sbin/iked/ikev2_pld.c
909
if (cert.cert_type == IKEV2_CERT_X509_CERT) {
sbin/iked/ikev2_pld.c
930
cr->cr_type = cert.cert_type;
sbin/iked/ocsp.c
275
X509 *cert = NULL;
sbin/iked/ocsp.c
292
(cert = d2i_X509_bio(rawcert, NULL)) == NULL ||
sbin/iked/ocsp.c
295
(id = OCSP_cert_to_id(NULL, cert, issuer)) == NULL ||
sbin/iked/ocsp.c
303
X509_free(cert);
sbin/iked/ocsp.c
333
X509_free(cert);
sbin/isakmpd/exchange.c
1664
u_int8_t *cert = 0, *new_cert = 0;
sbin/isakmpd/exchange.c
1685
if (!aca->handler->cert_obtain(id, id_len, aca->data, &cert,
sbin/isakmpd/exchange.c
1689
free(cert);
sbin/isakmpd/exchange.c
1692
new_cert = realloc(cert, ISAKMP_CERT_SZ + certlen);
sbin/isakmpd/exchange.c
1695
"failed", cert, ISAKMP_CERT_SZ + certlen);
sbin/isakmpd/exchange.c
1696
free(cert);
sbin/isakmpd/exchange.c
1699
cert = new_cert;
sbin/isakmpd/exchange.c
1700
memmove(cert + ISAKMP_CERT_DATA_OFF, cert, certlen);
sbin/isakmpd/exchange.c
1701
SET_ISAKMP_CERT_ENCODING(cert, aca->id);
sbin/isakmpd/exchange.c
1702
if (message_add_payload(msg, ISAKMP_PAYLOAD_CERT, cert,
sbin/isakmpd/exchange.c
1704
free(cert);
sbin/isakmpd/exchange.c
1713
cert = NULL;
sbin/isakmpd/ike_auth.c
564
void *cert = 0;
sbin/isakmpd/ike_auth.c
615
cert = handler->cert_get(rawcert, rawcertlen);
sbin/isakmpd/ike_auth.c
616
if (!cert)
sbin/isakmpd/ike_auth.c
620
if (!handler->cert_get_key(cert, &key)) {
sbin/isakmpd/ike_auth.c
623
handler->cert_free(cert);
sbin/isakmpd/ike_auth.c
629
exchange->recv_cert = cert;
sbin/isakmpd/ike_auth.c
632
cert);
sbin/isakmpd/ike_auth.c
662
cert = handler->cert_get(p->p + ISAKMP_CERT_DATA_OFF,
sbin/isakmpd/ike_auth.c
664
if (!cert) {
sbin/isakmpd/ike_auth.c
669
if (!handler->cert_validate(cert)) {
sbin/isakmpd/ike_auth.c
670
handler->cert_free(cert);
sbin/isakmpd/ike_auth.c
677
if (!handler->cert_get_subjects(cert, &n, &id_cert,
sbin/isakmpd/ike_auth.c
679
handler->cert_free(cert);
sbin/isakmpd/ike_auth.c
694
handler->cert_free(cert);
sbin/isakmpd/ike_auth.c
702
if (!handler->cert_get_key(cert, &key)) {
sbin/isakmpd/ike_auth.c
703
handler->cert_free(cert);
sbin/isakmpd/ike_auth.c
709
handler->cert_insert(exchange->policy_id, cert);
sbin/isakmpd/ike_auth.c
711
exchange->recv_cert = cert;
sbin/isakmpd/message.c
569
struct cert_handler *cert;
sbin/isakmpd/message.c
582
cert = cert_get(GET_ISAKMP_CERTREQ_TYPE(p->p));
sbin/isakmpd/message.c
583
if (!cert || (len && !cert->certreq_validate(p->p +
sbin/isakmpd/policy.c
2070
keynote_cert_free(void *cert)
sbin/isakmpd/policy.c
2072
free(cert);
sbin/isakmpd/policy.c
2116
keynote_cert_obtain(u_int8_t *id, size_t id_len, void *data, u_int8_t **cert,
sbin/isakmpd/policy.c
2196
*cert = calloc(size + 1, sizeof(char));
sbin/isakmpd/policy.c
2197
if (*cert == NULL) {
sbin/isakmpd/policy.c
2205
if (read(fd, *cert, size) != (int)size) {
sbin/isakmpd/policy.c
2209
free(cert);
sbin/isakmpd/policy.c
2210
cert = NULL;
sbin/isakmpd/policy.c
2280
keynote_cert_dup(void *cert)
sbin/isakmpd/policy.c
2282
return strdup((char *)cert);
sbin/isakmpd/policy.c
2286
keynote_serialize(void *cert, u_int8_t **data, u_int32_t *datalen)
sbin/isakmpd/policy.c
2288
*datalen = strlen((char *)cert) + 1;
sbin/isakmpd/policy.c
2289
*data = (u_int8_t *)strdup(cert); /* i.e an extra character at
sbin/isakmpd/policy.c
2297
keynote_printable(void *cert)
sbin/isakmpd/policy.c
2299
return strdup((char *)cert);
sbin/isakmpd/policy.c
2304
keynote_from_printable(char *cert)
sbin/isakmpd/policy.c
2306
return strdup(cert);
sbin/isakmpd/x509.c
102
x509_generate_kn(int id, X509 *cert)
sbin/isakmpd/x509.c
1079
x509_cert_obtain(u_int8_t *id, size_t id_len, void *data, u_int8_t **cert,
sbin/isakmpd/x509.c
1098
x509_serialize(scert, cert, certlen);
sbin/isakmpd/x509.c
1099
if (!*cert)
sbin/isakmpd/x509.c
1154
X509 *cert = scert;
sbin/isakmpd/x509.c
1171
type = x509_cert_subjectaltname(cert, &altname, &altlen);
sbin/isakmpd/x509.c
1192
subject = X509_get_subject_name(cert);
sbin/isakmpd/x509.c
124
cert));
sbin/isakmpd/x509.c
126
issuer = X509_get_issuer_name(cert);
sbin/isakmpd/x509.c
127
subject = X509_get_subject_name(cert);
sbin/isakmpd/x509.c
1279
X509 *cert = scert;
sbin/isakmpd/x509.c
1282
key = X509_get_pubkey(cert);
sbin/isakmpd/x509.c
1287
X509_free(cert);
sbin/isakmpd/x509.c
1317
x509_printable(void *cert)
sbin/isakmpd/x509.c
1323
x509_serialize(cert, &data, &datalen);
sbin/isakmpd/x509.c
133
if (!x509_cert_get_key(cert, &key)) {
sbin/isakmpd/x509.c
1334
x509_from_printable(char *cert)
sbin/isakmpd/x509.c
1340
plen = (strlen(cert) + 1) / 2;
sbin/isakmpd/x509.c
1346
ret = hex2raw(cert, buf, plen);
sbin/isakmpd/x509.c
172
X509_STORE_CTX_init(csc, x509_cas, cert, NULL);
sbin/isakmpd/x509.c
176
X509_STORE_CTX_init(csc, x509_certs, cert, NULL);
sbin/isakmpd/x509.c
223
if (((tm = X509_get_notBefore(cert)) == NULL) ||
sbin/isakmpd/x509.c
321
tm = X509_get_notAfter(cert);
sbin/isakmpd/x509.c
534
struct x509_hash *cert;
sbin/isakmpd/x509.c
539
for (cert = LIST_FIRST(&x509_tab[x509_hash(id, len)]); cert;
sbin/isakmpd/x509.c
540
cert = LIST_NEXT(cert, link)) {
sbin/isakmpd/x509.c
541
if (!x509_cert_get_subjects(cert->cert, &n, &cid, &clen))
sbin/isakmpd/x509.c
564
cert->cert));
sbin/isakmpd/x509.c
565
return cert->cert;
sbin/isakmpd/x509.c
574
x509_hash_enter(X509 *cert)
sbin/isakmpd/x509.c
582
if (!x509_cert_get_subjects(cert, &n, &id, &len)) {
sbin/isakmpd/x509.c
594
certh->cert = cert;
sbin/isakmpd/x509.c
601
cert, bucket));
sbin/isakmpd/x509.c
614
X509 *cert;
sbin/isakmpd/x509.c
657
cert = PEM_read_X509(certfp, NULL, NULL, NULL);
sbin/isakmpd/x509.c
659
cert = PEM_read_X509(certfp, NULL, NULL);
sbin/isakmpd/x509.c
663
if (cert == NULL) {
sbin/isakmpd/x509.c
672
if (!X509_STORE_add_cert(ctx, cert)) {
sbin/isakmpd/x509.c
684
if (!x509_hash_enter(cert))
sbin/isakmpd/x509.c
851
X509 *cert = (X509 *) scert;
sbin/isakmpd/x509.c
865
X509_STORE_CTX_init(csc, x509_cas, cert, NULL);
sbin/isakmpd/x509.c
88
X509 *cert;
sbin/isakmpd/x509.c
897
issuer = X509_get_issuer_name(cert);
sbin/isakmpd/x509.c
898
subject = X509_get_subject_name(cert);
sbin/isakmpd/x509.c
903
key = X509_get_pubkey(cert);
sbin/isakmpd/x509.c
909
if (X509_verify(cert, key) == -1) {
sbin/isakmpd/x509.c
919
X509 *cert;
sbin/isakmpd/x509.c
922
cert = X509_dup((X509 *)scert);
sbin/isakmpd/x509.c
923
if (!cert) {
sbin/isakmpd/x509.c
927
if (x509_generate_kn(id, cert) == 0) {
sbin/isakmpd/x509.c
930
X509_free(cert);
sbin/isakmpd/x509.c
934
res = x509_hash_enter(cert);
sbin/isakmpd/x509.c
936
X509_free(cert);
sbin/isakmpd/x509.c
942
x509_hash_lookup(X509 *cert)
sbin/isakmpd/x509.c
950
if (certh->cert == cert)
sbin/isakmpd/x509.c
956
x509_cert_free(void *cert)
sbin/isakmpd/x509.c
958
struct x509_hash *certh = x509_hash_lookup((X509 *) cert);
sbin/isakmpd/x509.c
962
X509_free((X509 *) cert);
sbin/isakmpd/x509.h
85
int x509_cert_subjectaltname(X509 * cert, const u_char **, u_int *);
sbin/unwind/libunbound/util/net_help.c
1145
log_cert(unsigned level, const char* str, void* cert)
sbin/unwind/libunbound/util/net_help.c
1154
X509_print_ex(bio, (X509*)cert, 0, (unsigned long)-1
sbin/unwind/libunbound/util/net_help.h
476
void log_cert(unsigned level, const char* str, void* cert);
usr.bin/dig/lib/dns/include/dns/cert.h
27
dns_cert_totext(dns_cert_t cert, isc_buffer_t *target);
usr.bin/dig/lib/dns/rcode.c
142
dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) {
usr.bin/dig/lib/dns/rcode.c
143
return (dns_mnemonic_totext(cert, target, certs));
usr.bin/openssl/apps.c
473
void *cb_data, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
usr.bin/openssl/apps.c
506
ret = PKCS12_parse(p12, pass, pkey, cert, ca);
usr.bin/openssl/apps.c
518
BIO *cert;
usr.bin/openssl/apps.c
520
if ((cert = BIO_new(BIO_s_file())) == NULL) {
usr.bin/openssl/apps.c
526
BIO_set_fp(cert, stdin, BIO_NOCLOSE);
usr.bin/openssl/apps.c
528
if (BIO_read_filename(cert, file) <= 0) {
usr.bin/openssl/apps.c
537
x = d2i_X509_bio(cert, NULL);
usr.bin/openssl/apps.c
539
x = PEM_read_bio_X509_AUX(cert, NULL, password_callback, NULL);
usr.bin/openssl/apps.c
541
if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL,
usr.bin/openssl/apps.c
555
BIO_free(cert);
usr.bin/openssl/apps.h
381
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
usr.bin/openssl/certhash.c
304
X509 *cert = NULL;
usr.bin/openssl/certhash.c
308
if ((cert = PEM_read_bio_X509(bio, NULL, NULL, NULL)) == NULL)
usr.bin/openssl/certhash.c
311
hash = X509_subject_name_hash(cert);
usr.bin/openssl/certhash.c
313
if (X509_digest(cert, digest, fingerprint, &len) != 1) {
usr.bin/openssl/certhash.c
321
X509_free(cert);
usr.bin/openssl/certhash.c
430
struct hashinfo *cert, *crl;
usr.bin/openssl/certhash.c
441
for (cert = *certs; cert != NULL; cert = cert->next) {
usr.bin/openssl/certhash.c
442
if (cert->is_dup == 1)
usr.bin/openssl/certhash.c
444
certhash_findlink(*links, cert);
usr.bin/openssl/certhash.c
453
for (cert = *certs; cert != NULL; cert = cert->next) {
usr.bin/openssl/certhash.c
454
if (cert->is_dup == 1 || cert->reference != NULL)
usr.bin/openssl/certhash.c
456
if (certhash_addlink(links, cert) == -1)
usr.bin/openssl/cms.c
108
X509 *cert;
usr.bin/openssl/cms.c
1307
if ((cfg.cert = load_cert(bio_err, *args,
usr.bin/openssl/cms.c
1311
if (!sk_X509_push(cfg.encerts, cfg.cert))
usr.bin/openssl/cms.c
1313
cfg.cert = NULL;
usr.bin/openssl/cms.c
1791
X509_free(cfg.cert);
usr.bin/openssl/cms.c
352
cfg.cert = load_cert(bio_err, arg, FORMAT_PEM,
usr.bin/openssl/cms.c
354
if (cfg.cert == NULL)
usr.bin/openssl/cms.c
357
if (!sk_X509_push(cfg.encerts, cfg.cert))
usr.bin/openssl/cms.c
360
cfg.cert = NULL;
usr.bin/openssl/crl2p7.c
238
p7s->cert = cert_stack;
usr.bin/openssl/ocsp.c
109
X509 *cert;
usr.bin/openssl/ocsp.c
1098
X509_free(cfg.cert);
usr.bin/openssl/ocsp.c
1123
add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, const EVP_MD *cert_id_md,
usr.bin/openssl/ocsp.c
1136
id = OCSP_cert_to_id(cert_id_md, cert, issuer);
usr.bin/openssl/ocsp.c
152
X509_free(cfg.cert);
usr.bin/openssl/ocsp.c
153
cfg.cert = load_cert(bio_err, arg, FORMAT_PEM, NULL,
usr.bin/openssl/ocsp.c
155
if (cfg.cert == NULL) {
usr.bin/openssl/ocsp.c
161
if (!add_ocsp_cert(&cfg.req, cfg.cert,
usr.bin/openssl/ocsp.c
83
static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
usr.bin/openssl/pkcs12.c
657
X509 *cert = sk_X509_shift(morecerts);
usr.bin/openssl/pkcs12.c
659
if (!sk_X509_push(certs, cert)) {
usr.bin/openssl/pkcs12.c
660
X509_free(cert);
usr.bin/openssl/pkcs12.c
692
X509 *cert = sk_X509_shift(chain2);
usr.bin/openssl/pkcs12.c
694
if (!sk_X509_push(certs, cert)) {
usr.bin/openssl/pkcs12.c
695
X509_free(cert);
usr.bin/openssl/pkcs12.c
81
static int get_cert_chain(X509 *cert, X509_STORE *store,
usr.bin/openssl/pkcs12.c
979
get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **out_chain)
usr.bin/openssl/pkcs12.c
987
if (!X509_STORE_CTX_init(store_ctx, store, cert, NULL))
usr.bin/openssl/pkcs7.c
220
certs = p7->d.sign->cert;
usr.bin/openssl/pkcs7.c
226
certs = p7->d.signed_and_enveloped->cert;
usr.bin/openssl/s_cb.c
230
set_cert_key_stuff(SSL_CTX * ctx, X509 * cert, EVP_PKEY * key)
usr.bin/openssl/s_cb.c
232
if (cert == NULL)
usr.bin/openssl/s_cb.c
234
if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
usr.bin/openssl/s_client.c
1031
if (!set_cert_key_stuff(ctx, cert, key))
usr.bin/openssl/s_client.c
1642
X509_free(cert);
usr.bin/openssl/s_client.c
874
X509 *cert = NULL;
usr.bin/openssl/s_client.c
955
cert = load_cert(bio_err, cfg.cert_file,
usr.bin/openssl/s_client.c
959
if (!cert) {
usr.bin/openssl/sess_id.c
210
if (cfg.cert) {
usr.bin/openssl/sess_id.c
217
if (!cfg.noout && !cfg.cert) {
usr.bin/openssl/sess_id.c
72
int cert;
usr.bin/openssl/sess_id.c
87
.opt.flag = &cfg.cert,
usr.bin/openssl/smime.c
1068
X509_free(cert);
usr.bin/openssl/smime.c
717
X509 *cert = NULL, *recip = NULL, *signer = NULL;
usr.bin/openssl/smime.c
833
if ((cert = load_cert(bio_err, *args, FORMAT_PEM,
usr.bin/openssl/smime.c
837
if (!sk_X509_push(encerts, cert))
usr.bin/openssl/smime.c
839
cert = NULL;
usr.bin/openssl/ts.c
121
int cert;
usr.bin/openssl/ts.c
204
.opt.flag = &cfg.cert,
usr.bin/openssl/ts.c
416
cfg.cert, cfg.in, cfg.out,
usr.bin/openssl/ts.c
531
const char *policy, int no_nonce, int cert, const char *in, const char *out,
usr.bin/openssl/ts.c
552
policy, no_nonce, cert);
usr.bin/openssl/ts.c
594
int no_nonce, int cert)
usr.bin/openssl/ts.c
657
if (!TS_REQ_set_cert_req(ts_req, cert))
usr.bin/openssl/ts.c
84
const char *policy, int no_nonce, int cert, const char *in, const char *out,
usr.bin/openssl/ts.c
89
const char *policy, int no_nonce, int cert);
usr.bin/openssl/x509.c
1575
set_key_identifiers(X509 *cert, EVP_PKEY *issuer_key)
usr.bin/openssl/x509.c
1582
if ((subject_key = X509_get0_pubkey(cert)) == NULL)
usr.bin/openssl/x509.c
1587
if (!X509_add1_ext_i2d(cert, NID_subject_key_identifier, ski, 0,
usr.bin/openssl/x509.c
1600
if (!X509_add1_ext_i2d(cert, NID_authority_key_identifier, aki, 0,
usr.bin/openssl/x509.c
1686
purpose_print(BIO *bio, X509 *cert, const X509_PURPOSE *pt)
usr.bin/openssl/x509.c
1694
idret = X509_check_purpose(cert, id, i);
usr.bin/openssl/x509.c
90
static int purpose_print(BIO *bio, X509 *cert, const X509_PURPOSE *pt);
usr.bin/ssh/auth-options.c
503
if (k == NULL || !sshkey_type_is_cert(k->type) || k->cert == NULL ||
usr.bin/ssh/auth-options.c
504
k->cert->type != SSH2_CERT_TYPE_USER)
usr.bin/ssh/auth-options.c
511
if (cert_option_list(ret, k->cert->critical,
usr.bin/ssh/auth-options.c
516
if (cert_option_list(ret, k->cert->extensions,
usr.bin/ssh/auth.c
215
cafp = sshkey_fingerprint(key->cert->signature_key,
usr.bin/ssh/auth.c
219
key->cert->key_id,
usr.bin/ssh/auth.c
220
(unsigned long long)key->cert->serial,
usr.bin/ssh/auth.c
221
sshkey_type(key->cert->signature_key),
usr.bin/ssh/auth2-hostbased.c
112
(key->cert == NULL || key->cert->signature_type == NULL) ?
usr.bin/ssh/auth2-hostbased.c
113
"(null)" : key->cert->signature_type);
usr.bin/ssh/auth2-hostbased.c
216
if ((fp = sshkey_fingerprint(key->cert->signature_key,
usr.bin/ssh/auth2-hostbased.c
220
"%s CA %s: %s", key->cert->key_id,
usr.bin/ssh/auth2-hostbased.c
221
(unsigned long long)key->cert->serial,
usr.bin/ssh/auth2-hostbased.c
222
sshkey_type(key->cert->signature_key), fp, reason);
usr.bin/ssh/auth2-hostbased.c
224
key->cert->key_id, (unsigned long long)key->cert->serial,
usr.bin/ssh/auth2-hostbased.c
244
if ((fp = sshkey_fingerprint(key->cert->signature_key,
usr.bin/ssh/auth2-hostbased.c
248
"%s CA %s from %s@%s", key->cert->key_id,
usr.bin/ssh/auth2-hostbased.c
249
sshkey_type(key->cert->signature_key), fp,
usr.bin/ssh/auth2-pubkey.c
168
(key->cert == NULL || key->cert->signature_type == NULL) ?
usr.bin/ssh/auth2-pubkey.c
169
"(null)" : key->cert->signature_type);
usr.bin/ssh/auth2-pubkey.c
179
ca_s = format_key(key->cert->signature_key);
usr.bin/ssh/auth2-pubkey.c
318
struct sshkey_cert *cert, struct sshauthopt **authoptsp)
usr.bin/ssh/auth2-pubkey.c
352
cert, &opts);
usr.bin/ssh/auth2-pubkey.c
378
const struct sshkey_cert *cert = key->cert;
usr.bin/ssh/auth2-pubkey.c
426
if ((ca_fp = sshkey_fingerprint(cert->signature_key,
usr.bin/ssh/auth2-pubkey.c
436
if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) {
usr.bin/ssh/auth2-pubkey.c
445
(unsigned long long)cert->serial);
usr.bin/ssh/auth2-pubkey.c
456
"T", sshkey_ssh_name(cert->signature_key),
usr.bin/ssh/auth2-pubkey.c
461
"i", cert->key_id,
usr.bin/ssh/auth2-pubkey.c
481
ok = auth_process_principals(f, "(command)", cert, authoptsp);
usr.bin/ssh/auth2-pubkey.c
527
if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
usr.bin/ssh/auth2-pubkey.c
531
if ((r = sshkey_in_file(key->cert->signature_key,
usr.bin/ssh/auth2-pubkey.c
534
sshkey_type(key->cert->signature_key), ca_fp,
usr.bin/ssh/auth2-pubkey.c
545
key->cert, &principals_opts))
usr.bin/ssh/auth2-pubkey.c
588
"signed by %s CA %s: %s", key->cert->key_id,
usr.bin/ssh/auth2-pubkey.c
589
(unsigned long long)key->cert->serial,
usr.bin/ssh/auth2-pubkey.c
590
sshkey_type(key->cert->signature_key), ca_fp,
usr.bin/ssh/auth2-pubkey.c
593
"serial=%llu: %s", key->cert->key_id,
usr.bin/ssh/auth2-pubkey.c
594
(unsigned long long)key->cert->serial, reason);
usr.bin/ssh/auth2-pubkey.c
601
"%s CA %s via %s", key->cert->key_id,
usr.bin/ssh/auth2-pubkey.c
602
(unsigned long long)key->cert->serial,
usr.bin/ssh/auth2-pubkey.c
603
sshkey_type(key->cert->signature_key), ca_fp,
usr.bin/ssh/auth2-pubkey.c
803
auth_key_is_revoked(key->cert->signature_key))
usr.bin/ssh/auth2-pubkeyfile.c
147
match_principals_option(const char *principal_list, struct sshkey_cert *cert)
usr.bin/ssh/auth2-pubkeyfile.c
156
for (i = 0; i < cert->nprincipals; i++) {
usr.bin/ssh/auth2-pubkeyfile.c
157
if (strcmp(entry, cert->principals[i]) == 0) {
usr.bin/ssh/auth2-pubkeyfile.c
175
auth_check_principals_line(char *cp, const struct sshkey_cert *cert,
usr.bin/ssh/auth2-pubkeyfile.c
209
for (i = 0; i < cert->nprincipals; i++) {
usr.bin/ssh/auth2-pubkeyfile.c
210
if (strcmp(cp, cert->principals[i]) != 0)
usr.bin/ssh/auth2-pubkeyfile.c
213
loc, cert->principals[i]);
usr.bin/ssh/auth2-pubkeyfile.c
226
const struct sshkey_cert *cert, struct sshauthopt **authoptsp)
usr.bin/ssh/auth2-pubkeyfile.c
253
if (auth_check_principals_line(cp, cert, loc, authoptsp) == 0)
usr.bin/ssh/auth2-pubkeyfile.c
312
if (!sshkey_equal(found, key->cert->signature_key) ||
usr.bin/ssh/auth2-pubkeyfile.c
366
!match_principals_option(keyopts->cert_principals, key->cert)) {
usr.bin/ssh/auth2-pubkeyfile.c
377
key->cert->key_id,
usr.bin/ssh/auth2-pubkeyfile.c
378
(unsigned long long)key->cert->serial,
usr.bin/ssh/auth2-pubkeyfile.c
394
"signed by %s CA %s via %s: %s", key->cert->key_id,
usr.bin/ssh/auth2-pubkeyfile.c
395
(unsigned long long)key->cert->serial,
usr.bin/ssh/auth2-pubkeyfile.c
396
sshkey_type(key->cert->signature_key), fp, loc, reason);
usr.bin/ssh/auth2-pubkeyfile.c
398
key->cert->key_id, (unsigned long long)key->cert->serial, reason);
usr.bin/ssh/authfile.c
308
struct sshkey *key = NULL, *cert = NULL;
usr.bin/ssh/authfile.c
328
(r = sshkey_load_cert(filename, &cert)) != 0)
usr.bin/ssh/authfile.c
332
if (sshkey_equal_public(key, cert) == 0) {
usr.bin/ssh/authfile.c
338
(r = sshkey_cert_copy(cert, key)) != 0)
usr.bin/ssh/authfile.c
347
sshkey_free(cert);
usr.bin/ssh/authfile.c
406
sshkey_compare(key->cert->signature_key, pub))) {
usr.bin/ssh/hostfile.c
325
sshkey_equal_public(k->cert->signature_key,
usr.bin/ssh/hostfile.c
376
if (sshkey_equal_public(k->cert->signature_key,
usr.bin/ssh/krl.c
1163
rki.key_id = key->cert->key_id;
usr.bin/ssh/krl.c
1174
if (key->cert->serial == 0)
usr.bin/ssh/krl.c
1178
rs.lo = rs.hi = key->cert->serial;
usr.bin/ssh/krl.c
1182
key->cert->serial, ers->lo, ers->hi));
usr.bin/ssh/krl.c
1233
if ((r = revoked_certs_for_ca_key(krl, key->cert->signature_key,
usr.bin/ssh/krl.c
1248
KRL_DBG(("%llu no match", key->cert->serial));
usr.bin/ssh/krl.c
1262
if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0)
usr.bin/ssh/krl.c
456
if (key->cert->serial == 0) {
usr.bin/ssh/krl.c
458
key->cert->signature_key,
usr.bin/ssh/krl.c
459
key->cert->key_id);
usr.bin/ssh/krl.c
462
key->cert->signature_key,
usr.bin/ssh/krl.c
463
key->cert->serial);
usr.bin/ssh/ssh-add.c
162
struct sshkey *public, *cert = NULL;
usr.bin/ssh/ssh-add.c
187
if ((r = sshkey_load_public(certpath, &cert, &comment)) != 0) {
usr.bin/ssh/ssh-add.c
193
if (!sshkey_equal_public(cert, public))
usr.bin/ssh/ssh-add.c
197
if (delete_one(agent_fd, cert, comment, certpath, qflag) == 0)
usr.bin/ssh/ssh-add.c
201
sshkey_free(cert);
usr.bin/ssh/ssh-add.c
249
check_cert_lifetime(const struct sshkey *cert, int cert_lifetime)
usr.bin/ssh/ssh-add.c
254
if (cert == NULL || cert->cert == NULL || !sshkey_is_cert(cert) ||
usr.bin/ssh/ssh-add.c
255
cert->cert->valid_before == 0xFFFFFFFFFFFFFFFFULL)
usr.bin/ssh/ssh-add.c
259
if ((uint64_t)now > (cert->cert->valid_before + CERT_EXPIRY_GRACE))
usr.bin/ssh/ssh-add.c
261
n = (CERT_EXPIRY_GRACE + cert->cert->valid_before) - (uint64_t)now;
usr.bin/ssh/ssh-add.c
274
struct sshkey *private = NULL, *cert = NULL;
usr.bin/ssh/ssh-add.c
394
if ((r = sshkey_load_public(certpath, &cert, NULL)) != 0) {
usr.bin/ssh/ssh-add.c
401
if (!sshkey_equal_public(cert, private)) {
usr.bin/ssh/ssh-add.c
409
(cert_lifetime = check_cert_lifetime(cert, cert_lifetime)) == -1) {
usr.bin/ssh/ssh-add.c
419
if ((r = sshkey_cert_copy(cert, private)) != 0) {
usr.bin/ssh/ssh-add.c
428
private->cert->key_id);
usr.bin/ssh/ssh-add.c
434
private->cert->key_id);
usr.bin/ssh/ssh-add.c
448
sshkey_free(cert);
usr.bin/ssh/ssh-agent.c
388
if (key->cert == NULL || key->cert->signature_key == NULL)
usr.bin/ssh/ssh-agent.c
390
if (!sshkey_equal(key->cert->signature_key, dch->keys[i]))
usr.bin/ssh/ssh-agent.c
395
key->cert->key_id, hostname, reason);
usr.bin/ssh/ssh-keygen.c
1788
public->cert->type = cert_key_type;
usr.bin/ssh/ssh-keygen.c
1789
public->cert->serial = (uint64_t)cert_serial;
usr.bin/ssh/ssh-keygen.c
1790
public->cert->key_id = xstrdup(cert_key_id);
usr.bin/ssh/ssh-keygen.c
1791
public->cert->nprincipals = n;
usr.bin/ssh/ssh-keygen.c
1792
public->cert->principals = plist;
usr.bin/ssh/ssh-keygen.c
1793
public->cert->valid_after = cert_valid_from;
usr.bin/ssh/ssh-keygen.c
1794
public->cert->valid_before = cert_valid_to;
usr.bin/ssh/ssh-keygen.c
1795
prepare_options_buf(public->cert->critical, OPTIONS_CRITICAL);
usr.bin/ssh/ssh-keygen.c
1796
prepare_options_buf(public->cert->extensions,
usr.bin/ssh/ssh-keygen.c
1799
&public->cert->signature_key)) != 0)
usr.bin/ssh/ssh-keygen.c
1832
sshkey_format_cert_validity(public->cert,
usr.bin/ssh/ssh-keygen.c
1836
out, public->cert->key_id,
usr.bin/ssh/ssh-keygen.c
1837
(unsigned long long)public->cert->serial,
usr.bin/ssh/ssh-keygen.c
2060
ca_fp = sshkey_fingerprint(key->cert->signature_key,
usr.bin/ssh/ssh-keygen.c
2064
sshkey_format_cert_validity(key->cert, valid, sizeof(valid));
usr.bin/ssh/ssh-keygen.c
2070
sshkey_type(key->cert->signature_key), ca_fp,
usr.bin/ssh/ssh-keygen.c
2071
key->cert->signature_type);
usr.bin/ssh/ssh-keygen.c
2072
printf(" Key ID: \"%s\"\n", key->cert->key_id);
usr.bin/ssh/ssh-keygen.c
2073
printf(" Serial: %llu\n", (unsigned long long)key->cert->serial);
usr.bin/ssh/ssh-keygen.c
2076
if (key->cert->nprincipals == 0)
usr.bin/ssh/ssh-keygen.c
2079
for (i = 0; i < key->cert->nprincipals; i++)
usr.bin/ssh/ssh-keygen.c
2081
key->cert->principals[i]);
usr.bin/ssh/ssh-keygen.c
2085
if (sshbuf_len(key->cert->critical) == 0)
usr.bin/ssh/ssh-keygen.c
2089
show_options(key->cert->critical, 1);
usr.bin/ssh/ssh-keygen.c
2092
if (sshbuf_len(key->cert->extensions) == 0)
usr.bin/ssh/ssh-keygen.c
2096
show_options(key->cert->extensions, 0);
usr.bin/ssh/sshconnect.c
1445
if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
usr.bin/ssh/sshconnect.c
1451
sshkey_format_cert_validity(host_key->cert,
usr.bin/ssh/sshconnect.c
1456
(unsigned long long)host_key->cert->serial,
usr.bin/ssh/sshconnect.c
1457
host_key->cert->key_id,
usr.bin/ssh/sshconnect.c
1458
sshkey_ssh_name(host_key->cert->signature_key), cafp,
usr.bin/ssh/sshconnect.c
1460
for (i = 0; i < host_key->cert->nprincipals; i++) {
usr.bin/ssh/sshconnect.c
1462
host_key->cert->principals[i]);
usr.bin/ssh/sshconnect2.c
1687
if (key && key->cert &&
usr.bin/ssh/sshconnect2.c
1688
key->cert->type != SSH2_CERT_TYPE_USER) {
usr.bin/ssh/sshconnect2.c
1710
if (!sshkey_is_cert(key) || key->cert == NULL ||
usr.bin/ssh/sshconnect2.c
1711
key->cert->type != SSH2_CERT_TYPE_USER) {
usr.bin/ssh/sshkey.c
1402
switch (k->cert->type) {
usr.bin/ssh/sshkey.c
1484
if (to_key == NULL || (from = from_key->cert) == NULL)
usr.bin/ssh/sshkey.c
1537
cert_free(to_key->cert);
usr.bin/ssh/sshkey.c
1538
to_key->cert = to;
usr.bin/ssh/sshkey.c
1821
if ((ret = sshbuf_putb(key->cert->certblob, certbuf)) != 0)
usr.bin/ssh/sshkey.c
1825
if ((ret = sshbuf_get_u64(b, &key->cert->serial)) != 0 ||
usr.bin/ssh/sshkey.c
1826
(ret = sshbuf_get_u32(b, &key->cert->type)) != 0 ||
usr.bin/ssh/sshkey.c
1827
(ret = sshbuf_get_cstring(b, &key->cert->key_id, &kidlen)) != 0 ||
usr.bin/ssh/sshkey.c
1829
(ret = sshbuf_get_u64(b, &key->cert->valid_after)) != 0 ||
usr.bin/ssh/sshkey.c
1830
(ret = sshbuf_get_u64(b, &key->cert->valid_before)) != 0 ||
usr.bin/ssh/sshkey.c
1841
signed_len = sshbuf_len(key->cert->certblob) - sshbuf_len(b);
usr.bin/ssh/sshkey.c
1848
if (key->cert->type != SSH2_CERT_TYPE_USER &&
usr.bin/ssh/sshkey.c
1849
key->cert->type != SSH2_CERT_TYPE_HOST) {
usr.bin/ssh/sshkey.c
1859
if (key->cert->nprincipals >= SSHKEY_CERT_MAX_PRINCIPALS) {
usr.bin/ssh/sshkey.c
1868
oprincipals = key->cert->principals;
usr.bin/ssh/sshkey.c
1869
key->cert->principals = recallocarray(key->cert->principals,
usr.bin/ssh/sshkey.c
1870
key->cert->nprincipals, key->cert->nprincipals + 1,
usr.bin/ssh/sshkey.c
1871
sizeof(*key->cert->principals));
usr.bin/ssh/sshkey.c
1872
if (key->cert->principals == NULL) {
usr.bin/ssh/sshkey.c
1874
key->cert->principals = oprincipals;
usr.bin/ssh/sshkey.c
1878
key->cert->principals[key->cert->nprincipals++] = principal;
usr.bin/ssh/sshkey.c
1885
if ((ret = sshbuf_putb(key->cert->critical, crit)) != 0 ||
usr.bin/ssh/sshkey.c
1887
(ret = sshbuf_putb(key->cert->extensions, exts)) != 0))
usr.bin/ssh/sshkey.c
1896
sshbuf_reset(key->cert->critical);
usr.bin/ssh/sshkey.c
1904
sshbuf_reset(key->cert->extensions);
usr.bin/ssh/sshkey.c
1911
if (sshkey_from_blob_internal(ca, &key->cert->signature_key, 0) != 0) {
usr.bin/ssh/sshkey.c
1915
if (!sshkey_type_is_valid_ca(key->cert->signature_key->type)) {
usr.bin/ssh/sshkey.c
1919
if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
usr.bin/ssh/sshkey.c
1920
sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0, NULL)) != 0)
usr.bin/ssh/sshkey.c
1923
&key->cert->signature_type)) != 0)
usr.bin/ssh/sshkey.c
195
return impl->cert;
usr.bin/ssh/sshkey.c
2084
if (key->cert == NULL || key->cert->signature_type == NULL)
usr.bin/ssh/sshkey.c
2086
if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1)
usr.bin/ssh/sshkey.c
2106
if (!impl->cert)
usr.bin/ssh/sshkey.c
2206
if ((k->cert = cert_new()) == NULL)
usr.bin/ssh/sshkey.c
2218
cert_free(k->cert);
usr.bin/ssh/sshkey.c
2219
k->cert = NULL;
usr.bin/ssh/sshkey.c
222
if (allow_short && !impl->cert && impl->shortname != NULL &&
usr.bin/ssh/sshkey.c
2235
struct sshbuf *cert = NULL;
usr.bin/ssh/sshkey.c
2238
if (k == NULL || k->cert == NULL ||
usr.bin/ssh/sshkey.c
2239
k->cert->certblob == NULL || ca == NULL)
usr.bin/ssh/sshkey.c
2253
alg = k->cert->signature_type;
usr.bin/ssh/sshkey.c
2254
else if (k->cert->signature_type != NULL &&
usr.bin/ssh/sshkey.c
2255
strcmp(alg, k->cert->signature_type) != 0)
usr.bin/ssh/sshkey.c
2268
cert = k->cert->certblob; /* for readability */
usr.bin/ssh/sshkey.c
2269
sshbuf_reset(cert);
usr.bin/ssh/sshkey.c
2270
if ((ret = sshbuf_put_cstring(cert, sshkey_ssh_name(k))) != 0)
usr.bin/ssh/sshkey.c
2275
if ((ret = sshbuf_put_string(cert, nonce, sizeof(nonce))) != 0)
usr.bin/ssh/sshkey.c
2279
if ((ret = impl->funcs->serialize_public(k, cert,
usr.bin/ssh/sshkey.c
2284
if ((ret = sshbuf_put_u64(cert, k->cert->serial)) != 0 ||
usr.bin/ssh/sshkey.c
2285
(ret = sshbuf_put_u32(cert, k->cert->type)) != 0 ||
usr.bin/ssh/sshkey.c
2286
(ret = sshbuf_put_cstring(cert, k->cert->key_id)) != 0)
usr.bin/ssh/sshkey.c
2293
for (i = 0; i < k->cert->nprincipals; i++) {
usr.bin/ssh/sshkey.c
2295
k->cert->principals[i])) != 0)
usr.bin/ssh/sshkey.c
2298
if ((ret = sshbuf_put_stringb(cert, principals)) != 0 ||
usr.bin/ssh/sshkey.c
2299
(ret = sshbuf_put_u64(cert, k->cert->valid_after)) != 0 ||
usr.bin/ssh/sshkey.c
2300
(ret = sshbuf_put_u64(cert, k->cert->valid_before)) != 0 ||
usr.bin/ssh/sshkey.c
2301
(ret = sshbuf_put_stringb(cert, k->cert->critical)) != 0 ||
usr.bin/ssh/sshkey.c
2302
(ret = sshbuf_put_stringb(cert, k->cert->extensions)) != 0 ||
usr.bin/ssh/sshkey.c
2303
(ret = sshbuf_put_string(cert, NULL, 0)) != 0 || /* Reserved */
usr.bin/ssh/sshkey.c
2304
(ret = sshbuf_put_string(cert, ca_blob, ca_len)) != 0)
usr.bin/ssh/sshkey.c
2308
if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),
usr.bin/ssh/sshkey.c
2309
sshbuf_len(cert), alg, sk_provider, sk_pin, 0, signer_ctx)) != 0)
usr.bin/ssh/sshkey.c
2318
if (k->cert->signature_type == NULL) {
usr.bin/ssh/sshkey.c
2319
k->cert->signature_type = sigtype;
usr.bin/ssh/sshkey.c
2323
if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0)
usr.bin/ssh/sshkey.c
2328
sshbuf_reset(cert);
usr.bin/ssh/sshkey.c
2370
if (k->cert->type != SSH2_CERT_TYPE_HOST) {
usr.bin/ssh/sshkey.c
2375
if (k->cert->type != SSH2_CERT_TYPE_USER) {
usr.bin/ssh/sshkey.c
2380
if (verify_time < k->cert->valid_after) {
usr.bin/ssh/sshkey.c
2384
if (verify_time >= k->cert->valid_before) {
usr.bin/ssh/sshkey.c
2388
if (k->cert->nprincipals == 0) {
usr.bin/ssh/sshkey.c
2396
for (i = 0; i < k->cert->nprincipals; i++) {
usr.bin/ssh/sshkey.c
2398
if (match_pattern(name, k->cert->principals[i])) {
usr.bin/ssh/sshkey.c
2402
} else if (strcmp(name, k->cert->principals[i]) == 0) {
usr.bin/ssh/sshkey.c
2439
if (sshbuf_len(key->cert->critical) != 0) {
usr.bin/ssh/sshkey.c
2452
sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l)
usr.bin/ssh/sshkey.c
2457
if (cert->valid_after == 0 &&
usr.bin/ssh/sshkey.c
2458
cert->valid_before == 0xffffffffffffffffULL)
usr.bin/ssh/sshkey.c
2461
if (cert->valid_after != 0)
usr.bin/ssh/sshkey.c
2462
format_absolute_time(cert->valid_after, from, sizeof(from));
usr.bin/ssh/sshkey.c
2463
if (cert->valid_before != 0xffffffffffffffffULL)
usr.bin/ssh/sshkey.c
2464
format_absolute_time(cert->valid_before, to, sizeof(to));
usr.bin/ssh/sshkey.c
2466
if (cert->valid_after == 0)
usr.bin/ssh/sshkey.c
2468
else if (cert->valid_before == 0xffffffffffffffffULL)
usr.bin/ssh/sshkey.c
2509
if (key->cert == NULL ||
usr.bin/ssh/sshkey.c
2510
sshbuf_len(key->cert->certblob) == 0) {
usr.bin/ssh/sshkey.c
2514
if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0)
usr.bin/ssh/sshkey.c
317
if ((certs_only && !impl->cert) || (plain_only && impl->cert))
usr.bin/ssh/sshkey.c
387
return !impl->cert;
usr.bin/ssh/sshkey.c
623
cert_free(struct sshkey_cert *cert)
usr.bin/ssh/sshkey.c
627
if (cert == NULL)
usr.bin/ssh/sshkey.c
629
sshbuf_free(cert->certblob);
usr.bin/ssh/sshkey.c
630
sshbuf_free(cert->critical);
usr.bin/ssh/sshkey.c
631
sshbuf_free(cert->extensions);
usr.bin/ssh/sshkey.c
632
free(cert->key_id);
usr.bin/ssh/sshkey.c
633
for (i = 0; i < cert->nprincipals; i++)
usr.bin/ssh/sshkey.c
634
free(cert->principals[i]);
usr.bin/ssh/sshkey.c
635
free(cert->principals);
usr.bin/ssh/sshkey.c
636
sshkey_free(cert->signature_key);
usr.bin/ssh/sshkey.c
637
free(cert->signature_type);
usr.bin/ssh/sshkey.c
638
freezero(cert, sizeof(*cert));
usr.bin/ssh/sshkey.c
644
struct sshkey_cert *cert;
usr.bin/ssh/sshkey.c
646
if ((cert = calloc(1, sizeof(*cert))) == NULL)
usr.bin/ssh/sshkey.c
648
if ((cert->certblob = sshbuf_new()) == NULL ||
usr.bin/ssh/sshkey.c
649
(cert->critical = sshbuf_new()) == NULL ||
usr.bin/ssh/sshkey.c
650
(cert->extensions = sshbuf_new()) == NULL) {
usr.bin/ssh/sshkey.c
651
cert_free(cert);
usr.bin/ssh/sshkey.c
654
cert->key_id = NULL;
usr.bin/ssh/sshkey.c
655
cert->principals = NULL;
usr.bin/ssh/sshkey.c
656
cert->signature_key = NULL;
usr.bin/ssh/sshkey.c
657
cert->signature_type = NULL;
usr.bin/ssh/sshkey.c
658
return cert;
usr.bin/ssh/sshkey.c
683
if ((k->cert = cert_new()) == NULL) {
usr.bin/ssh/sshkey.c
737
cert_free(k->cert);
usr.bin/ssh/sshkey.c
798
if (!cert_compare(a->cert, b->cert))
usr.bin/ssh/sshkey.c
831
if (key->cert == NULL)
usr.bin/ssh/sshkey.c
833
if (sshbuf_len(key->cert->certblob) == 0)
usr.bin/ssh/sshkey.c
836
if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
usr.bin/ssh/sshkey.h
127
struct sshkey_cert *cert;
usr.bin/ssh/sshkey.h
173
int cert;
usr.bin/ssh/sshsig.c
837
char **principalsp, const struct sshkey *cert, uint64_t verify_time)
usr.bin/ssh/sshsig.c
855
if ((r = sshkey_cert_check_authority(cert, 0, 0, verify_time,
usr.bin/ssh/sshsig.c
862
for (i = 0; i < cert->cert->nprincipals; i++) {
usr.bin/ssh/sshsig.c
863
if (match_pattern(cert->cert->principals[i], cp)) {
usr.bin/ssh/sshsig.c
866
cert->cert->principals[i])) != 0) {
usr.bin/ssh/sshsig.c
918
sshkey_equal_public(sign_key->cert->signature_key, found_key)) {
usr.sbin/acme-client/json.c
703
json_fmt_revokecert(const char *cert)
usr.sbin/acme-client/json.c
711
cert);
usr.sbin/acme-client/json.c
723
json_fmt_newcert(const char *cert)
usr.sbin/acme-client/json.c
731
cert);
usr.sbin/acme-client/main.c
108
tmps = domain->cert ? domain->cert : domain->fullchain;
usr.sbin/acme-client/main.c
320
c = fileproc(file_fds[1], certdir, domain->cert, domain->chain,
usr.sbin/acme-client/main.c
352
c = revokeproc(rvk_fds[0], domain->cert != NULL ? domain->cert :
usr.sbin/acme-client/netproc.c
664
dorevoke(struct conn *c, const char *addr, const char *cert)
usr.sbin/acme-client/netproc.c
672
if ((req = json_fmt_revokecert(cert)) == NULL)
usr.sbin/acme-client/netproc.c
730
char *cert = NULL, *thumb = NULL, *error = NULL;
usr.sbin/acme-client/netproc.c
820
if ((cert = readstr(rfd, COMM_CSR)) == NULL)
usr.sbin/acme-client/netproc.c
822
if (!dorevoke(&c, paths.revokecert, cert))
usr.sbin/acme-client/netproc.c
913
if ((cert = readstr(kfd, COMM_CERT)) == NULL)
usr.sbin/acme-client/netproc.c
915
if (!docert(&c, order.finalize, cert))
usr.sbin/acme-client/netproc.c
978
free(cert);
usr.sbin/acme-client/parse.h
59
char *cert;
usr.sbin/acme-client/parse.y
1132
if (d->cert != NULL)
usr.sbin/acme-client/parse.y
1133
printf("\tdomain certificate \"%s\"\n", d->cert);
usr.sbin/acme-client/parse.y
289
if (domain->cert == NULL && domain->fullchain == NULL) {
usr.sbin/acme-client/parse.y
355
if (domain->cert != NULL) {
usr.sbin/acme-client/parse.y
371
domain->cert = s;
usr.sbin/ldapd/parse.y
1016
host_dns(const char *s, const char *cert,
usr.sbin/ldapd/parse.y
1049
if (cert != NULL)
usr.sbin/ldapd/parse.y
1050
(void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
usr.sbin/ldapd/parse.y
1073
host(const char *s, const char *cert, struct listenerlist *al,
usr.sbin/ldapd/parse.y
1094
if (cert != NULL)
usr.sbin/ldapd/parse.y
1095
strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
usr.sbin/ldapd/parse.y
1101
return (host_dns(s, cert, al, port, flags));
usr.sbin/ldapd/parse.y
1105
interface(const char *s, const char *cert,
usr.sbin/ldapd/parse.y
1137
if (cert != NULL)
usr.sbin/ldapd/parse.y
1138
(void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
usr.sbin/ldapd/parse.y
1158
if (cert != NULL)
usr.sbin/ldapd/parse.y
1159
(void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
usr.sbin/ldapd/parse.y
188
char *cert;
usr.sbin/ldapd/parse.y
197
cert = ($6 != NULL) ? $6 : $3;
usr.sbin/ldapd/parse.y
200
load_certfile(conf, cert, F_SCERT, $5) < 0) {
usr.sbin/ldapd/parse.y
201
yyerror("cannot load certificate: %s", cert);
usr.sbin/ldapd/parse.y
207
if (! interface($3, cert, &conf->listeners,
usr.sbin/ldapd/parse.y
209
if (host($3, cert, &conf->listeners,
usr.sbin/nsd/options.c
2244
const char *acl_cert_cn, size_t acl_cert_cn_len, const X509 *cert)
usr.sbin/nsd/options.c
2251
san_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
usr.sbin/nsd/options.c
2300
const char *acl_cert_cn, size_t acl_cert_cn_len, const X509 *cert)
usr.sbin/nsd/options.c
2309
if ((subject_name = X509_get_subject_name(cert)) == NULL)
usr.sbin/nsd/simdzone/src/generic/cert.h
114
uint16_t cert;
usr.sbin/nsd/simdzone/src/generic/cert.h
115
if (!scan_certificate_type(token->data, token->length, &cert))
usr.sbin/nsd/simdzone/src/generic/cert.h
117
cert = htobe16(cert);
usr.sbin/nsd/simdzone/src/generic/cert.h
118
memcpy(rdata->octets, &cert, 2);
usr.sbin/nsd/xfrd-tcp.c
123
X509_free(cert);
usr.sbin/nsd/xfrd-tcp.c
42
X509* cert = NULL;
usr.sbin/nsd/xfrd-tcp.c
59
cert = SSL_get1_peer_certificate(ssl);
usr.sbin/nsd/xfrd-tcp.c
61
cert = SSL_get_peer_certificate(ssl);
usr.sbin/nsd/xfrd-tcp.c
64
if (!cert) {
usr.sbin/nsd/xfrd-tcp.c
69
serial = X509_get_serialNumber(cert);
usr.sbin/nsd/xfrd-tcp.c
84
if (X509_pubkey_digest(cert, md, key_fingerprint, &key_fingerprint_len) == 1 && key_fingerprint_len >= 8) {
usr.sbin/nsd/xfrd-tcp.c
94
pkey = X509_get_pubkey(cert);
usr.sbin/ocspcheck/ocspcheck.c
301
const X509 *cert;
usr.sbin/ocspcheck/ocspcheck.c
304
cert = cert_from_chain(fullchain);
usr.sbin/ocspcheck/ocspcheck.c
305
if ((issuer_name = X509_get_issuer_name(cert)) == NULL)
usr.sbin/ocspcheck/ocspcheck.c
314
X509 *cert;
usr.sbin/ocspcheck/ocspcheck.c
344
if ((cert = cert_from_chain(request->fullchain)) == NULL) {
usr.sbin/ocspcheck/ocspcheck.c
353
urls = X509_get1_ocsp(cert);
usr.sbin/ocspcheck/ocspcheck.c
364
if ((id = OCSP_cert_to_id(cert_id_md, cert, issuer)) == NULL) {
usr.sbin/ocspcheck/ocspcheck.c
414
const X509 *cert, *issuer;
usr.sbin/ocspcheck/ocspcheck.c
417
if ((cert = cert_from_chain(request->fullchain)) == NULL) {
usr.sbin/ocspcheck/ocspcheck.c
425
if ((cid = OCSP_cert_to_id(NULL, cert, issuer)) == NULL) {
usr.sbin/relayd/ca.c
106
struct relay_cert *cert;
usr.sbin/relayd/ca.c
110
TAILQ_FOREACH(cert, env->sc_certs, cert_entry) {
usr.sbin/relayd/ca.c
111
if (cert->cert_fd == -1 || cert->cert_key_fd == -1)
usr.sbin/relayd/ca.c
114
if ((buf = relay_load_fd(cert->cert_fd, &len)) == NULL)
usr.sbin/relayd/ca.c
130
if ((buf = relay_load_fd(cert->cert_key_fd, &len)) == NULL)
usr.sbin/relayd/ca.c
140
cert->cert_pkey = pkey;
usr.sbin/relayd/ca.c
76
hash_x509(X509 *cert, char *hash, size_t hashlen)
usr.sbin/relayd/ca.c
83
if (X509_pubkey_digest(cert, EVP_sha256(), digest, &dlen) != 1)
usr.sbin/relayd/config.c
1006
TAILQ_FOREACH(cert, env->sc_certs, cert_entry) {
usr.sbin/relayd/config.c
1007
if (cert->cert_relayid != rlay->rl_conf.id)
usr.sbin/relayd/config.c
1010
if (cert->cert_fd != -1) {
usr.sbin/relayd/config.c
1011
close(cert->cert_fd);
usr.sbin/relayd/config.c
1012
cert->cert_fd = -1;
usr.sbin/relayd/config.c
1014
if (cert->cert_key_fd != -1) {
usr.sbin/relayd/config.c
1015
close(cert->cert_key_fd);
usr.sbin/relayd/config.c
1016
cert->cert_key_fd = -1;
usr.sbin/relayd/config.c
1018
if (cert->cert_ocsp_fd != -1) {
usr.sbin/relayd/config.c
1019
close(cert->cert_ocsp_fd);
usr.sbin/relayd/config.c
1020
cert->cert_ocsp_fd = -1;
usr.sbin/relayd/config.c
1135
struct relay_cert *cert;
usr.sbin/relayd/config.c
1145
if ((cert = cert_find(env, crfd.id)) == NULL) {
usr.sbin/relayd/config.c
1146
if ((cert = cert_add(env, crfd.id)) == NULL)
usr.sbin/relayd/config.c
1148
cert->cert_relayid = crfd.relayid;
usr.sbin/relayd/config.c
1161
cert->cert_fd = imsg_get_fd(imsg);
usr.sbin/relayd/config.c
1164
cert->cert_key_fd = imsg_get_fd(imsg);
usr.sbin/relayd/config.c
1167
cert->cert_ocsp_fd = imsg_get_fd(imsg);
usr.sbin/relayd/config.c
825
struct relay_cert *cert;
usr.sbin/relayd/config.c
891
TAILQ_FOREACH(cert, env->sc_certs, cert_entry) {
usr.sbin/relayd/config.c
892
if (cert->cert_relayid != rlay->rl_conf.id)
usr.sbin/relayd/config.c
897
if (cert->cert_fd != -1 &&
usr.sbin/relayd/config.c
899
cert->cert_id, cert->cert_relayid,
usr.sbin/relayd/config.c
900
RELAY_FD_CERT, cert->cert_fd) == -1) {
usr.sbin/relayd/config.c
907
cert->cert_ocsp_fd != -1 &&
usr.sbin/relayd/config.c
909
cert->cert_id, cert->cert_relayid,
usr.sbin/relayd/config.c
910
RELAY_FD_OCSP, cert->cert_ocsp_fd) == -1) {
usr.sbin/relayd/config.c
917
cert->cert_key_fd != -1 &&
usr.sbin/relayd/config.c
919
cert->cert_id, cert->cert_relayid,
usr.sbin/relayd/config.c
920
RELAY_FD_KEY, cert->cert_key_fd) == -1) {
usr.sbin/relayd/relay.c
2148
struct relay_cert *cert;
usr.sbin/relayd/relay.c
2207
TAILQ_FOREACH(cert, env->sc_certs, cert_entry) {
usr.sbin/relayd/relay.c
2208
if (cert->cert_relayid != rlay->rl_conf.id ||
usr.sbin/relayd/relay.c
2209
cert->cert_fd == -1)
usr.sbin/relayd/relay.c
2213
if ((buf = relay_load_fd(cert->cert_fd,
usr.sbin/relayd/relay.c
2218
cert->cert_fd = -1;
usr.sbin/relayd/relay.c
2220
if (cert->cert_ocsp_fd != -1 &&
usr.sbin/relayd/relay.c
2221
(ocspbuf = relay_load_fd(cert->cert_ocsp_fd,
usr.sbin/relayd/relay.c
2228
cert->cert_ocsp_fd = -1;
usr.sbin/relayd/relayd.c
1274
struct relay_cert *cert;
usr.sbin/relayd/relayd.c
1276
if ((cert = calloc(1, sizeof(*cert))) == NULL)
usr.sbin/relayd/relayd.c
1283
free(cert);
usr.sbin/relayd/relayd.c
1287
cert->cert_id = id;
usr.sbin/relayd/relayd.c
1288
cert->cert_fd = -1;
usr.sbin/relayd/relayd.c
1289
cert->cert_key_fd = -1;
usr.sbin/relayd/relayd.c
1290
cert->cert_ocsp_fd = -1;
usr.sbin/relayd/relayd.c
1292
TAILQ_INSERT_TAIL(env->sc_certs, cert, cert_entry);
usr.sbin/relayd/relayd.c
1294
return (cert);
usr.sbin/relayd/relayd.c
1300
struct relay_cert *cert;
usr.sbin/relayd/relayd.c
1302
TAILQ_FOREACH(cert, env->sc_certs, cert_entry)
usr.sbin/relayd/relayd.c
1303
if (cert->cert_id == id)
usr.sbin/relayd/relayd.c
1304
return (cert);
usr.sbin/relayd/relayd.c
1343
struct relay_cert *cert;
usr.sbin/relayd/relayd.c
1429
if ((cert = cert_add(env, 0)) == NULL)
usr.sbin/relayd/relayd.c
1432
cert->cert_relayid = rlay->rl_conf.id;
usr.sbin/relayd/relayd.c
1433
cert->cert_fd = cert_fd;
usr.sbin/relayd/relayd.c
1434
cert->cert_key_fd = key_fd;
usr.sbin/relayd/relayd.c
1435
cert->cert_ocsp_fd = ocsp_fd;
usr.sbin/relayd/relayd.c
569
struct relay_cert *cert, *tmpcert;
usr.sbin/relayd/relayd.c
612
TAILQ_FOREACH_SAFE(cert, env->sc_certs, cert_entry, tmpcert) {
usr.sbin/relayd/relayd.c
613
if (rlay->rl_conf.id != cert->cert_relayid)
usr.sbin/relayd/relayd.c
615
if (cert->cert_fd != -1)
usr.sbin/relayd/relayd.c
616
close(cert->cert_fd);
usr.sbin/relayd/relayd.c
617
if (cert->cert_key_fd != -1)
usr.sbin/relayd/relayd.c
618
close(cert->cert_key_fd);
usr.sbin/relayd/relayd.c
619
if (cert->cert_ocsp_fd != -1)
usr.sbin/relayd/relayd.c
620
close(cert->cert_ocsp_fd);
usr.sbin/relayd/relayd.c
621
if (cert->cert_pkey != NULL)
usr.sbin/relayd/relayd.c
622
EVP_PKEY_free(cert->cert_pkey);
usr.sbin/relayd/relayd.c
623
TAILQ_REMOVE(env->sc_certs, cert, cert_entry);
usr.sbin/relayd/relayd.c
624
free(cert);
usr.sbin/relayd/relayd.h
1300
void hash_x509(X509 *cert, char *hash, size_t hashlen);
usr.sbin/relayd/ssl.c
104
X509 *cert = NULL;
usr.sbin/relayd/ssl.c
112
if ((cert = PEM_read_bio_X509(in, NULL,
usr.sbin/relayd/ssl.c
122
if (!X509_NAME_oneline(X509_get_subject_name(cert),
usr.sbin/relayd/ssl.c
124
!X509_NAME_oneline(X509_get_issuer_name(cert),
usr.sbin/relayd/ssl.c
128
if ((cert = X509_dup(cert)) == NULL)
usr.sbin/relayd/ssl.c
132
X509_set_pubkey(cert, pkey);
usr.sbin/relayd/ssl.c
133
X509_set_issuer_name(cert, X509_get_subject_name(cacert));
usr.sbin/relayd/ssl.c
136
if (!X509_sign(cert, capkey, EVP_sha256())) {
usr.sbin/relayd/ssl.c
145
X509_print_fp(stdout, cert);
usr.sbin/relayd/ssl.c
155
if (!PEM_write_bio_X509(out, cert)) {
usr.sbin/relayd/ssl.c
172
if (cert)
usr.sbin/relayd/ssl.c
173
X509_free(cert);
usr.sbin/rpki-client/aspa.c
160
aspa_parse(struct cert **out_cert, const char *fn, int talid,
usr.sbin/rpki-client/aspa.c
164
struct cert *cert = NULL;
usr.sbin/rpki-client/aspa.c
172
cms = cms_parse_validate(&cert, fn, talid, der, len, aspa_oid, &cmsz,
usr.sbin/rpki-client/aspa.c
181
if (cert->num_ips > 0) {
usr.sbin/rpki-client/aspa.c
186
if (x509_any_inherits(cert->x509)) {
usr.sbin/rpki-client/aspa.c
194
aspa->valid = valid_aspa(fn, cert, aspa);
usr.sbin/rpki-client/aspa.c
196
*out_cert = cert;
usr.sbin/rpki-client/aspa.c
197
cert = NULL;
usr.sbin/rpki-client/aspa.c
205
cert_free(cert);
usr.sbin/rpki-client/ccr.c
697
ccr_insert_tas(struct ccr_tas_tree *tree, const struct cert *cert)
usr.sbin/rpki-client/ccr.c
701
assert(cert->purpose == CERT_PURPOSE_TA);
usr.sbin/rpki-client/ccr.c
706
if ((hex_decode(cert->ski, cts->keyid, sizeof(cts->keyid))) != 0)
usr.sbin/rpki-client/ccr.c
714
ccr_insert_mft_sub(struct ccr_mft_tree *tree, const struct cert *cert)
usr.sbin/rpki-client/ccr.c
719
assert(cert->purpose == CERT_PURPOSE_CA);
usr.sbin/rpki-client/ccr.c
721
memcpy(needle.hash, cert->mfthash, sizeof(cert->mfthash));
usr.sbin/rpki-client/ccr.c
729
if (hex_decode(cert->ski, sub->ski, sizeof(sub->ski)) != 0)
usr.sbin/rpki-client/cert.c
1237
sbgp_ipaddrblocks(const char *fn, struct cert *cert, const X509_EXTENSION *ext)
usr.sbin/rpki-client/cert.c
1255
if (!sbgp_parse_ipaddrblocks(fn, addrs, &cert->ips, &cert->num_ips))
usr.sbin/rpki-client/cert.c
1258
if (cert->num_ips == 0) {
usr.sbin/rpki-client/cert.c
131
cert->purpose = CERT_PURPOSE_TA;
usr.sbin/rpki-client/cert.c
133
cert->purpose = CERT_PURPOSE_CA;
usr.sbin/rpki-client/cert.c
1360
cert_as_inherit(const struct cert *cert)
usr.sbin/rpki-client/cert.c
1362
if (cert->num_ases != 1)
usr.sbin/rpki-client/cert.c
1365
return cert->ases[0].type == CERT_AS_INHERIT;
usr.sbin/rpki-client/cert.c
1369
cert_has_one_as(const struct cert *cert)
usr.sbin/rpki-client/cert.c
1371
if (cert->num_ases != 1)
usr.sbin/rpki-client/cert.c
1374
return cert->ases[0].type == CERT_AS_ID;
usr.sbin/rpki-client/cert.c
1469
sbgp_asids(const char *fn, struct cert *cert, const X509_EXTENSION *ext)
usr.sbin/rpki-client/cert.c
1487
if (!sbgp_parse_asids(fn, asidentifiers, &cert->ases, &cert->num_ases))
usr.sbin/rpki-client/cert.c
1509
cert_parse_extensions(const char *fn, struct cert *cert)
usr.sbin/rpki-client/cert.c
1511
X509 *x = cert->x509;
usr.sbin/rpki-client/cert.c
1519
assert(cert->purpose != CERT_PURPOSE_INVALID);
usr.sbin/rpki-client/cert.c
1544
if (!cert_ski(fn, cert, ext))
usr.sbin/rpki-client/cert.c
1550
if (!cert_aki(fn, cert, ext))
usr.sbin/rpki-client/cert.c
1566
if (!cert_crldp(fn, cert, ext))
usr.sbin/rpki-client/cert.c
1572
if (!cert_aia(fn, cert, ext))
usr.sbin/rpki-client/cert.c
1578
if (!cert_sia(fn, cert, ext))
usr.sbin/rpki-client/cert.c
1584
if (!cert_policies(fn, cert, ext))
usr.sbin/rpki-client/cert.c
1590
if (!sbgp_ipaddrblocks(fn, cert, ext))
usr.sbin/rpki-client/cert.c
1596
if (!sbgp_asids(fn, cert, ext))
usr.sbin/rpki-client/cert.c
1627
if (cert->purpose == CERT_PURPOSE_TA ||
usr.sbin/rpki-client/cert.c
1628
cert->purpose == CERT_PURPOSE_CA) {
usr.sbin/rpki-client/cert.c
1634
if (cert->purpose != CERT_PURPOSE_TA &&
usr.sbin/rpki-client/cert.c
1635
cert->purpose != CERT_PURPOSE_CA) {
usr.sbin/rpki-client/cert.c
1649
if (cert->purpose != CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
165
cert->purpose = CERT_PURPOSE_EE; /* EKU absent */
usr.sbin/rpki-client/cert.c
1655
if (cert->purpose == CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
1656
if (strcmp(cert->ski, cert->aki) != 0) {
usr.sbin/rpki-client/cert.c
1662
if (strcmp(cert->ski, cert->aki) == 0) {
usr.sbin/rpki-client/cert.c
1676
if (cert->purpose == CERT_PURPOSE_BGPSEC_ROUTER) {
usr.sbin/rpki-client/cert.c
1682
if (cert->purpose != CERT_PURPOSE_BGPSEC_ROUTER) {
usr.sbin/rpki-client/cert.c
1690
if (cert->purpose != CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
1696
if (cert->purpose == CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
1704
if (cert->purpose != CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
1710
if (cert->purpose == CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
1723
if (filemode && cert->purpose == CERT_PURPOSE_EE) {
usr.sbin/rpki-client/cert.c
1729
} else if (cert->purpose != CERT_PURPOSE_BGPSEC_ROUTER) {
usr.sbin/rpki-client/cert.c
1734
if (cert->purpose == CERT_PURPOSE_BGPSEC_ROUTER) {
usr.sbin/rpki-client/cert.c
1752
if (cert->purpose == CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
1753
if (x509_any_inherits(cert->x509)) {
usr.sbin/rpki-client/cert.c
1758
if (cert->num_ips == 0 && cert->num_ases == 0) {
usr.sbin/rpki-client/cert.c
1765
if (cert->purpose == CERT_PURPOSE_BGPSEC_ROUTER) {
usr.sbin/rpki-client/cert.c
1776
if (cert_as_inherit(cert)) {
usr.sbin/rpki-client/cert.c
1782
if (!cert_has_one_as(cert)) {
usr.sbin/rpki-client/cert.c
1798
static struct cert *
usr.sbin/rpki-client/cert.c
180
cert->purpose = CERT_PURPOSE_BGPSEC_ROUTER;
usr.sbin/rpki-client/cert.c
1801
struct cert *cert;
usr.sbin/rpki-client/cert.c
1805
if ((cert = calloc(1, sizeof(*cert))) == NULL)
usr.sbin/rpki-client/cert.c
1807
cert->x509 = x;
usr.sbin/rpki-client/cert.c
1813
if (!cert_check_purpose(fn, cert))
usr.sbin/rpki-client/cert.c
1828
if (!cert_check_sigalg(fn, cert))
usr.sbin/rpki-client/cert.c
1831
if (!cert_check_subject_and_issuer(fn, cert))
usr.sbin/rpki-client/cert.c
1834
if (!cert_check_validity_period(fn, cert))
usr.sbin/rpki-client/cert.c
1837
if (!cert_check_spki(fn, cert))
usr.sbin/rpki-client/cert.c
1851
if (!cert_parse_extensions(fn, cert))
usr.sbin/rpki-client/cert.c
1854
return cert;
usr.sbin/rpki-client/cert.c
1857
cert_free(cert);
usr.sbin/rpki-client/cert.c
186
assert(cert->purpose == CERT_PURPOSE_INVALID);
usr.sbin/rpki-client/cert.c
1867
struct cert *
usr.sbin/rpki-client/cert.c
1870
struct cert *cert = NULL;
usr.sbin/rpki-client/cert.c
1875
if ((cert = cert_parse_internal(fn, x)) == NULL)
usr.sbin/rpki-client/cert.c
1877
cert->talid = talid;
usr.sbin/rpki-client/cert.c
1879
if (cert->purpose != CERT_PURPOSE_EE) {
usr.sbin/rpki-client/cert.c
1881
purpose2str(cert->purpose));
usr.sbin/rpki-client/cert.c
1885
if (!constraints_validate(fn, cert))
usr.sbin/rpki-client/cert.c
1888
return cert;
usr.sbin/rpki-client/cert.c
1891
cert_free(cert);
usr.sbin/rpki-client/cert.c
1900
static struct cert *
usr.sbin/rpki-client/cert.c
1903
struct cert *cert = NULL;
usr.sbin/rpki-client/cert.c
191
return cert->purpose != CERT_PURPOSE_INVALID;
usr.sbin/rpki-client/cert.c
1921
if ((cert = cert_parse_internal(fn, x)) == NULL)
usr.sbin/rpki-client/cert.c
1925
return cert;
usr.sbin/rpki-client/cert.c
1928
cert_free(cert);
usr.sbin/rpki-client/cert.c
1938
struct cert *
usr.sbin/rpki-client/cert.c
1941
struct cert *cert = NULL;
usr.sbin/rpki-client/cert.c
1947
if ((cert = cert_deserialize_and_parse(fn, der, len)) == NULL)
usr.sbin/rpki-client/cert.c
195
cert_check_sigalg(const char *fn, const struct cert *cert)
usr.sbin/rpki-client/cert.c
1950
if (cert->purpose != CERT_PURPOSE_CA &&
usr.sbin/rpki-client/cert.c
1951
cert->purpose != CERT_PURPOSE_BGPSEC_ROUTER) {
usr.sbin/rpki-client/cert.c
1953
fn, purpose2str(cert->purpose));
usr.sbin/rpki-client/cert.c
1957
return cert;
usr.sbin/rpki-client/cert.c
1960
cert_free(cert);
usr.sbin/rpki-client/cert.c
1969
struct cert *
usr.sbin/rpki-client/cert.c
197
const X509 *x = cert->x509;
usr.sbin/rpki-client/cert.c
1972
struct cert *cert = NULL;
usr.sbin/rpki-client/cert.c
1978
if ((cert = cert_deserialize_and_parse(fn, der, len)) == NULL)
usr.sbin/rpki-client/cert.c
1981
if (cert->purpose == CERT_PURPOSE_EE) {
usr.sbin/rpki-client/cert.c
1986
return cert;
usr.sbin/rpki-client/cert.c
1989
cert_free(cert);
usr.sbin/rpki-client/cert.c
1999
ta_check_pubkey(const char *fn, struct cert *cert, const unsigned char *spki,
usr.sbin/rpki-client/cert.c
2015
if ((cert_pkey = X509_get0_pubkey(cert->x509)) == NULL) {
usr.sbin/rpki-client/cert.c
2029
if (X509_verify(cert->x509, tal_pkey) != 1) {
usr.sbin/rpki-client/cert.c
2041
ta_check_validity(const char *fn, struct cert *cert)
usr.sbin/rpki-client/cert.c
2045
if (cert->notbefore > now) {
usr.sbin/rpki-client/cert.c
2049
if (cert->notafter < now) {
usr.sbin/rpki-client/cert.c
2063
struct cert *
usr.sbin/rpki-client/cert.c
2064
ta_validate(const char *fn, struct cert *cert, const unsigned char *spki,
usr.sbin/rpki-client/cert.c
2067
if (cert == NULL)
usr.sbin/rpki-client/cert.c
2070
if (cert->purpose != CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
2072
purpose2str(cert->purpose));
usr.sbin/rpki-client/cert.c
2076
if (!ta_check_pubkey(fn, cert, spki, spkisz))
usr.sbin/rpki-client/cert.c
2078
if (!ta_check_validity(fn, cert))
usr.sbin/rpki-client/cert.c
2081
return cert;
usr.sbin/rpki-client/cert.c
2084
cert_free(cert);
usr.sbin/rpki-client/cert.c
2093
struct cert *
usr.sbin/rpki-client/cert.c
2097
struct cert *cert = NULL;
usr.sbin/rpki-client/cert.c
2103
if ((cert = cert_deserialize_and_parse(fn, der, len)) == NULL)
usr.sbin/rpki-client/cert.c
2106
return ta_validate(fn, cert, spki, spkisz);
usr.sbin/rpki-client/cert.c
2114
cert_free(struct cert *cert)
usr.sbin/rpki-client/cert.c
2116
if (cert == NULL)
usr.sbin/rpki-client/cert.c
2119
free(cert->crl);
usr.sbin/rpki-client/cert.c
2120
free(cert->repo);
usr.sbin/rpki-client/cert.c
2121
free(cert->path);
usr.sbin/rpki-client/cert.c
2122
free(cert->mft);
usr.sbin/rpki-client/cert.c
2123
free(cert->notify);
usr.sbin/rpki-client/cert.c
2124
free(cert->signedobj);
usr.sbin/rpki-client/cert.c
2125
free(cert->ips);
usr.sbin/rpki-client/cert.c
2126
free(cert->ases);
usr.sbin/rpki-client/cert.c
2127
free(cert->aia);
usr.sbin/rpki-client/cert.c
2128
free(cert->aki);
usr.sbin/rpki-client/cert.c
2129
free(cert->ski);
usr.sbin/rpki-client/cert.c
2130
free(cert->pubkey);
usr.sbin/rpki-client/cert.c
2131
X509_free(cert->x509);
usr.sbin/rpki-client/cert.c
2132
free(cert);
usr.sbin/rpki-client/cert.c
2140
cert_buffer(struct ibuf *b, const struct cert *cert)
usr.sbin/rpki-client/cert.c
2142
io_simple_buffer(b, &cert->notafter, sizeof(cert->notafter));
usr.sbin/rpki-client/cert.c
2143
io_simple_buffer(b, &cert->purpose, sizeof(cert->purpose));
usr.sbin/rpki-client/cert.c
2144
io_simple_buffer(b, &cert->talid, sizeof(cert->talid));
usr.sbin/rpki-client/cert.c
2145
io_simple_buffer(b, &cert->certid, sizeof(cert->certid));
usr.sbin/rpki-client/cert.c
2146
io_simple_buffer(b, &cert->repoid, sizeof(cert->repoid));
usr.sbin/rpki-client/cert.c
2147
io_simple_buffer(b, &cert->num_ips, sizeof(cert->num_ips));
usr.sbin/rpki-client/cert.c
2148
io_simple_buffer(b, &cert->num_ases, sizeof(cert->num_ases));
usr.sbin/rpki-client/cert.c
2150
io_simple_buffer(b, cert->ips, cert->num_ips * sizeof(cert->ips[0]));
usr.sbin/rpki-client/cert.c
2151
io_simple_buffer(b, cert->ases, cert->num_ases * sizeof(cert->ases[0]));
usr.sbin/rpki-client/cert.c
2153
io_str_buffer(b, cert->path);
usr.sbin/rpki-client/cert.c
2155
if (cert->purpose == CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
2156
io_str_buffer(b, cert->mft);
usr.sbin/rpki-client/cert.c
2157
io_opt_str_buffer(b, cert->notify);
usr.sbin/rpki-client/cert.c
2158
io_str_buffer(b, cert->repo);
usr.sbin/rpki-client/cert.c
2160
io_opt_str_buffer(b, cert->aki);
usr.sbin/rpki-client/cert.c
2161
io_str_buffer(b, cert->ski);
usr.sbin/rpki-client/cert.c
2162
} else if (cert->purpose == CERT_PURPOSE_CA) {
usr.sbin/rpki-client/cert.c
2163
io_str_buffer(b, cert->mft);
usr.sbin/rpki-client/cert.c
2164
io_opt_str_buffer(b, cert->notify);
usr.sbin/rpki-client/cert.c
2165
io_str_buffer(b, cert->repo);
usr.sbin/rpki-client/cert.c
2166
io_str_buffer(b, cert->crl);
usr.sbin/rpki-client/cert.c
2167
io_str_buffer(b, cert->aia);
usr.sbin/rpki-client/cert.c
2168
io_str_buffer(b, cert->aki);
usr.sbin/rpki-client/cert.c
2169
io_str_buffer(b, cert->ski);
usr.sbin/rpki-client/cert.c
2170
io_simple_buffer(b, &cert->mfthash, sizeof(cert->mfthash));
usr.sbin/rpki-client/cert.c
2171
} else if (cert->purpose == CERT_PURPOSE_BGPSEC_ROUTER) {
usr.sbin/rpki-client/cert.c
2173
io_str_buffer(b, cert->crl);
usr.sbin/rpki-client/cert.c
2174
io_str_buffer(b, cert->aia);
usr.sbin/rpki-client/cert.c
2175
io_str_buffer(b, cert->aki);
usr.sbin/rpki-client/cert.c
2176
io_str_buffer(b, cert->ski);
usr.sbin/rpki-client/cert.c
2177
io_str_buffer(b, cert->pubkey);
usr.sbin/rpki-client/cert.c
2180
purpose2str(cert->purpose));
usr.sbin/rpki-client/cert.c
2189
struct cert *
usr.sbin/rpki-client/cert.c
2192
struct cert *cert;
usr.sbin/rpki-client/cert.c
2194
if ((cert = calloc(1, sizeof(struct cert))) == NULL)
usr.sbin/rpki-client/cert.c
2197
io_read_buf(b, &cert->notafter, sizeof(cert->notafter));
usr.sbin/rpki-client/cert.c
2198
io_read_buf(b, &cert->purpose, sizeof(cert->purpose));
usr.sbin/rpki-client/cert.c
2199
io_read_buf(b, &cert->talid, sizeof(cert->talid));
usr.sbin/rpki-client/cert.c
2200
io_read_buf(b, &cert->certid, sizeof(cert->certid));
usr.sbin/rpki-client/cert.c
2201
io_read_buf(b, &cert->repoid, sizeof(cert->repoid));
usr.sbin/rpki-client/cert.c
2202
io_read_buf(b, &cert->num_ips, sizeof(cert->num_ips));
usr.sbin/rpki-client/cert.c
2203
io_read_buf(b, &cert->num_ases, sizeof(cert->num_ases));
usr.sbin/rpki-client/cert.c
2205
if (cert->num_ips > 0) {
usr.sbin/rpki-client/cert.c
2206
cert->ips = calloc(cert->num_ips, sizeof(cert->ips[0]));
usr.sbin/rpki-client/cert.c
2207
if (cert->ips == NULL)
usr.sbin/rpki-client/cert.c
2209
io_read_buf(b, cert->ips,
usr.sbin/rpki-client/cert.c
2210
cert->num_ips * sizeof(cert->ips[0]));
usr.sbin/rpki-client/cert.c
2213
if (cert->num_ases > 0) {
usr.sbin/rpki-client/cert.c
2214
cert->ases = calloc(cert->num_ases, sizeof(cert->ases[0]));
usr.sbin/rpki-client/cert.c
2215
if (cert->ases == NULL)
usr.sbin/rpki-client/cert.c
2217
io_read_buf(b, cert->ases,
usr.sbin/rpki-client/cert.c
2218
cert->num_ases * sizeof(cert->ases[0]));
usr.sbin/rpki-client/cert.c
222
cert_check_subject_and_issuer(const char *fn, const struct cert *cert)
usr.sbin/rpki-client/cert.c
2221
io_read_str(b, &cert->path);
usr.sbin/rpki-client/cert.c
2223
if (cert->purpose == CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
2224
io_read_str(b, &cert->mft);
usr.sbin/rpki-client/cert.c
2225
io_read_opt_str(b, &cert->notify);
usr.sbin/rpki-client/cert.c
2226
io_read_str(b, &cert->repo);
usr.sbin/rpki-client/cert.c
2228
io_read_opt_str(b, &cert->aki);
usr.sbin/rpki-client/cert.c
2229
io_read_str(b, &cert->ski);
usr.sbin/rpki-client/cert.c
2230
} else if (cert->purpose == CERT_PURPOSE_CA) {
usr.sbin/rpki-client/cert.c
2231
io_read_str(b, &cert->mft);
usr.sbin/rpki-client/cert.c
2232
io_read_opt_str(b, &cert->notify);
usr.sbin/rpki-client/cert.c
2233
io_read_str(b, &cert->repo);
usr.sbin/rpki-client/cert.c
2234
io_read_str(b, &cert->crl);
usr.sbin/rpki-client/cert.c
2235
io_read_str(b, &cert->aia);
usr.sbin/rpki-client/cert.c
2236
io_read_str(b, &cert->aki);
usr.sbin/rpki-client/cert.c
2237
io_read_str(b, &cert->ski);
usr.sbin/rpki-client/cert.c
2238
io_read_buf(b, &cert->mfthash, sizeof(cert->mfthash));
usr.sbin/rpki-client/cert.c
2239
} else if (cert->purpose == CERT_PURPOSE_BGPSEC_ROUTER) {
usr.sbin/rpki-client/cert.c
2241
io_read_str(b, &cert->crl);
usr.sbin/rpki-client/cert.c
2242
io_read_str(b, &cert->aia);
usr.sbin/rpki-client/cert.c
2243
io_read_str(b, &cert->aki);
usr.sbin/rpki-client/cert.c
2244
io_read_str(b, &cert->ski);
usr.sbin/rpki-client/cert.c
2245
io_read_str(b, &cert->pubkey);
usr.sbin/rpki-client/cert.c
2248
purpose2str(cert->purpose));
usr.sbin/rpki-client/cert.c
2251
return cert;
usr.sbin/rpki-client/cert.c
2257
if (a->cert->certid > b->cert->certid)
usr.sbin/rpki-client/cert.c
2259
if (a->cert->certid < b->cert->certid)
usr.sbin/rpki-client/cert.c
226
if ((name = X509_get_subject_name(cert->x509)) == NULL) {
usr.sbin/rpki-client/cert.c
2276
cert_free(auth->cert);
usr.sbin/rpki-client/cert.c
2289
struct cert c;
usr.sbin/rpki-client/cert.c
2293
a.cert = &c;
usr.sbin/rpki-client/cert.c
2304
auth_insert(const char *fn, struct auth_tree *auths, struct cert *cert,
usr.sbin/rpki-client/cert.c
2317
cert->certid = cert->talid;
usr.sbin/rpki-client/cert.c
2319
cert->certid = ++certid;
usr.sbin/rpki-client/cert.c
233
if ((name = X509_get_issuer_name(cert->x509)) == NULL) {
usr.sbin/rpki-client/cert.c
2334
na->cert = cert;
usr.sbin/rpki-client/cert.c
2335
na->any_inherits = x509_any_inherits(cert->x509);
usr.sbin/rpki-client/cert.c
2353
insert_brk(struct brk_tree *tree, struct cert *cert, int asid)
usr.sbin/rpki-client/cert.c
2361
b->expires = cert->notafter;
usr.sbin/rpki-client/cert.c
2362
b->talid = cert->talid;
usr.sbin/rpki-client/cert.c
2363
if ((b->ski = strdup(cert->ski)) == NULL)
usr.sbin/rpki-client/cert.c
2365
if ((b->pubkey = strdup(cert->pubkey)) == NULL)
usr.sbin/rpki-client/cert.c
2387
cert_insert_brks(struct brk_tree *tree, struct cert *cert)
usr.sbin/rpki-client/cert.c
2391
for (i = 0; i < cert->num_ases; i++) {
usr.sbin/rpki-client/cert.c
2392
switch (cert->ases[i].type) {
usr.sbin/rpki-client/cert.c
2394
insert_brk(tree, cert, cert->ases[i].id);
usr.sbin/rpki-client/cert.c
2397
for (asid = cert->ases[i].range.min;
usr.sbin/rpki-client/cert.c
2398
asid <= cert->ases[i].range.max; asid++)
usr.sbin/rpki-client/cert.c
2399
insert_brk(tree, cert, asid);
usr.sbin/rpki-client/cert.c
2433
cert_insert_nca(struct nca_tree *tree, const struct cert *cert, struct repo *rp)
usr.sbin/rpki-client/cert.c
2439
if ((nca->location = strdup(cert->path)) == NULL)
usr.sbin/rpki-client/cert.c
244
cert_check_validity_period(const char *fn, struct cert *cert)
usr.sbin/rpki-client/cert.c
2441
if ((nca->carepo = strdup(cert->repo)) == NULL)
usr.sbin/rpki-client/cert.c
2443
if ((nca->mfturi = strdup(cert->mft)) == NULL)
usr.sbin/rpki-client/cert.c
2445
if ((nca->ski = strdup(cert->ski)) == NULL)
usr.sbin/rpki-client/cert.c
2447
nca->certid = cert->certid;
usr.sbin/rpki-client/cert.c
2448
nca->talid = cert->talid;
usr.sbin/rpki-client/cert.c
248
if ((at = X509_get0_notBefore(cert->x509)) == NULL) {
usr.sbin/rpki-client/cert.c
252
if (!x509_get_time(at, &cert->notbefore)) {
usr.sbin/rpki-client/cert.c
257
if ((at = X509_get0_notAfter(cert->x509)) == NULL) {
usr.sbin/rpki-client/cert.c
261
if (!x509_get_time(at, &cert->notafter)) {
usr.sbin/rpki-client/cert.c
266
if (cert->notbefore > cert->notafter) {
usr.sbin/rpki-client/cert.c
275
cert_compliant_rsa_key(const char *fn, struct cert *cert)
usr.sbin/rpki-client/cert.c
281
if ((pkey = X509_get0_pubkey(cert->x509)) == NULL) {
usr.sbin/rpki-client/cert.c
308
cert_compliant_ec_key(const char *fn, struct cert *cert)
usr.sbin/rpki-client/cert.c
313
if ((pkey = X509_get0_pubkey(cert->x509)) == NULL) {
usr.sbin/rpki-client/cert.c
331
if (cert->purpose == CERT_PURPOSE_BGPSEC_ROUTER) {
usr.sbin/rpki-client/cert.c
339
if (base64_encode(der, der_len, &cert->pubkey) == -1)
usr.sbin/rpki-client/cert.c
348
cert_check_spki(const char *fn, struct cert *cert)
usr.sbin/rpki-client/cert.c
361
pubkey = (X509_PUBKEY *)X509_get_X509_PUBKEY(cert->x509);
usr.sbin/rpki-client/cert.c
378
switch (cert->purpose) {
usr.sbin/rpki-client/cert.c
388
if (!cert_compliant_rsa_key(fn, cert))
usr.sbin/rpki-client/cert.c
409
if (!cert_compliant_ec_key(fn, cert))
usr.sbin/rpki-client/cert.c
425
cert_ski(const char *fn, struct cert *cert, const X509_EXTENSION *ext)
usr.sbin/rpki-client/cert.c
432
assert(cert->ski == NULL);
usr.sbin/rpki-client/cert.c
44
cert_check_purpose(const char *fn, struct cert *cert)
usr.sbin/rpki-client/cert.c
446
if (!X509_pubkey_digest(cert->x509, EVP_sha1(), md, &md_len)) {
usr.sbin/rpki-client/cert.c
46
X509 *x = cert->x509;
usr.sbin/rpki-client/cert.c
464
cert->ski = hex_encode(md, md_len);
usr.sbin/rpki-client/cert.c
473
cert_aki(const char *fn, struct cert *cert, const X509_EXTENSION *ext)
usr.sbin/rpki-client/cert.c
478
assert(cert->aki == NULL);
usr.sbin/rpki-client/cert.c
510
cert->aki = hex_encode(ASN1_STRING_get0_data(akid->keyid), length);
usr.sbin/rpki-client/cert.c
52
cert->purpose = CERT_PURPOSE_INVALID;
usr.sbin/rpki-client/cert.c
522
cert_crldp(const char *fn, struct cert *cert, const X509_EXTENSION *ext)
usr.sbin/rpki-client/cert.c
530
assert(cert->crl == NULL);
usr.sbin/rpki-client/cert.c
532
if (cert->purpose == CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
595
if (cert->crl == NULL && strncasecmp(crl, RSYNC_PROTO,
usr.sbin/rpki-client/cert.c
597
cert->crl = crl;
usr.sbin/rpki-client/cert.c
606
if (cert->crl == NULL) {
usr.sbin/rpki-client/cert.c
624
cert_aia(const char *fn, struct cert *cert, const X509_EXTENSION *ext)
usr.sbin/rpki-client/cert.c
632
assert(cert->aia == NULL);
usr.sbin/rpki-client/cert.c
634
if (cert->purpose == CERT_PURPOSE_TA) {
usr.sbin/rpki-client/cert.c
662
if (cert->aia == NULL && strncasecmp(caissuers,
usr.sbin/rpki-client/cert.c
664
cert->aia = caissuers;
usr.sbin/rpki-client/cert.c
687
if (cert->aia == NULL) {
usr.sbin/rpki-client/cert.c
705
cert_ca_sia(const char *fn, struct cert *cert, const X509_EXTENSION *ext)
usr.sbin/rpki-client/cert.c
714
assert(cert->repo == NULL && cert->mft == NULL && cert->notify == NULL);
usr.sbin/rpki-client/cert.c
738
if (cert->repo == NULL && strncasecmp(carepo,
usr.sbin/rpki-client/cert.c
750
cert->repo = carepo;
usr.sbin/rpki-client/cert.c
763
if (cert->mft == NULL && strncasecmp(rpkimft,
usr.sbin/rpki-client/cert.c
765
cert->mft = rpkimft;
usr.sbin/rpki-client/cert.c
781
fn, cert->notify);
usr.sbin/rpki-client/cert.c
785
if (cert->notify != NULL) {
usr.sbin/rpki-client/cert.c
791
cert->notify = notify;
usr.sbin/rpki-client/cert.c
803
if (cert->mft == NULL || cert->repo == NULL) {
usr.sbin/rpki-client/cert.c
809
mftfilename = strrchr(cert->mft, '/');
usr.sbin/rpki-client/cert.c
821
if (strstr(cert->mft, cert->repo) != cert->mft ||
usr.sbin/rpki-client/cert.c
822
cert->mft + strlen(cert->repo) != mftfilename) {
usr.sbin/rpki-client/cert.c
828
if (rtype_from_file_extension(cert->mft) != RTYPE_MFT) {
usr.sbin/rpki-client/cert.c
845
cert_ee_sia(const char *fn, struct cert *cert, const X509_EXTENSION *ext)
usr.sbin/rpki-client/cert.c
853
assert(cert->signedobj == NULL);
usr.sbin/rpki-client/cert.c
888
if (cert->signedobj == NULL && strncasecmp(signedobj,
usr.sbin/rpki-client/cert.c
890
cert->signedobj = signedobj;
usr.sbin/rpki-client/cert.c
909
if (cert->signedobj == NULL) {
usr.sbin/rpki-client/cert.c
915
const char *p = cert->signedobj + RSYNC_PROTO_LEN;
usr.sbin/rpki-client/cert.c
923
fn, cert->signedobj);
usr.sbin/rpki-client/cert.c
935
cert_sia(const char *fn, struct cert *cert, const X509_EXTENSION *ext)
usr.sbin/rpki-client/cert.c
937
switch (cert->purpose) {
usr.sbin/rpki-client/cert.c
940
return cert_ca_sia(fn, cert, ext);
usr.sbin/rpki-client/cert.c
942
return cert_ee_sia(fn, cert, ext);
usr.sbin/rpki-client/cert.c
957
cert_policies(const char *fn, struct cert *cert, const X509_EXTENSION *ext)
usr.sbin/rpki-client/cms.c
173
cms_parse_validate_internal(struct cert **out_cert, const char *fn, int talid,
usr.sbin/rpki-client/cms.c
177
struct cert *cert = NULL;
usr.sbin/rpki-client/cms.c
349
cert = cert_parse_ee_cert(fn, talid, sk_X509_value(certs, 0));
usr.sbin/rpki-client/cms.c
350
if (cert == NULL)
usr.sbin/rpki-client/cms.c
353
if (*signtime > cert->notafter)
usr.sbin/rpki-client/cms.c
362
if (CMS_SignerInfo_cert_cmp(si, cert->x509) != 0) {
usr.sbin/rpki-client/cms.c
370
*out_cert = cert;
usr.sbin/rpki-client/cms.c
371
cert = NULL;
usr.sbin/rpki-client/cms.c
375
cert_free(cert);
usr.sbin/rpki-client/cms.c
389
cms_parse_validate(struct cert **out_cert, const char *fn, int talid,
usr.sbin/rpki-client/constraints.c
513
constraints_check_as(const char *fn, struct cert_as *cert,
usr.sbin/rpki-client/constraints.c
520
if (cert->type == CERT_AS_INHERIT)
usr.sbin/rpki-client/constraints.c
523
if (cert->type == CERT_AS_ID) {
usr.sbin/rpki-client/constraints.c
524
min = cert->id;
usr.sbin/rpki-client/constraints.c
525
max = cert->id;
usr.sbin/rpki-client/constraints.c
527
min = cert->range.min;
usr.sbin/rpki-client/constraints.c
528
max = cert->range.max;
usr.sbin/rpki-client/constraints.c
532
if (!as_check_overlap(cert, fn, deny_ases, num_deny_ases, 1))
usr.sbin/rpki-client/constraints.c
543
constraints_check_ips(const char *fn, struct cert_ip *cert,
usr.sbin/rpki-client/constraints.c
548
if (cert->type == CERT_IP_INHERIT)
usr.sbin/rpki-client/constraints.c
552
if (!ip_addr_check_overlap(cert, fn, deny_ips, num_deny_ips, 1))
usr.sbin/rpki-client/constraints.c
556
if (ip_addr_check_covered(cert->afi, cert->min, cert->max,
usr.sbin/rpki-client/constraints.c
569
constraints_validate(const char *fn, const struct cert *cert)
usr.sbin/rpki-client/constraints.c
571
int talid = cert->talid;
usr.sbin/rpki-client/constraints.c
589
for (i = 0; i < cert->num_ases; i++) {
usr.sbin/rpki-client/constraints.c
590
if (constraints_check_as(fn, &cert->ases[i],
usr.sbin/rpki-client/constraints.c
594
as_warn(fn, tal_constraints[talid].warn, &cert->ases[i]);
usr.sbin/rpki-client/constraints.c
603
for (i = 0; i < cert->num_ips; i++) {
usr.sbin/rpki-client/constraints.c
604
if (constraints_check_ips(fn, &cert->ips[i], allow_ips,
usr.sbin/rpki-client/constraints.c
608
ip_warn(fn, tal_constraints[talid].warn, &cert->ips[i]);
usr.sbin/rpki-client/crl.c
331
find.aki = a->cert->ski;
usr.sbin/rpki-client/crl.c
332
find.mftpath = a->cert->mft;
usr.sbin/rpki-client/extern.h
1015
void ccr_insert_tas(struct ccr_tas_tree *, const struct cert *);
usr.sbin/rpki-client/extern.h
1016
void ccr_insert_mft_sub(struct ccr_mft_tree *, const struct cert *);
usr.sbin/rpki-client/extern.h
517
struct cert *cert; /* owner information */
usr.sbin/rpki-client/extern.h
528
struct auth *auth_insert(const char *, struct auth_tree *, struct cert *,
usr.sbin/rpki-client/extern.h
714
void cert_buffer(struct ibuf *, const struct cert *);
usr.sbin/rpki-client/extern.h
715
void cert_free(struct cert *);
usr.sbin/rpki-client/extern.h
717
struct cert *cert_parse_ca_or_brk(const char *, const unsigned char *,
usr.sbin/rpki-client/extern.h
719
struct cert *cert_parse_ee_cert(const char *, int, X509 *);
usr.sbin/rpki-client/extern.h
720
struct cert *cert_parse_ta(const char *, const unsigned char *, size_t,
usr.sbin/rpki-client/extern.h
722
struct cert *cert_parse_filemode(const char *, const unsigned char *,
usr.sbin/rpki-client/extern.h
724
struct cert *ta_validate(const char *, struct cert *, const unsigned char *,
usr.sbin/rpki-client/extern.h
726
struct cert *cert_read(struct ibuf *);
usr.sbin/rpki-client/extern.h
727
void cert_insert_brks(struct brk_tree *, struct cert *);
usr.sbin/rpki-client/extern.h
728
void cert_insert_nca(struct nca_tree *, const struct cert *,
usr.sbin/rpki-client/extern.h
735
struct mft *mft_parse(struct cert **, const char *, int,
usr.sbin/rpki-client/extern.h
745
struct roa *roa_parse(struct cert **, const char *, int,
usr.sbin/rpki-client/extern.h
753
struct spl *spl_parse(struct cert **, const char *, int,
usr.sbin/rpki-client/extern.h
760
struct rsc *rsc_parse(struct cert **, const char *, int,
usr.sbin/rpki-client/extern.h
765
struct tak *tak_parse(struct cert **, const char *, int,
usr.sbin/rpki-client/extern.h
772
struct aspa *aspa_parse(struct cert **, const char *, int,
usr.sbin/rpki-client/extern.h
785
int valid_cert(const char *, struct auth *, const struct cert *);
usr.sbin/rpki-client/extern.h
786
int valid_roa(const char *, struct cert *, struct roa *);
usr.sbin/rpki-client/extern.h
794
int valid_rsc(const char *, struct cert *, struct rsc *);
usr.sbin/rpki-client/extern.h
797
int valid_aspa(const char *, struct cert *, struct aspa *);
usr.sbin/rpki-client/extern.h
799
int valid_spl(const char *, struct cert *, struct spl *);
usr.sbin/rpki-client/extern.h
802
unsigned char *cms_parse_validate(struct cert **, const char *, int,
usr.sbin/rpki-client/extern.h
851
int constraints_validate(const char *, const struct cert *);
usr.sbin/rpki-client/extern.h
974
void cert_print(const struct cert *);
usr.sbin/rpki-client/extern.h
976
void mft_print(const struct cert *, const struct mft *);
usr.sbin/rpki-client/extern.h
977
void roa_print(const struct cert *, const struct roa *);
usr.sbin/rpki-client/extern.h
978
void rsc_print(const struct cert *, const struct rsc *);
usr.sbin/rpki-client/extern.h
979
void aspa_print(const struct cert *, const struct aspa *);
usr.sbin/rpki-client/extern.h
980
void tak_print(const struct cert *, const struct tak *);
usr.sbin/rpki-client/extern.h
981
void spl_print(const struct cert *, const struct spl *);
usr.sbin/rpki-client/filemode.c
133
static struct cert *
usr.sbin/rpki-client/filemode.c
136
struct cert *cert = NULL;
usr.sbin/rpki-client/filemode.c
155
cert = cert_parse_filemode(uri, f, flen);
usr.sbin/rpki-client/filemode.c
158
if (cert == NULL)
usr.sbin/rpki-client/filemode.c
160
if (cert->purpose != CERT_PURPOSE_CA) {
usr.sbin/rpki-client/filemode.c
162
purpose2str(cert->purpose), uri);
usr.sbin/rpki-client/filemode.c
166
parse_load_crl(cert->crl);
usr.sbin/rpki-client/filemode.c
168
return cert;
usr.sbin/rpki-client/filemode.c
171
cert_free(cert);
usr.sbin/rpki-client/filemode.c
184
struct cert *stack[MAX_CERT_DEPTH] = { 0 };
usr.sbin/rpki-client/filemode.c
186
struct cert *cert;
usr.sbin/rpki-client/filemode.c
193
if ((cert = uripath_lookup(uri)) != NULL) {
usr.sbin/rpki-client/filemode.c
194
a = auth_find(&auths, cert->certid);
usr.sbin/rpki-client/filemode.c
202
stack[i] = cert = parse_load_cert(uri);
usr.sbin/rpki-client/filemode.c
203
if (cert == NULL || cert->purpose != CERT_PURPOSE_CA) {
usr.sbin/rpki-client/filemode.c
207
uri = cert->aia;
usr.sbin/rpki-client/filemode.c
218
cert = stack[i - 1];
usr.sbin/rpki-client/filemode.c
222
if (!valid_x509(uri, ctx, cert->x509, a, crl, &errstr) ||
usr.sbin/rpki-client/filemode.c
223
!valid_cert(uri, a, cert)) {
usr.sbin/rpki-client/filemode.c
228
cert->talid = a->cert->talid;
usr.sbin/rpki-client/filemode.c
229
a = auth_insert(uri, &auths, cert, a);
usr.sbin/rpki-client/filemode.c
230
uripath_add(uri, cert);
usr.sbin/rpki-client/filemode.c
245
struct cert *cert;
usr.sbin/rpki-client/filemode.c
264
cert = cert_parse_ta(file, f, flen, tal->spki, tal->spkisz);
usr.sbin/rpki-client/filemode.c
265
if (cert == NULL)
usr.sbin/rpki-client/filemode.c
268
cert->talid = tal->id;
usr.sbin/rpki-client/filemode.c
269
auth_insert(file, &auths, cert, NULL);
usr.sbin/rpki-client/filemode.c
274
uripath_add(tal->uri[i], cert);
usr.sbin/rpki-client/filemode.c
283
find_tal(struct cert *cert)
usr.sbin/rpki-client/filemode.c
289
if ((cert_pkey = X509_get0_pubkey(cert->x509)) == NULL)
usr.sbin/rpki-client/filemode.c
317
printf(" %s\n", a->cert->mft);
usr.sbin/rpki-client/filemode.c
322
if (a->cert->crl != NULL)
usr.sbin/rpki-client/filemode.c
323
printf(" %s\n", a->cert->crl);
usr.sbin/rpki-client/filemode.c
326
a->issuer->cert->mft);
usr.sbin/rpki-client/filemode.c
327
if (a->cert->aia != NULL)
usr.sbin/rpki-client/filemode.c
328
printf(" %s\n", a->cert->aia);
usr.sbin/rpki-client/filemode.c
420
struct cert *cert = NULL;
usr.sbin/rpki-client/filemode.c
503
aspa = aspa_parse(&cert, file, -1, buf, len);
usr.sbin/rpki-client/filemode.c
506
aia = cert->aia;
usr.sbin/rpki-client/filemode.c
508
notbefore = &cert->notbefore;
usr.sbin/rpki-client/filemode.c
509
notafter = &cert->notafter;
usr.sbin/rpki-client/filemode.c
518
cert = cert_parse_filemode(file, buf, len);
usr.sbin/rpki-client/filemode.c
519
if (cert == NULL)
usr.sbin/rpki-client/filemode.c
521
is_ta = (cert->purpose == CERT_PURPOSE_TA);
usr.sbin/rpki-client/filemode.c
522
aia = cert->aia;
usr.sbin/rpki-client/filemode.c
523
expires = &cert->expires;
usr.sbin/rpki-client/filemode.c
524
notbefore = &cert->notbefore;
usr.sbin/rpki-client/filemode.c
525
notafter = &cert->notafter;
usr.sbin/rpki-client/filemode.c
534
mft = mft_parse(&cert, file, -1, buf, len);
usr.sbin/rpki-client/filemode.c
537
aia = cert->aia;
usr.sbin/rpki-client/filemode.c
54
struct cert *cert;
usr.sbin/rpki-client/filemode.c
543
roa = roa_parse(&cert, file, -1, buf, len);
usr.sbin/rpki-client/filemode.c
546
aia = cert->aia;
usr.sbin/rpki-client/filemode.c
548
notbefore = &cert->notbefore;
usr.sbin/rpki-client/filemode.c
549
notafter = &cert->notafter;
usr.sbin/rpki-client/filemode.c
552
rsc = rsc_parse(&cert, file, -1, buf, len);
usr.sbin/rpki-client/filemode.c
555
aia = cert->aia;
usr.sbin/rpki-client/filemode.c
557
notbefore = &cert->notbefore;
usr.sbin/rpki-client/filemode.c
558
notafter = &cert->notafter;
usr.sbin/rpki-client/filemode.c
561
spl = spl_parse(&cert, file, -1, buf, len);
usr.sbin/rpki-client/filemode.c
564
aia = cert->aia;
usr.sbin/rpki-client/filemode.c
566
notbefore = &cert->notbefore;
usr.sbin/rpki-client/filemode.c
567
notafter = &cert->notafter;
usr.sbin/rpki-client/filemode.c
570
tak = tak_parse(&cert, file, -1, buf, len);
usr.sbin/rpki-client/filemode.c
573
aia = cert->aia;
usr.sbin/rpki-client/filemode.c
575
notbefore = &cert->notbefore;
usr.sbin/rpki-client/filemode.c
576
notafter = &cert->notafter;
usr.sbin/rpki-client/filemode.c
590
parse_load_crl(cert->crl);
usr.sbin/rpki-client/filemode.c
594
if ((status = valid_x509(file, ctx, cert->x509, a, c, &errstr))) {
usr.sbin/rpki-client/filemode.c
612
cert->talid = a->cert->talid;
usr.sbin/rpki-client/filemode.c
613
constraints_validate(file, cert);
usr.sbin/rpki-client/filemode.c
618
if ((tal = find_tal(cert)) != NULL) {
usr.sbin/rpki-client/filemode.c
619
cert = ta_validate(file, cert, tal->spki, tal->spkisz);
usr.sbin/rpki-client/filemode.c
620
status = (cert != NULL);
usr.sbin/rpki-client/filemode.c
622
expires = &cert->expires;
usr.sbin/rpki-client/filemode.c
623
notafter = &cert->notafter;
usr.sbin/rpki-client/filemode.c
632
cert_free(cert);
usr.sbin/rpki-client/filemode.c
633
cert = NULL;
usr.sbin/rpki-client/filemode.c
644
aspa_print(cert, aspa);
usr.sbin/rpki-client/filemode.c
647
cert_print(cert);
usr.sbin/rpki-client/filemode.c
650
mft_print(cert, mft);
usr.sbin/rpki-client/filemode.c
653
roa_print(cert, roa);
usr.sbin/rpki-client/filemode.c
656
rsc_print(cert, rsc);
usr.sbin/rpki-client/filemode.c
659
spl_print(cert, spl);
usr.sbin/rpki-client/filemode.c
662
tak_print(cert, tak);
usr.sbin/rpki-client/filemode.c
68
uripath_add(const char *uri, struct cert *cert)
usr.sbin/rpki-client/filemode.c
699
print_signature_path(cert->crl, aia, a);
usr.sbin/rpki-client/filemode.c
705
if (cert == NULL)
usr.sbin/rpki-client/filemode.c
711
if (!X509_print_ex_fp(stdout, cert->x509,
usr.sbin/rpki-client/filemode.c
717
if (!PEM_write_X509(stdout, cert->x509))
usr.sbin/rpki-client/filemode.c
726
cert_free(cert);
usr.sbin/rpki-client/filemode.c
76
up->cert = cert;
usr.sbin/rpki-client/filemode.c
81
static struct cert *
usr.sbin/rpki-client/filemode.c
90
return up->cert;
usr.sbin/rpki-client/main.c
514
queue_add_from_cert(const struct cert *cert, struct nca_tree *ncas)
usr.sbin/rpki-client/main.c
523
if (strncmp(cert->repo, RSYNC_PROTO, RSYNC_PROTO_LEN) != 0)
usr.sbin/rpki-client/main.c
525
host = cert->repo + RSYNC_PROTO_LEN;
usr.sbin/rpki-client/main.c
529
warnx("skipping %s (listed in skiplist)", cert->repo);
usr.sbin/rpki-client/main.c
542
warnx("skipping %s (not shortlisted)", cert->repo);
usr.sbin/rpki-client/main.c
546
repo = repo_lookup(cert->talid, cert->repo,
usr.sbin/rpki-client/main.c
547
rrdpon ? cert->notify : NULL);
usr.sbin/rpki-client/main.c
555
uri = cert->mft;
usr.sbin/rpki-client/main.c
558
if (strncmp(repouri, cert->mft, repourisz) != 0) {
usr.sbin/rpki-client/main.c
575
cert_insert_nca(ncas, cert, repo);
usr.sbin/rpki-client/main.c
577
cert->talid, cert->certid, NULL);
usr.sbin/rpki-client/main.c
591
struct cert *cert;
usr.sbin/rpki-client/main.c
645
cert = cert_read(b);
usr.sbin/rpki-client/main.c
646
switch (cert->purpose) {
usr.sbin/rpki-client/main.c
648
queue_add_from_cert(cert, &vd->ncas);
usr.sbin/rpki-client/main.c
649
ccr_insert_tas(&vd->ccr.tas, cert);
usr.sbin/rpki-client/main.c
652
queue_add_from_cert(cert, &vd->ncas);
usr.sbin/rpki-client/main.c
653
ccr_insert_mft_sub(&vd->ccr.mfts, cert);
usr.sbin/rpki-client/main.c
656
cert_insert_brks(&vd->brks, cert);
usr.sbin/rpki-client/main.c
660
errx(1, "unexpected %s", purpose2str(cert->purpose));
usr.sbin/rpki-client/main.c
663
cert_free(cert);
usr.sbin/rpki-client/mft.c
375
mft_parse(struct cert **out_cert, const char *fn, int talid,
usr.sbin/rpki-client/mft.c
379
struct cert *cert = NULL;
usr.sbin/rpki-client/mft.c
388
cms = cms_parse_validate(&cert, fn, talid, der, len, mft_oid, &cmsz,
usr.sbin/rpki-client/mft.c
398
if ((mft->aki = strdup(cert->aki)) == NULL)
usr.sbin/rpki-client/mft.c
400
if ((mft->sia = strdup(cert->signedobj)) == NULL)
usr.sbin/rpki-client/mft.c
403
if (!x509_inherits(cert->x509)) {
usr.sbin/rpki-client/mft.c
408
crlfile = strrchr(cert->crl, '/');
usr.sbin/rpki-client/mft.c
433
*out_cert = cert;
usr.sbin/rpki-client/mft.c
434
cert = NULL;
usr.sbin/rpki-client/mft.c
442
cert_free(cert);
usr.sbin/rpki-client/parser.c
137
if (strcmp(aki, a->cert->ski) != 0) {
usr.sbin/rpki-client/parser.c
139
aki, a->cert->ski);
usr.sbin/rpki-client/parser.c
189
struct cert *cert = NULL;
usr.sbin/rpki-client/parser.c
194
if ((roa = roa_parse(&cert, file, entp->talid, der, len)) == NULL)
usr.sbin/rpki-client/parser.c
197
a = find_issuer(file, entp->certid, cert->aki, entp->mftaki);
usr.sbin/rpki-client/parser.c
202
if (!valid_x509(file, ctx, cert->x509, a, crl, &errstr)) {
usr.sbin/rpki-client/parser.c
207
roa->talid = a->cert->talid;
usr.sbin/rpki-client/parser.c
209
roa->expires = x509_find_expires(cert->notafter, a, &crls);
usr.sbin/rpki-client/parser.c
210
cert_free(cert);
usr.sbin/rpki-client/parser.c
216
cert_free(cert);
usr.sbin/rpki-client/parser.c
230
struct cert *cert = NULL;
usr.sbin/rpki-client/parser.c
235
if ((spl = spl_parse(&cert, file, entp->talid, der, len)) == NULL)
usr.sbin/rpki-client/parser.c
238
a = find_issuer(file, entp->certid, cert->aki, entp->mftaki);
usr.sbin/rpki-client/parser.c
243
if (!valid_x509(file, ctx, cert->x509, a, crl, &errstr)) {
usr.sbin/rpki-client/parser.c
248
spl->talid = a->cert->talid;
usr.sbin/rpki-client/parser.c
250
spl->expires = x509_find_expires(cert->notafter, a, &crls);
usr.sbin/rpki-client/parser.c
251
cert_free(cert);
usr.sbin/rpki-client/parser.c
257
cert_free(cert);
usr.sbin/rpki-client/parser.c
372
struct cert *cert = NULL;
usr.sbin/rpki-client/parser.c
390
if ((mft = mft_parse(&cert, file, entp->talid, der, len)) == NULL) {
usr.sbin/rpki-client/parser.c
412
if (!valid_x509(file, ctx, cert->x509, a, *crl, errstr))
usr.sbin/rpki-client/parser.c
414
cert_free(cert);
usr.sbin/rpki-client/parser.c
415
cert = NULL;
usr.sbin/rpki-client/parser.c
418
mft->talid = a->cert->talid;
usr.sbin/rpki-client/parser.c
486
cert_free(cert);
usr.sbin/rpki-client/parser.c
577
static struct cert *
usr.sbin/rpki-client/parser.c
581
struct cert *cert;
usr.sbin/rpki-client/parser.c
588
cert = cert_parse_ca_or_brk(file, der, len);
usr.sbin/rpki-client/parser.c
589
if (cert == NULL)
usr.sbin/rpki-client/parser.c
592
a = find_issuer(file, entp->certid, cert->aki, entp->mftaki);
usr.sbin/rpki-client/parser.c
597
if (!valid_x509(file, ctx, cert->x509, a, crl, &errstr) ||
usr.sbin/rpki-client/parser.c
598
!valid_cert(file, a, cert)) {
usr.sbin/rpki-client/parser.c
604
cert->talid = a->cert->talid;
usr.sbin/rpki-client/parser.c
606
cert->path = parse_filepath(entp->repoid, entp->path, entp->file,
usr.sbin/rpki-client/parser.c
608
if (cert->path == NULL) {
usr.sbin/rpki-client/parser.c
613
if (cert->purpose == CERT_PURPOSE_BGPSEC_ROUTER) {
usr.sbin/rpki-client/parser.c
614
if (!constraints_validate(file, cert))
usr.sbin/rpki-client/parser.c
621
if (cert->purpose == CERT_PURPOSE_CA) {
usr.sbin/rpki-client/parser.c
622
if (sizeof(cert->mfthash) != entp->datasz)
usr.sbin/rpki-client/parser.c
625
memcpy(cert->mfthash, entp->data, entp->datasz);
usr.sbin/rpki-client/parser.c
626
auth_insert(file, &auths, cert, a);
usr.sbin/rpki-client/parser.c
629
return cert;
usr.sbin/rpki-client/parser.c
632
cert_free(cert);
usr.sbin/rpki-client/parser.c
638
proc_parser_ta_cmp(const struct cert *cert1, const struct cert *cert2)
usr.sbin/rpki-client/parser.c
684
proc_parser_root_cert(struct entity *entp, struct cert **out_cert)
usr.sbin/rpki-client/parser.c
686
struct cert *cert1 = NULL, *cert2 = NULL;
usr.sbin/rpki-client/parser.c
745
struct cert *cert = NULL;
usr.sbin/rpki-client/parser.c
750
if ((aspa = aspa_parse(&cert, file, entp->talid, der, len)) == NULL)
usr.sbin/rpki-client/parser.c
753
a = find_issuer(file, entp->certid, cert->aki, entp->mftaki);
usr.sbin/rpki-client/parser.c
758
if (!valid_x509(file, ctx, cert->x509, a, crl, &errstr)) {
usr.sbin/rpki-client/parser.c
763
aspa->talid = a->cert->talid;
usr.sbin/rpki-client/parser.c
765
aspa->expires = x509_find_expires(cert->notafter, a, &crls);
usr.sbin/rpki-client/parser.c
766
cert_free(cert);
usr.sbin/rpki-client/parser.c
772
cert_free(cert);
usr.sbin/rpki-client/parser.c
785
struct cert *cert = NULL;
usr.sbin/rpki-client/parser.c
790
if ((tak = tak_parse(&cert, file, entp->talid, der, len)) == NULL)
usr.sbin/rpki-client/parser.c
793
a = find_issuer(file, entp->certid, cert->aki, entp->mftaki);
usr.sbin/rpki-client/parser.c
798
if (!valid_x509(file, ctx, cert->x509, a, crl, &errstr)) {
usr.sbin/rpki-client/parser.c
807
tak->talid = a->cert->talid;
usr.sbin/rpki-client/parser.c
809
tak->expires = x509_find_expires(cert->notafter, a, &crls);
usr.sbin/rpki-client/parser.c
810
cert_free(cert);
usr.sbin/rpki-client/parser.c
816
cert_free(cert);
usr.sbin/rpki-client/parser.c
850
struct cert *cert;
usr.sbin/rpki-client/parser.c
897
file = proc_parser_root_cert(entp, &cert);
usr.sbin/rpki-client/parser.c
900
cert = proc_parser_cert(file, f, flen, entp,
usr.sbin/rpki-client/parser.c
904
if (cert != NULL)
usr.sbin/rpki-client/parser.c
905
mtime = cert->notbefore;
usr.sbin/rpki-client/parser.c
907
c = (cert != NULL);
usr.sbin/rpki-client/parser.c
909
if (cert != NULL) {
usr.sbin/rpki-client/parser.c
910
cert->repoid = entp->repoid;
usr.sbin/rpki-client/parser.c
911
cert_buffer(b, cert);
usr.sbin/rpki-client/print.c
283
cert_print(const struct cert *p)
usr.sbin/rpki-client/print.c
451
mft_print(const struct cert *c, const struct mft *p)
usr.sbin/rpki-client/print.c
510
roa_print(const struct cert *c, const struct roa *p)
usr.sbin/rpki-client/print.c
563
spl_print(const struct cert *c, const struct spl *s)
usr.sbin/rpki-client/print.c
614
rsc_print(const struct cert *c, const struct rsc *p)
usr.sbin/rpki-client/print.c
680
aspa_print(const struct cert *c, const struct aspa *p)
usr.sbin/rpki-client/print.c
768
tak_print(const struct cert *c, const struct tak *p)
usr.sbin/rpki-client/roa.c
212
roa_parse(struct cert **out_cert, const char *fn, int talid,
usr.sbin/rpki-client/roa.c
216
struct cert *cert = NULL;
usr.sbin/rpki-client/roa.c
224
cms = cms_parse_validate(&cert, fn, talid, der, len, roa_oid, &cmsz,
usr.sbin/rpki-client/roa.c
236
if (x509_any_inherits(cert->x509)) {
usr.sbin/rpki-client/roa.c
241
if (cert->num_ases > 0) {
usr.sbin/rpki-client/roa.c
246
if (cert->num_ips == 0) {
usr.sbin/rpki-client/roa.c
255
roa->valid = valid_roa(fn, cert, roa);
usr.sbin/rpki-client/roa.c
257
*out_cert = cert;
usr.sbin/rpki-client/roa.c
258
cert = NULL;
usr.sbin/rpki-client/roa.c
266
cert_free(cert);
usr.sbin/rpki-client/rsc.c
347
rsc_parse(struct cert **out_cert, const char *fn, int talid,
usr.sbin/rpki-client/rsc.c
351
struct cert *cert = NULL;
usr.sbin/rpki-client/rsc.c
359
cms = cms_parse_validate(&cert, fn, talid, der, len, rsc_oid, &cmsz,
usr.sbin/rpki-client/rsc.c
368
if (x509_any_inherits(cert->x509)) {
usr.sbin/rpki-client/rsc.c
376
rsc->valid = valid_rsc(fn, cert, rsc);
usr.sbin/rpki-client/rsc.c
378
*out_cert = cert;
usr.sbin/rpki-client/rsc.c
379
cert = NULL;
usr.sbin/rpki-client/rsc.c
387
cert_free(cert);
usr.sbin/rpki-client/spl.c
217
spl_parse(struct cert **out_cert, const char *fn, int talid,
usr.sbin/rpki-client/spl.c
221
struct cert *cert = NULL;
usr.sbin/rpki-client/spl.c
229
cms = cms_parse_validate(&cert, fn, talid, der, len, spl_oid, &cmsz,
usr.sbin/rpki-client/spl.c
241
if (x509_any_inherits(cert->x509)) {
usr.sbin/rpki-client/spl.c
246
if (cert->num_ases == 0) {
usr.sbin/rpki-client/spl.c
251
if (cert->num_ips > 0) {
usr.sbin/rpki-client/spl.c
260
spl->valid = valid_spl(fn, cert, spl);
usr.sbin/rpki-client/spl.c
262
*out_cert = cert;
usr.sbin/rpki-client/spl.c
263
cert = NULL;
usr.sbin/rpki-client/spl.c
271
cert_free(cert);
usr.sbin/rpki-client/tak.c
191
tak_parse(struct cert **out_cert, const char *fn, int talid,
usr.sbin/rpki-client/tak.c
195
struct cert *cert = NULL;
usr.sbin/rpki-client/tak.c
203
cms = cms_parse_validate(&cert, fn, talid, der, len, tak_oid, &cmsz,
usr.sbin/rpki-client/tak.c
212
if (!x509_inherits(cert->x509)) {
usr.sbin/rpki-client/tak.c
220
if (strcmp(cert->aki, tak->current->ski) != 0) {
usr.sbin/rpki-client/tak.c
225
*out_cert = cert;
usr.sbin/rpki-client/tak.c
226
cert = NULL;
usr.sbin/rpki-client/tak.c
234
cert_free(cert);
usr.sbin/rpki-client/validate.c
100
min = cert->ases[i].range.min;
usr.sbin/rpki-client/validate.c
101
max = cert->ases[i].range.max;
usr.sbin/rpki-client/validate.c
107
as_warn(fn, "RFC 6487: uncovered resource", &cert->ases[i]);
usr.sbin/rpki-client/validate.c
111
for (i = 0; i < cert->num_ips; i++) {
usr.sbin/rpki-client/validate.c
112
if (cert->ips[i].type == CERT_IP_INHERIT)
usr.sbin/rpki-client/validate.c
115
if (valid_ip(a, cert->ips[i].afi, cert->ips[i].min,
usr.sbin/rpki-client/validate.c
116
cert->ips[i].max))
usr.sbin/rpki-client/validate.c
119
ip_warn(fn, "RFC 6487: uncovered resource", &cert->ips[i]);
usr.sbin/rpki-client/validate.c
131
valid_roa(const char *fn, struct cert *cert, struct roa *roa)
usr.sbin/rpki-client/validate.c
138
roa->ips[i].max, cert->ips, cert->num_ips) > 0)
usr.sbin/rpki-client/validate.c
156
valid_spl(const char *fn, struct cert *cert, struct spl *spl)
usr.sbin/rpki-client/validate.c
158
if (as_check_covered(spl->asid, spl->asid, cert->ases,
usr.sbin/rpki-client/validate.c
159
cert->num_ases) > 0)
usr.sbin/rpki-client/validate.c
316
assert(a->cert->x509 != NULL);
usr.sbin/rpki-client/validate.c
318
if (!sk_X509_push(*root, a->cert->x509))
usr.sbin/rpki-client/validate.c
322
if (!sk_X509_push(*intermediates, a->cert->x509))
usr.sbin/rpki-client/validate.c
44
c = as_check_covered(min, max, a->cert->ases, a->cert->num_ases);
usr.sbin/rpki-client/validate.c
440
valid_rsc(const char *fn, struct cert *cert, struct rsc *rsc)
usr.sbin/rpki-client/validate.c
454
if (as_check_covered(min, max, cert->ases, cert->num_ases) > 0)
usr.sbin/rpki-client/validate.c
463
rsc->ips[i].max, cert->ips, cert->num_ips) > 0)
usr.sbin/rpki-client/validate.c
510
valid_aspa(const char *fn, struct cert *cert, struct aspa *aspa)
usr.sbin/rpki-client/validate.c
514
cert->ases, cert->num_ases) > 0)
usr.sbin/rpki-client/validate.c
70
c = ip_addr_check_covered(afi, min, max, a->cert->ips,
usr.sbin/rpki-client/validate.c
71
a->cert->num_ips);
usr.sbin/rpki-client/validate.c
87
valid_cert(const char *fn, struct auth *a, const struct cert *cert)
usr.sbin/rpki-client/validate.c
92
for (i = 0; i < cert->num_ases; i++) {
usr.sbin/rpki-client/validate.c
93
if (cert->ases[i].type == CERT_AS_INHERIT)
usr.sbin/rpki-client/validate.c
96
if (cert->ases[i].type == CERT_AS_ID) {
usr.sbin/rpki-client/validate.c
97
min = cert->ases[i].id;
usr.sbin/rpki-client/validate.c
98
max = cert->ases[i].id;
usr.sbin/rpki-client/x509.c
625
if (expires > a->cert->notafter)
usr.sbin/rpki-client/x509.c
626
expires = a->cert->notafter;
usr.sbin/smtpd/ssl.c
226
hash_x509(X509 *cert, char *hash, size_t hashlen)
usr.sbin/smtpd/ssl.c
233
if (X509_pubkey_digest(cert, EVP_sha256(), digest, &dlen) != 1)
usr.sbin/unbound/dnscrypt/dnscrypt.c
245
const dnsccert *cert,
usr.sbin/unbound/dnscrypt/dnscrypt.c
270
cert->magic_query,
usr.sbin/unbound/dnscrypt/dnscrypt.c
277
cert->magic_query,
usr.sbin/unbound/dnscrypt/dnscrypt.c
291
cert->magic_query,
usr.sbin/unbound/dnscrypt/dnscrypt.c
298
cert->es_version[1],
usr.sbin/unbound/dnscrypt/dnscrypt.c
300
cert->keypair->crypt_secretkey);
usr.sbin/unbound/dnscrypt/dnscrypt.c
309
if(cert->es_version[1] == 2) {
usr.sbin/unbound/dnscrypt/dnscrypt.c
313
cert->keypair->crypt_secretkey) != 0) {
usr.sbin/unbound/dnscrypt/dnscrypt.c
322
cert->keypair->crypt_secretkey) != 0) {
usr.sbin/unbound/dnscrypt/dnscrypt.c
340
if(cert->es_version[1] == 2) {
usr.sbin/unbound/dnscrypt/dnscrypt.c
461
dnscrypt_server_curve(const dnsccert *cert,
usr.sbin/unbound/dnscrypt/dnscrypt.c
491
cert->keypair->crypt_secretkey);
usr.sbin/unbound/dnscrypt/dnscrypt.c
499
if(cert->es_version[1] == 2) {
usr.sbin/unbound/dnscrypt/dnscrypt.c
703
struct SignedCert *cert = dnscenv->signed_certs + i;
usr.sbin/unbound/dnscrypt/dnscrypt.c
706
if(cert == dnscenv->rotated_certs[j]) {
usr.sbin/unbound/dnscrypt/dnscrypt.c
711
memcpy(&serial, cert->serial, sizeof serial);
usr.sbin/unbound/dnscrypt/dnscrypt.c
739
int c = (int)*((const uint8_t *) cert + j);
usr.sbin/unbound/smallapp/unbound-anchor.c
1678
get_usage_of_ex(X509* cert)
usr.sbin/unbound/smallapp/unbound-anchor.c
1682
if((s=X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL))) {
usr.sbin/unbound/smallapp/unbound-anchor.c
1944
STACK_OF(X509)* cert, const char* p7signer)
usr.sbin/unbound/smallapp/unbound-anchor.c
1949
if(!verify_p7sig(xml, p7s, cert, p7signer)) {
usr.sbin/unbound/smallapp/unbound-anchor.c
1979
STACK_OF(X509)* cert;
usr.sbin/unbound/smallapp/unbound-anchor.c
1985
cert = read_cert_or_builtin(root_cert_file);
usr.sbin/unbound/smallapp/unbound-anchor.c
2014
verify_and_update_anchor(root_anchor_file, xml, p7s, cert, p7signer);
usr.sbin/unbound/smallapp/unbound-anchor.c
2021
sk_X509_pop_free(cert, X509_free);
usr.sbin/unbound/testcode/petal.c
236
setup_ctx(char* key, char* cert)
usr.sbin/unbound/testcode/petal.c
247
if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) {
usr.sbin/unbound/testcode/petal.c
272
if(!SSL_CTX_load_verify_locations(ctx, cert, NULL))
usr.sbin/unbound/testcode/petal.c
581
do_service(char* addr, int port, char* key, char* cert)
usr.sbin/unbound/testcode/petal.c
583
SSL_CTX* sslctx = setup_ctx(key, cert);
usr.sbin/unbound/testcode/petal.c
623
char* addr = "127.0.0.1", *key = "petal.key", *cert = "petal.pem";
usr.sbin/unbound/testcode/petal.c
638
cert = optarg;
usr.sbin/unbound/testcode/petal.c
684
do_service(addr, port, key, cert);
usr.sbin/unbound/util/net_help.c
1145
log_cert(unsigned level, const char* str, void* cert)
usr.sbin/unbound/util/net_help.c
1154
X509_print_ex(bio, (X509*)cert, 0, (unsigned long)-1
usr.sbin/unbound/util/net_help.h
476
void log_cert(unsigned level, const char* str, void* cert);
