Lines Matching defs:cert
378 const CERT_CONTEXT *cert;
501 if (priv->cert)
502 CertFreeCertificateContext(priv->cert);
529 if (strncmp(name, "cert://", 7) == 0) {
564 X509 *cert = NULL;
570 (strncmp(name, "cert://", 7) != 0 &&
584 priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
585 if (priv->cert == NULL) {
586 priv->cert = cryptoapi_find_cert(
589 if (priv->cert == NULL) {
595 cert = d2i_X509(NULL,
596 (const unsigned char **) &priv->cert->pbCertEncoded,
597 priv->cert->cbCertEncoded);
598 if (cert == NULL) {
604 if (!CryptAcquireCertificatePrivateKey(priv->cert,
630 if (!SSL_use_certificate(ssl, cert)) {
635 pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
636 X509_free(cert);
637 cert = NULL;
651 if (cert)
652 X509_free(cert);
667 X509 *cert;
689 wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
696 cert = d2i_X509(NULL,
699 if (cert == NULL) {
701 "X509 DER encoding for CA cert");
705 X509_NAME_oneline(X509_get_subject_name(cert), buf,
711 cert)) {
717 X509_free(cert);
721 wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
1324 /* load private key first in-case PIN is required for cert */
1843 static int tls_match_altsubject_component(X509 *cert, int type,
1851 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1868 static int tls_match_altsubject(X509 *cert, const char *match)
1902 if (tls_match_altsubject_component(cert, type, pos, len) > 0)
1984 * @cert: Certificate
1992 static int match_dn_field(const X509 *cert, int nid, const char *field,
2000 name = X509_get_subject_name((X509 *) cert);
2059 * @cert: Certificate
2065 static int get_value_from_field(const X509 *cert, char *field_str,
2115 return match_dn_field(cert, nid, name, value, dn_cnt);
2121 * @cert: Certificate
2125 static int tls_match_dn_field(X509 *cert, const char *match)
2146 if (!get_value_from_field(cert, field, &dn_cnt)) {
2158 static int tls_match_suffix_helper(X509 *cert, const char *match,
2171 ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
2197 name = X509_get_subject_name(cert);
2229 static int tls_match_suffix(X509 *cert, const char *match, int full)
2239 if (tls_match_suffix_helper(cert, token, last - token, full))
2286 static struct wpabuf * get_x509_cert(X509 *cert)
2291 int cert_len = i2d_X509(cert, NULL);
2300 i2d_X509(cert, &tmp);
2311 struct wpabuf *cert = NULL;
2317 cert = get_x509_cert(err_cert);
2324 ev.cert_fail.cert = cert;
2326 wpabuf_free(cert);
2330 static int openssl_cert_tod(X509 *cert)
2338 ext = X509_get_ext_d2i(cert, NID_certificate_policies, NULL, NULL);
2365 struct wpabuf *cert = NULL;
2385 cert = get_x509_cert(err_cert);
2386 ev.peer_cert.cert = cert;
2389 if (cert) {
2392 addr[0] = wpabuf_head(cert);
2393 len[0] = wpabuf_len(cert);
2456 wpabuf_free(cert);
2462 static void debug_print_cert(X509 *cert, const char *title)
2477 X509_print(out, cert);
2562 struct wpabuf *cert;
2563 cert = get_x509_cert(err_cert);
2564 if (!cert) {
2572 addr[0] = wpabuf_head(cert);
2573 len[0] = wpabuf_len(cert);
2588 wpabuf_free(cert);
2597 /* Send cert event for the peer certificate so that
2605 X509 *cert;
2607 cert = sk_X509_value(chain, 0);
2608 X509_NAME_oneline(X509_get_subject_name(cert),
2611 openssl_tls_cert_event(conn, cert, 0, buf2);
2770 "cert already in hash table error",
2843 X509 *cert = d2i_X509(NULL,
2846 if (cert == NULL) {
2851 cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
2855 if (!cert) {
2867 cert)) {
2876 "cert already in hash table error",
2879 X509_free(cert);
2883 X509_free(cert);
3584 X509 *cert;
3590 cert = NULL;
3594 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
3602 if (cert) {
3603 X509_NAME_oneline(X509_get_subject_name(cert), buf,
3608 if (SSL_use_certificate(ssl, cert) != 1)
3611 if (SSL_CTX_use_certificate(data->ssl, cert) != 1)
3614 X509_free(cert);
3635 while ((cert = sk_X509_pop(certs)) != NULL) {
3636 X509_NAME_oneline(X509_get_subject_name(cert), buf,
3640 if ((ssl && SSL_add1_chain_cert(ssl, cert) != 1) ||
3642 cert) != 1)) {
3646 X509_free(cert);
3649 X509_free(cert);
3681 while ((cert = sk_X509_pop(certs)) != NULL) {
3682 X509_NAME_oneline(X509_get_subject_name(cert), buf,
3687 * There is no SSL equivalent for the chain cert - so
3690 if (SSL_CTX_add_extra_chain_cert(data->ssl, cert) != 1)
3692 X509_free(cert);
3767 X509 **cert)
3772 X509 *cert;
3775 params.cert = NULL;
3781 wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
3788 if (!params.cert) {
3789 wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
3793 *cert = params.cert;
3803 X509 *cert;
3805 if (tls_engine_get_cert(conn, cert_id, &cert))
3808 if (!SSL_use_certificate(conn->ssl, cert)) {
3811 X509_free(cert);
3814 X509_free(cert);
3830 X509 *cert;
3834 if (tls_engine_get_cert(conn, ca_cert_id, &cert))
3842 X509_free(cert);
3846 if (!X509_STORE_add_cert(store, cert)) {
3853 wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
3857 X509_free(cert);
3861 X509_free(cert);
5108 X509 *cert;
5109 cert = X509_dup(conn->peer_issuer);
5110 if (cert && !sk_X509_push(certs, cert)) {
5114 X509_free(cert);
5119 cert = X509_dup(conn->peer_issuer_issuer);
5120 if (cert && !sk_X509_push(certs, cert)) {
5124 X509_free(cert);
5350 * cert/key fields are actually PKCS#11 URIs, then automatically
5599 static void openssl_debug_dump_certificate(int i, X509 *cert)
5606 if (!cert)
5609 X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
5611 ser = X509_get_serialNumber(cert);
5619 pkey = X509_get_pubkey(cert);