18 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
19 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
20 static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
26  * WARNING: the following table should be kept in order of trust and without
27  * any gaps so we can just subtract the minimum trust value to get an index
54     return (*a)->trust - (*b)->trust;  in tr_cmp()
57 int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,  in X509_TRUST_set_default()
61     default_trust = trust;  in X509_TRUST_set_default()
106     tmp.trust = id;  in X509_TRUST_get_by_id()
113 int X509_TRUST_set(int *t, int trust)  in X509_TRUST_set()  argument
115     if (X509_TRUST_get_by_id(trust) < 0) {  in X509_TRUST_set()
119     *t = trust;  in X509_TRUST_set()
132     /* This will always be set for application modified trust entries */  in X509_TRUST_add()
159     trtmp->trust = id;  in X509_TRUST_add()
214     return xp->trust;  in X509_TRUST_get_trust()
217 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)  in trust_1oidany()  argument
220      * Declare the chain verified if the desired trust OID is not rejected in  in trust_1oidany()
221      * any auxiliary trust info for this certificate, and the OID is either  in trust_1oidany()
226     return obj_trust(trust->arg1, x, flags);  in trust_1oidany()
229 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)  in trust_1oid()  argument
232      * Declare the chain verified only if the desired trust OID is not  in trust_1oid()
234      * trust in self-signed certificates apply.  in trust_1oid()
237     return obj_trust(trust->arg1, x, flags);  in trust_1oid()
240 static int trust_compat(X509_TRUST *trust, X509 *x, int flags)  in trust_compat()  argument
267     if (ax && ax->trust) {  in obj_trust()
268         for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {  in obj_trust()
269             ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->trust, i);  in obj_trust()
277          * Reject when explicit trust EKU are set and none match.  in obj_trust()
280          * self-signed roots, because when explicit trust is specified it  in obj_trust()
281          * suppresses the default blanket trust of self-signed objects.  in obj_trust()
284          * trust-self-signed policy, non matching EKUs are indistinguishable  in obj_trust()