Lines Matching refs:cert
131 const char * x509_name ( struct x509_certificate *cert ) { in x509_name() argument
132 struct asn1_cursor *common_name = &cert->subject.common_name; in x509_name()
147 x509_fingerprint ( cert, digest, fingerprint ); in x509_name()
168 static int x509_parse_version ( struct x509_certificate *cert, in x509_parse_version() argument
180 DBGC ( cert, "X509 %p cannot parse version: %s\n", in x509_parse_version()
181 cert, strerror ( rc ) ); in x509_parse_version()
182 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_version()
188 DBGC ( cert, "X509 %p invalid version %d\n", cert, version ); in x509_parse_version()
189 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_version()
194 cert->version = version; in x509_parse_version()
195 DBGC2 ( cert, "X509 %p is a version %d certificate\n", in x509_parse_version()
196 cert, ( cert->version + 1 ) ); in x509_parse_version()
208 static int x509_parse_serial ( struct x509_certificate *cert, in x509_parse_serial() argument
210 struct x509_serial *serial = &cert->serial; in x509_parse_serial()
216 DBGC ( cert, "X509 %p cannot shrink serialNumber: %s\n", in x509_parse_serial()
217 cert, strerror ( rc ) ); in x509_parse_serial()
220 DBGC2 ( cert, "X509 %p issuer is:\n", cert ); in x509_parse_serial()
221 DBGC2_HDA ( cert, 0, serial->raw.data, serial->raw.len ); in x509_parse_serial()
233 static int x509_parse_issuer ( struct x509_certificate *cert, in x509_parse_issuer() argument
235 struct x509_issuer *issuer = &cert->issuer; in x509_parse_issuer()
241 DBGC ( cert, "X509 %p cannot shrink issuer: %s\n", in x509_parse_issuer()
242 cert, strerror ( rc ) ); in x509_parse_issuer()
245 DBGC2 ( cert, "X509 %p issuer is:\n", cert ); in x509_parse_issuer()
246 DBGC2_HDA ( cert, 0, issuer->raw.data, issuer->raw.len ); in x509_parse_issuer()
258 static int x509_parse_validity ( struct x509_certificate *cert, in x509_parse_validity() argument
260 struct x509_validity *validity = &cert->validity; in x509_parse_validity()
273 DBGC ( cert, "X509 %p cannot parse notBefore: %s\n", in x509_parse_validity()
274 cert, strerror ( rc ) ); in x509_parse_validity()
277 DBGC2 ( cert, "X509 %p valid from time %lld\n", in x509_parse_validity()
278 cert, not_before->time ); in x509_parse_validity()
284 DBGC ( cert, "X509 %p cannot parse notAfter: %s\n", in x509_parse_validity()
285 cert, strerror ( rc ) ); in x509_parse_validity()
288 DBGC2 ( cert, "X509 %p valid until time %lld\n", in x509_parse_validity()
289 cert, not_after->time ); in x509_parse_validity()
301 static int x509_parse_common_name ( struct x509_certificate *cert, in x509_parse_common_name() argument
325 DBGC ( cert, "X509 %p cannot locate name:\n", cert ); in x509_parse_common_name()
326 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_common_name()
331 memcpy ( &cert->subject.common_name, &name_cursor, in x509_parse_common_name()
332 sizeof ( cert->subject.common_name ) ); in x509_parse_common_name()
338 DBGC2 ( cert, "X509 %p no commonName found:\n", cert ); in x509_parse_common_name()
349 static int x509_parse_subject ( struct x509_certificate *cert, in x509_parse_subject() argument
351 struct x509_subject *subject = &cert->subject; in x509_parse_subject()
357 DBGC2 ( cert, "X509 %p subject is:\n", cert ); in x509_parse_subject()
358 DBGC2_HDA ( cert, 0, subject->raw.data, subject->raw.len ); in x509_parse_subject()
361 if ( ( rc = x509_parse_common_name ( cert, raw ) ) != 0 ) in x509_parse_subject()
363 DBGC2 ( cert, "X509 %p common name is \"%s\":\n", cert, in x509_parse_subject()
364 x509_name ( cert ) ); in x509_parse_subject()
376 static int x509_parse_public_key ( struct x509_certificate *cert, in x509_parse_public_key() argument
378 struct x509_public_key *public_key = &cert->subject.public_key; in x509_parse_public_key()
388 DBGC2 ( cert, "X509 %p public key is:\n", cert ); in x509_parse_public_key()
389 DBGC2_HDA ( cert, 0, public_key->raw.data, public_key->raw.len ); in x509_parse_public_key()
396 DBGC ( cert, "X509 %p could not parse public key algorithm: " in x509_parse_public_key()
397 "%s\n", cert, strerror ( rc ) ); in x509_parse_public_key()
400 DBGC2 ( cert, "X509 %p public key algorithm is %s\n", in x509_parse_public_key()
401 cert, (*algorithm)->name ); in x509_parse_public_key()
406 DBGC ( cert, "X509 %p could not parse public key bits: %s\n", in x509_parse_public_key()
407 cert, strerror ( rc ) ); in x509_parse_public_key()
421 static int x509_parse_basic_constraints ( struct x509_certificate *cert, in x509_parse_basic_constraints() argument
423 struct x509_basic_constraints *basic = &cert->extensions.basic; in x509_parse_basic_constraints()
438 DBGC ( cert, "X509 %p cannot parse cA: %s\n", in x509_parse_basic_constraints()
439 cert, strerror ( rc ) ); in x509_parse_basic_constraints()
440 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_basic_constraints()
446 DBGC2 ( cert, "X509 %p is %sa CA certificate\n", in x509_parse_basic_constraints()
447 cert, ( basic->ca ? "" : "not " ) ); in x509_parse_basic_constraints()
457 DBGC ( cert, "X509 %p cannot parse pathLenConstraint: " in x509_parse_basic_constraints()
458 "%s\n", cert, strerror ( rc ) ); in x509_parse_basic_constraints()
459 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_basic_constraints()
463 DBGC ( cert, "X509 %p invalid pathLenConstraint %d\n", in x509_parse_basic_constraints()
464 cert, path_len ); in x509_parse_basic_constraints()
465 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_basic_constraints()
469 DBGC2 ( cert, "X509 %p path length constraint is %d\n", in x509_parse_basic_constraints()
470 cert, basic->path_len ); in x509_parse_basic_constraints()
483 static int x509_parse_key_usage ( struct x509_certificate *cert, in x509_parse_key_usage() argument
485 struct x509_key_usage *usage = &cert->extensions.usage; in x509_parse_key_usage()
497 DBGC ( cert, "X509 %p could not parse key usage: %s\n", in x509_parse_key_usage()
498 cert, strerror ( rc ) ); in x509_parse_key_usage()
510 DBGC2 ( cert, "X509 %p key usage is %08x\n", cert, usage->bits ); in x509_parse_key_usage()
542 static int x509_parse_key_purpose ( struct x509_certificate *cert, in x509_parse_key_purpose() argument
544 struct x509_extended_key_usage *ext_usage = &cert->extensions.ext_usage; in x509_parse_key_purpose()
553 DBGC ( cert, "X509 %p invalid keyPurposeId:\n", cert ); in x509_parse_key_purpose()
554 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_key_purpose()
563 DBGC2 ( cert, "X509 %p has key purpose %s\n", in x509_parse_key_purpose()
564 cert, purpose->name ); in x509_parse_key_purpose()
581 static int x509_parse_extended_key_usage ( struct x509_certificate *cert, in x509_parse_extended_key_usage() argument
592 if ( ( rc = x509_parse_key_purpose ( cert, &cursor ) ) != 0 ) in x509_parse_extended_key_usage()
607 static int x509_parse_ocsp ( struct x509_certificate *cert, in x509_parse_ocsp() argument
609 struct x509_ocsp_responder *ocsp = &cert->extensions.auth_info.ocsp; in x509_parse_ocsp()
616 DBGC ( cert, "X509 %p OCSP does not contain " in x509_parse_ocsp()
617 "uniformResourceIdentifier:\n", cert ); in x509_parse_ocsp()
618 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_ocsp()
621 DBGC2 ( cert, "X509 %p OCSP URI is:\n", cert ); in x509_parse_ocsp()
622 DBGC2_HDA ( cert, 0, uri->data, uri->len ); in x509_parse_ocsp()
667 static int x509_parse_access_description ( struct x509_certificate *cert, in x509_parse_access_description() argument
683 DBGC2 ( cert, "X509 %p found access method %s\n", in x509_parse_access_description()
684 cert, ( method ? method->name : "<unknown>" ) ); in x509_parse_access_description()
687 if ( method && ( ( rc = method->parse ( cert, &cursor ) ) != 0 ) ) in x509_parse_access_description()
700 static int x509_parse_authority_info_access ( struct x509_certificate *cert, in x509_parse_authority_info_access() argument
711 if ( ( rc = x509_parse_access_description ( cert, in x509_parse_authority_info_access()
727 static int x509_parse_subject_alt_name ( struct x509_certificate *cert, in x509_parse_subject_alt_name() argument
729 struct x509_subject_alt_name *alt_name = &cert->extensions.alt_name; in x509_parse_subject_alt_name()
736 DBGC ( cert, "X509 %p invalid subjectAltName: %s\n", in x509_parse_subject_alt_name()
737 cert, strerror ( rc ) ); in x509_parse_subject_alt_name()
738 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_subject_alt_name()
741 DBGC2 ( cert, "X509 %p has subjectAltName:\n", cert ); in x509_parse_subject_alt_name()
742 DBGC2_HDA ( cert, 0, names->data, names->len ); in x509_parse_subject_alt_name()
824 static int x509_parse_extension ( struct x509_certificate *cert, in x509_parse_extension() argument
841 DBGC2 ( cert, "X509 %p found extension %s\n", in x509_parse_extension()
842 cert, ( extension ? extension->name : "<unknown>" ) ); in x509_parse_extension()
849 DBGC ( cert, "X509 %p cannot parse extension " in x509_parse_extension()
850 "criticality: %s\n", cert, strerror ( rc ) ); in x509_parse_extension()
851 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_extension()
861 DBGC ( cert, "X509 %p cannot handle critical " in x509_parse_extension()
862 "extension:\n", cert ); in x509_parse_extension()
863 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_extension()
873 DBGC ( cert, "X509 %p extension missing extnValue:\n", cert ); in x509_parse_extension()
874 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_parse_extension()
879 if ( ( rc = extension->parse ( cert, &cursor ) ) != 0 ) in x509_parse_extension()
892 static int x509_parse_extensions ( struct x509_certificate *cert, in x509_parse_extensions() argument
904 if ( ( rc = x509_parse_extension ( cert, &cursor ) ) != 0 ) in x509_parse_extensions()
919 static int x509_parse_tbscertificate ( struct x509_certificate *cert, in x509_parse_tbscertificate() argument
921 struct asn1_algorithm **algorithm = &cert->signature_algorithm; in x509_parse_tbscertificate()
928 memcpy ( &cert->tbs, &cursor, sizeof ( cert->tbs ) ); in x509_parse_tbscertificate()
935 if ( ( rc = x509_parse_version ( cert, &cursor ) ) != 0 ) in x509_parse_tbscertificate()
941 if ( ( rc = x509_parse_serial ( cert, &cursor ) ) != 0 ) in x509_parse_tbscertificate()
947 DBGC ( cert, "X509 %p could not parse signature algorithm: " in x509_parse_tbscertificate()
948 "%s\n", cert, strerror ( rc ) ); in x509_parse_tbscertificate()
951 DBGC2 ( cert, "X509 %p tbsCertificate signature algorithm is %s\n", in x509_parse_tbscertificate()
952 cert, (*algorithm)->name ); in x509_parse_tbscertificate()
956 if ( ( rc = x509_parse_issuer ( cert, &cursor ) ) != 0 ) in x509_parse_tbscertificate()
961 if ( ( rc = x509_parse_validity ( cert, &cursor ) ) != 0 ) in x509_parse_tbscertificate()
966 if ( ( rc = x509_parse_subject ( cert, &cursor ) ) != 0 ) in x509_parse_tbscertificate()
971 if ( ( rc = x509_parse_public_key ( cert, &cursor ) ) != 0 ) in x509_parse_tbscertificate()
976 if ( ( rc = x509_parse_extensions ( cert, &cursor ) ) != 0 ) in x509_parse_tbscertificate()
989 int x509_parse ( struct x509_certificate *cert, in x509_parse() argument
991 struct x509_signature *signature = &cert->signature; in x509_parse()
999 memcpy ( &cert->raw, &cursor, sizeof ( cert->raw ) ); in x509_parse()
1005 if ( ( rc = x509_parse_tbscertificate ( cert, &cursor ) ) != 0 ) in x509_parse()
1012 DBGC ( cert, "X509 %p could not parse signature algorithm: " in x509_parse()
1013 "%s\n", cert, strerror ( rc ) ); in x509_parse()
1016 DBGC2 ( cert, "X509 %p signatureAlgorithm is %s\n", in x509_parse()
1017 cert, (*signature_algorithm)->name ); in x509_parse()
1023 DBGC ( cert, "X509 %p could not parse signature value: %s\n", in x509_parse()
1024 cert, strerror ( rc ) ); in x509_parse()
1027 DBGC2 ( cert, "X509 %p signatureValue is:\n", cert ); in x509_parse()
1028 DBGC2_HDA ( cert, 0, signature_value->data, signature_value->len ); in x509_parse()
1034 DBGC ( cert, "X509 %p signature algorithm %s does not match " in x509_parse()
1036 cert, signature->algorithm->name, in x509_parse()
1056 struct x509_certificate **cert ) { in x509_certificate() argument
1067 if ( ( *cert = certstore_find ( &cursor ) ) != NULL ) { in x509_certificate()
1070 x509_get ( *cert ); in x509_certificate()
1075 *cert = zalloc ( sizeof ( **cert ) + cursor.len ); in x509_certificate()
1076 if ( ! *cert ) in x509_certificate()
1078 ref_init ( &(*cert)->refcnt, NULL ); in x509_certificate()
1079 raw = ( *cert + 1 ); in x509_certificate()
1086 if ( ( rc = x509_parse ( *cert, &cursor ) ) != 0 ) { in x509_certificate()
1087 x509_put ( *cert ); in x509_certificate()
1088 *cert = NULL; in x509_certificate()
1093 certstore_add ( *cert ); in x509_certificate()
1105 static int x509_check_signature ( struct x509_certificate *cert, in x509_check_signature() argument
1107 struct x509_signature *signature = &cert->signature; in x509_check_signature()
1117 assert ( cert->signature_algorithm == cert->signature.algorithm ); in x509_check_signature()
1121 digest_update ( digest, digest_ctx, cert->tbs.data, cert->tbs.len ); in x509_check_signature()
1123 DBGC2 ( cert, "X509 %p \"%s\" digest:\n", cert, x509_name ( cert ) ); in x509_check_signature()
1124 DBGC2_HDA ( cert, 0, digest_out, sizeof ( digest_out ) ); in x509_check_signature()
1128 DBGC ( cert, "X509 %p \"%s\" signature algorithm %s does not " in x509_check_signature()
1130 cert, x509_name ( cert ), algorithm->name, in x509_check_signature()
1139 DBGC ( cert, "X509 %p \"%s\" cannot initialise public key: " in x509_check_signature()
1140 "%s\n", cert, x509_name ( cert ), strerror ( rc ) ); in x509_check_signature()
1146 DBGC ( cert, "X509 %p \"%s\" signature verification failed: " in x509_check_signature()
1147 "%s\n", cert, x509_name ( cert ), strerror ( rc ) ); in x509_check_signature()
1168 int x509_check_issuer ( struct x509_certificate *cert, in x509_check_issuer() argument
1185 if ( asn1_compare ( &cert->issuer.raw, &issuer->subject.raw ) != 0 ) { in x509_check_issuer()
1186 DBGC ( cert, "X509 %p \"%s\" issuer does not match ", in x509_check_issuer()
1187 cert, x509_name ( cert ) ); in x509_check_issuer()
1188 DBGC ( cert, "X509 %p \"%s\" subject\n", in x509_check_issuer()
1190 DBGC_HDA ( cert, 0, cert->issuer.raw.data, in x509_check_issuer()
1191 cert->issuer.raw.len ); in x509_check_issuer()
1202 cert, x509_name ( cert ) ); in x509_check_issuer()
1210 cert, x509_name ( cert ) ); in x509_check_issuer()
1215 if ( ( rc = x509_check_signature ( cert, public_key ) ) != 0 ) in x509_check_issuer()
1228 void x509_fingerprint ( struct x509_certificate *cert, in x509_fingerprint() argument
1235 digest_update ( digest, ctx, cert->raw.data, cert->raw.len ); in x509_fingerprint()
1246 int x509_check_root ( struct x509_certificate *cert, struct x509_root *root ) { in x509_check_root() argument
1253 x509_fingerprint ( cert, digest, fingerprint ); in x509_check_root()
1259 DBGC ( cert, "X509 %p \"%s\" is a root certificate\n", in x509_check_root()
1260 cert, x509_name ( cert ) ); in x509_check_root()
1266 DBGC2 ( cert, "X509 %p \"%s\" is not a root certificate\n", in x509_check_root()
1267 cert, x509_name ( cert ) ); in x509_check_root()
1278 int x509_check_time ( struct x509_certificate *cert, time_t time ) { in x509_check_time() argument
1279 struct x509_validity *validity = &cert->validity; in x509_check_time()
1283 DBGC ( cert, "X509 %p \"%s\" is not yet valid (at time %lld)\n", in x509_check_time()
1284 cert, x509_name ( cert ), time ); in x509_check_time()
1288 DBGC ( cert, "X509 %p \"%s\" has expired (at time %lld)\n", in x509_check_time()
1289 cert, x509_name ( cert ), time ); in x509_check_time()
1293 DBGC2 ( cert, "X509 %p \"%s\" is valid (at time %lld)\n", in x509_check_time()
1294 cert, x509_name ( cert ), time ); in x509_check_time()
1313 int x509_validate ( struct x509_certificate *cert, in x509_validate() argument
1324 if ( x509_is_valid ( cert ) ) in x509_validate()
1328 if ( ( rc = x509_check_time ( cert, time ) ) != 0 ) in x509_validate()
1332 if ( x509_check_root ( cert, root ) == 0 ) { in x509_validate()
1333 cert->flags |= X509_FL_VALIDATED; in x509_validate()
1334 cert->path_remaining = ( cert->extensions.basic.path_len + 1 ); in x509_validate()
1340 DBGC2 ( cert, "X509 %p \"%s\" has no issuer\n", in x509_validate()
1341 cert, x509_name ( cert ) ); in x509_validate()
1347 DBGC ( cert, "X509 %p \"%s\" ", cert, x509_name ( cert ) ); in x509_validate()
1348 DBGC ( cert, "issuer %p \"%s\" has not yet been validated\n", in x509_validate()
1354 if ( ( rc = x509_check_issuer ( cert, issuer ) ) != 0 ) in x509_validate()
1359 DBGC ( cert, "X509 %p \"%s\" ", cert, x509_name ( cert ) ); in x509_validate()
1360 DBGC ( cert, "issuer %p \"%s\" path length exceeded\n", in x509_validate()
1366 if ( ocsp_required ( cert ) ) { in x509_validate()
1367 DBGC ( cert, "X509 %p \"%s\" requires an OCSP check\n", in x509_validate()
1368 cert, x509_name ( cert ) ); in x509_validate()
1373 cert->path_remaining = ( issuer->path_remaining - 1 ); in x509_validate()
1374 max_path_remaining = ( cert->extensions.basic.path_len + 1 ); in x509_validate()
1375 if ( cert->path_remaining > max_path_remaining ) in x509_validate()
1376 cert->path_remaining = max_path_remaining; in x509_validate()
1379 cert->flags |= X509_FL_VALIDATED; in x509_validate()
1381 DBGC ( cert, "X509 %p \"%s\" successfully validated using ", in x509_validate()
1382 cert, x509_name ( cert ) ); in x509_validate()
1383 DBGC ( cert, "issuer %p \"%s\"\n", issuer, x509_name ( issuer ) ); in x509_validate()
1395 static int x509_check_dnsname ( struct x509_certificate *cert, in x509_check_dnsname() argument
1422 DBGC2 ( cert, "X509 %p \"%s\" found wildcard match for " in x509_check_dnsname()
1423 "\"*.%s\"\n", cert, x509_name ( cert ), name ); in x509_check_dnsname()
1436 static int x509_check_ipaddress ( struct x509_certificate *cert, in x509_check_ipaddress() argument
1454 DBGC ( cert, "X509 %p \"%s\" has iPAddress with unexpected " in x509_check_ipaddress()
1455 "length %zd\n", cert, x509_name ( cert ), raw->len ); in x509_check_ipaddress()
1456 DBGC_HDA ( cert, 0, raw->data, raw->len ); in x509_check_ipaddress()
1462 DBGC2 ( cert, "X509 %p \"%s\" cannot parse \"%s\" as " in x509_check_ipaddress()
1463 "iPAddress: %s\n", cert, x509_name ( cert ), name, in x509_check_ipaddress()
1474 DBGC2 ( cert, "X509 %p \"%s\" found iPAddress match for \"%s\"\n", in x509_check_ipaddress()
1475 cert, x509_name ( cert ), sock_ntoa ( &sa ) ); in x509_check_ipaddress()
1487 static int x509_check_alt_name ( struct x509_certificate *cert, in x509_check_alt_name() argument
1501 return x509_check_dnsname ( cert, &alt_name, name ); in x509_check_alt_name()
1503 return x509_check_ipaddress ( cert, &alt_name, name ); in x509_check_alt_name()
1505 DBGC2 ( cert, "X509 %p \"%s\" unknown name of type %#02x:\n", in x509_check_alt_name()
1506 cert, x509_name ( cert ), type ); in x509_check_alt_name()
1507 DBGC2_HDA ( cert, 0, alt_name.data, alt_name.len ); in x509_check_alt_name()
1519 int x509_check_name ( struct x509_certificate *cert, const char *name ) { in x509_check_name() argument
1520 struct asn1_cursor *common_name = &cert->subject.common_name; in x509_check_name()
1525 if ( x509_check_dnsname ( cert, common_name, name ) == 0 ) { in x509_check_name()
1526 DBGC2 ( cert, "X509 %p \"%s\" commonName matches \"%s\"\n", in x509_check_name()
1527 cert, x509_name ( cert ), name ); in x509_check_name()
1532 memcpy ( &alt_name, &cert->extensions.alt_name.names, in x509_check_name()
1535 if ( ( rc = x509_check_alt_name ( cert, &alt_name, in x509_check_name()
1537 DBGC2 ( cert, "X509 %p \"%s\" subjectAltName matches " in x509_check_name()
1538 "\"%s\"\n", cert, x509_name ( cert ), name ); in x509_check_name()
1543 DBGC ( cert, "X509 %p \"%s\" does not match name \"%s\"\n", in x509_check_name()
1544 cert, x509_name ( cert ), name ); in x509_check_name()
1563 x509_put ( link->cert ); in x509_free_chain()
1600 int x509_append ( struct x509_chain *chain, struct x509_certificate *cert ) { in x509_append() argument
1609 link->cert = x509_get ( cert ); in x509_append()
1612 chain, cert, x509_name ( cert ) ); in x509_append()
1627 struct x509_certificate *cert; in x509_append_raw() local
1631 if ( ( rc = x509_certificate ( data, len, &cert ) ) != 0 ) in x509_append_raw()
1635 if ( ( rc = x509_append ( chain, cert ) ) != 0 ) in x509_append_raw()
1639 x509_put ( cert ); in x509_append_raw()
1644 x509_put ( cert ); in x509_append_raw()
1660 struct x509_certificate *cert; in x509_find_subject() local
1666 cert = link->cert; in x509_find_subject()
1667 if ( asn1_compare ( subject, &cert->subject.raw ) == 0 ) in x509_find_subject()
1668 return cert; in x509_find_subject()
1685 struct x509_certificate *cert; in x509_auto_append() local
1690 cert = x509_last ( chain ); in x509_auto_append()
1691 if ( ! cert ) { in x509_auto_append()
1700 previous = cert; in x509_auto_append()
1701 cert = x509_find_subject ( certs, &cert->issuer.raw ); in x509_auto_append()
1702 if ( ! cert ) in x509_auto_append()
1704 if ( cert == previous ) in x509_auto_append()
1708 if ( ( rc = x509_append ( chain, cert ) ) != 0 ) in x509_auto_append()
1745 if ( ( rc = x509_validate ( link->cert, NULL, time, in x509_validate_chain()
1752 issuer = link->cert; in x509_validate_chain()
1757 if ( ( rc = x509_validate ( link->cert, issuer, time, in x509_validate_chain()
1760 issuer = link->cert; in x509_validate_chain()
1782 struct x509_certificate **cert ) { in image_x509() argument
1796 cert ) ) != 0 ) in image_x509()
1804 x509_put ( *cert ); in image_x509()