Fix indent issue with functions using STACK_OF

[oweals/openssl.git] / crypto / x509 / x509_lu.c

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 3a6e04a1deea41846f36a05dfefd361139ff40b9..ec75035ce345952a9b6db18927e29f86d3a9d4c7 100644 (file)
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -61,6 +61,7 @@
 #include <openssl/lhash.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "x509_lcl.h"
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
        {
@@ -87,7 +88,7 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
        if (ctx == NULL) return;
        if (    (ctx->method != NULL) &&
                (ctx->method->free != NULL))
-               ctx->method->free(ctx);
+               (*ctx->method->free)(ctx);
        OPENSSL_free(ctx);
        }
 
@@ -238,6 +239,19 @@ void X509_STORE_free(X509_STORE *vfy)
        if (vfy == NULL)
            return;
 
+       i=CRYPTO_add(&vfy->references,-1,CRYPTO_LOCK_X509_STORE);
+#ifdef REF_PRINT
+       REF_PRINT("X509_STORE",vfy);
+#endif
+       if (i > 0) return;
+#ifdef REF_CHECK
+       if (i < 0)
+               {
+               fprintf(stderr,"X509_STORE_free, bad reference count\n");
+               abort(); /* ok */
+               }
+#endif
+
        sk=vfy->get_cert_methods;
        for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
                {
@@ -320,7 +334,7 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
                        return 0;
                }
 
-/*     if (ret->data.ptr != NULL)
+/*-    if (ret->data.ptr != NULL)
                X509_OBJECT_free_contents(ret); */
 
        ret->type=tmp->type;
@@ -485,7 +499,7 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
        return sk_X509_OBJECT_value(h, idx);
        }
 
-STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
        {
        int i, idx, cnt;
        STACK_OF(X509) *sk;
@@ -534,7 +548,7 @@ STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
 
        }
 
-STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
+STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
        {
        int i, idx, cnt;
        STACK_OF(X509_CRL) *sk;
@@ -610,7 +624,8 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
        }
 
 
-/* Try to get issuer certificate from store. Due to limitations
+/*-
+ * Try to get issuer certificate from store. Due to limitations
  * of the API this can only retrieve a single certificate matching
  * a given subject name. However it will fill the cache with all
  * matching certificates, so we can examine the cache for all
@@ -626,6 +641,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
        X509_NAME *xn;
        X509_OBJECT obj, *pobj;
        int i, ok, idx, ret;
+       *issuer = NULL;
        xn=X509_get_issuer_name(x);
        ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
        if (ok != X509_LU_X509)
@@ -647,8 +663,11 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
        /* If certificate matches all OK */
        if (ctx->check_issued(ctx, x, obj.data.x509))
                {
-               *issuer = obj.data.x509;
-               return 1;
+               if (x509_check_cert_time(ctx, obj.data.x509, 1))
+                       {
+                       *issuer = obj.data.x509;
+                       return 1;
+                       }
                }
        X509_OBJECT_free_contents(&obj);
 
@@ -670,13 +689,22 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
                        if (ctx->check_issued(ctx, x, pobj->data.x509))
                                {
                                *issuer = pobj->data.x509;
-                               X509_OBJECT_up_ref_count(pobj);
                                ret = 1;
-                               break;
+                               /*
+                                * If times check, exit with match,
+                                * otherwise keep looking. Leave last
+                                * match in issuer so we return nearest
+                                * match if no certificate time is OK.
+                                */
+
+                               if (x509_check_cert_time(ctx, *issuer, 1))
+                                       break;
                                }
                        }
                }
        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+       if (*issuer)
+               CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
        return ret;
        }
 
@@ -712,5 +740,16 @@ void X509_STORE_set_verify_cb(X509_STORE *ctx,
        ctx->verify_cb = verify_cb;
        }
 
+void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
+               STACK_OF(X509_CRL)* (*cb)(X509_STORE_CTX *ctx, X509_NAME *nm))
+       {
+       ctx->lookup_crls = cb;
+       }
+
+X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
+       {
+       return ctx->ctx;
+       }
+
 IMPLEMENT_STACK_OF(X509_LOOKUP)
 IMPLEMENT_STACK_OF(X509_OBJECT)