#include <openssl/lhash.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#include "x509_lcl.h"
X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
{
if (ctx == NULL) return;
if ( (ctx->method != NULL) &&
(ctx->method->free != NULL))
- ctx->method->free(ctx);
+ (*ctx->method->free)(ctx);
OPENSSL_free(ctx);
}
if (vfy == NULL)
return;
+ i=CRYPTO_add(&vfy->references,-1,CRYPTO_LOCK_X509_STORE);
+#ifdef REF_PRINT
+ REF_PRINT("X509_STORE",vfy);
+#endif
+ if (i > 0) return;
+#ifdef REF_CHECK
+ if (i < 0)
+ {
+ fprintf(stderr,"X509_STORE_free, bad reference count\n");
+ abort(); /* ok */
+ }
+#endif
+
sk=vfy->get_cert_methods;
for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
{
return 0;
}
-/* if (ret->data.ptr != NULL)
+/*- if (ret->data.ptr != NULL)
X509_OBJECT_free_contents(ret); */
ret->type=tmp->type;
return sk_X509_OBJECT_value(h, idx);
}
-STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
{
int i, idx, cnt;
STACK_OF(X509) *sk;
}
-STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
+STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
{
int i, idx, cnt;
STACK_OF(X509_CRL) *sk;
}
-/* Try to get issuer certificate from store. Due to limitations
+/*-
+ * Try to get issuer certificate from store. Due to limitations
* of the API this can only retrieve a single certificate matching
* a given subject name. However it will fill the cache with all
* matching certificates, so we can examine the cache for all
X509_NAME *xn;
X509_OBJECT obj, *pobj;
int i, ok, idx, ret;
+ *issuer = NULL;
xn=X509_get_issuer_name(x);
ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
if (ok != X509_LU_X509)
/* If certificate matches all OK */
if (ctx->check_issued(ctx, x, obj.data.x509))
{
- *issuer = obj.data.x509;
- return 1;
+ if (x509_check_cert_time(ctx, obj.data.x509, 1))
+ {
+ *issuer = obj.data.x509;
+ return 1;
+ }
}
X509_OBJECT_free_contents(&obj);
if (ctx->check_issued(ctx, x, pobj->data.x509))
{
*issuer = pobj->data.x509;
- X509_OBJECT_up_ref_count(pobj);
ret = 1;
- break;
+ /*
+ * If times check, exit with match,
+ * otherwise keep looking. Leave last
+ * match in issuer so we return nearest
+ * match if no certificate time is OK.
+ */
+
+ if (x509_check_cert_time(ctx, *issuer, 1))
+ break;
}
}
}
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ if (*issuer)
+ CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
return ret;
}
ctx->verify_cb = verify_cb;
}
+void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
+ STACK_OF(X509_CRL)* (*cb)(X509_STORE_CTX *ctx, X509_NAME *nm))
+ {
+ ctx->lookup_crls = cb;
+ }
+
+X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
+ {
+ return ctx->ctx;
+ }
+
IMPLEMENT_STACK_OF(X509_LOOKUP)
IMPLEMENT_STACK_OF(X509_OBJECT)