int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
{
- int i;
if (ctx->certs)
{
ctx->certs = NULL;
}
if (!certs) return 1;
- if (!(ctx->certs = sk_X509_dup(certs)))
+ if (!(ctx->certs = X509_chain_up_ref(certs)))
{
TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
return 0;
}
- for (i = 0; i < sk_X509_num(ctx->certs); ++i)
- {
- X509 *cert = sk_X509_value(ctx->certs, i);
- CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509);
- }
return 1;
}
return x->cert_info->key->public_key;
}
+
int X509_check_private_key(X509 *x, EVP_PKEY *k)
{
EVP_PKEY *xk;
sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm);
return check_suite_b(pk, sign_nid, &flags);
}
-
+/* Not strictly speaking an "up_ref" as a STACK doesn't have a reference
+ * count but it has the same effect by duping the STACK and upping the ref
+ * of each X509 structure.
+ */
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
+ {
+ STACK_OF(X509) *ret;
+ int i;
+ ret = sk_X509_dup(chain);
+ for (i = 0; i < sk_X509_num(ret); i++)
+ {
+ X509 *x = sk_X509_value(ret, i);
+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ }
+ return ret;
+ }
if (cpk->chain)
{
- int j;
- rpk->chain = sk_X509_dup(cpk->chain);
+ rpk->chain = X509_chain_up_ref(cpk->chain);
if (!rpk->chain)
{
SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
goto err;
}
- for (j = 0; j < sk_X509_num(rpk->chain); j++)
- {
- X509 *x = sk_X509_value(rpk->chain, j);
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- }
}
rpk->valid_flags = 0;
if (cert->pkeys[i].authz != NULL)
int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain)
{
STACK_OF(X509) *dchain;
- X509 *x;
- int i;
if (!chain)
return ssl_cert_set0_chain(c, NULL);
- dchain = sk_X509_dup(chain);
+ dchain = X509_chain_up_ref(chain);
if (!dchain)
return 0;
- for (i = 0; i < sk_X509_num(dchain); i++)
- {
- x = sk_X509_value(dchain, i);
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- }
if (!ssl_cert_set0_chain(c, dchain))
{
sk_X509_pop_free(dchain, X509_free);
projects / oweals / openssl.git / commitdiff