Lines Matching refs:cert
492 X509 *cert = NULL; in load_cert_pass() local
499 cert = X509_load_http(uri, NULL, NULL, 0 /* timeout */); in load_cert_pass()
500 if (cert == NULL) { in load_cert_pass()
506 NULL, NULL, NULL, &cert, NULL, NULL, NULL); in load_cert_pass()
508 return cert; in load_cert_pass()
713 static void warn_cert_msg(const char *uri, X509 *cert, const char *msg) in warn_cert_msg() argument
715 char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); in warn_cert_msg()
722 static void warn_cert(const char *uri, X509 *cert, int warn_EE, in warn_cert() argument
725 uint32_t ex_flags = X509_get_extension_flags(cert); in warn_cert()
726 int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), in warn_cert()
727 X509_get0_notAfter(cert)); in warn_cert()
730 warn_cert_msg(uri, cert, res > 0 ? "has expired" : "not yet valid"); in warn_cert()
732 warn_cert_msg(uri, cert, "is not a CA cert"); in warn_cert()
2336 static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx, in adapt_keyid_ext() argument
2339 const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert); in adapt_keyid_ext()
2353 X509_delete_ext(cert, idx); in adapt_keyid_ext()
2358 rv = !add_default || X509_add_ext(cert, new_ext, -1); in adapt_keyid_ext()
2364 int cert_matches_key(const X509 *cert, const EVP_PKEY *pkey) in cert_matches_key() argument
2369 match = X509_check_private_key(cert, pkey); in cert_matches_key()
2375 int do_X509_sign(X509 *cert, int force_v1, EVP_PKEY *pkey, const char *md, in do_X509_sign() argument
2383 if (!X509_set_version(cert, X509_VERSION_3)) in do_X509_sign()
2391 if (!adapt_keyid_ext(cert, ext_ctx, "subjectKeyIdentifier", "hash", 1)) in do_X509_sign()
2394 self_sign = cert_matches_key(cert, pkey); in do_X509_sign()
2395 if (!adapt_keyid_ext(cert, ext_ctx, "authorityKeyIdentifier", in do_X509_sign()
2402 rv = (X509_sign_ctx(cert, mctx) > 0); in do_X509_sign()