Home
last modified time | relevance | path

Searched refs:crl (Results 1 – 25 of 63) sorted by relevance

123

/openbsd/src/lib/libcrypto/asn1/
Dx_crl.c73 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
190 crl_set_issuers(X509_CRL *crl) in crl_set_issuers() argument
196 revoked = X509_CRL_get_REVOKED(crl); in crl_set_issuers()
207 crl->flags |= EXFLAG_INVALID; in crl_set_issuers()
213 if (!crl->issuers) { in crl_set_issuers()
214 crl->issuers = sk_GENERAL_NAMES_new_null(); in crl_set_issuers()
215 if (!crl->issuers) in crl_set_issuers()
218 if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) in crl_set_issuers()
226 crl->flags |= EXFLAG_INVALID; in crl_set_issuers()
246 crl->flags |= EXFLAG_CRITICAL; in crl_set_issuers()
[all …]
/openbsd/src/usr.sbin/rpki-client/
Dcrl.c172 struct crl *
176 struct crl *crl; in crl_parse() local
185 if ((crl = calloc(1, sizeof(*crl))) == NULL) in crl_parse()
189 if ((crl->x509_crl = d2i_X509_CRL(NULL, &der, len)) == NULL) { in crl_parse()
198 if (X509_CRL_get_version(crl->x509_crl) != 1) { in crl_parse()
203 if ((name = X509_CRL_get_issuer(crl->x509_crl)) == NULL) { in crl_parse()
210 if ((nid = X509_CRL_get_signature_nid(crl->x509_crl)) == NID_undef) { in crl_parse()
227 if ((count = X509_CRL_get_ext_count(crl->x509_crl)) != 2) { in crl_parse()
232 if (!crl_check_crl_number(fn, crl->x509_crl)) in crl_parse()
234 if ((crl->aki = crl_get_aki(fn, crl->x509_crl)) == NULL) in crl_parse()
[all …]
Dparser.c173 struct crl *crl; in proc_parser_roa() local
182 crl = crl_get(&crlt, a); in proc_parser_roa()
184 if (!valid_x509(file, ctx, x509, a, crl, &errstr)) { in proc_parser_roa()
215 struct crl *crl; in proc_parser_spl() local
224 crl = crl_get(&crlt, a); in proc_parser_spl()
226 if (!valid_x509(file, ctx, x509, a, crl, &errstr)) { in proc_parser_spl()
295 static struct crl *
299 struct crl *crl = NULL; in parse_load_crl_from_mft() local
306 fn = parse_filepath(entp->repoid, entp->path, mft->crl, loc); in parse_load_crl_from_mft()
320 crl = crl_parse(fn, f, flen); in parse_load_crl_from_mft()
[all …]
Dfilemode.c103 struct crl *crl; in parse_load_crl() local
121 crl = crl_parse(uri, f, flen); in parse_load_crl()
122 if (crl != NULL && !crl_insert(&crlt, crl)) in parse_load_crl()
123 crl_free(crl); in parse_load_crl()
167 parse_load_crl(cert->crl); in parse_load_cert()
188 struct crl *crl; in parse_load_certchain() local
222 crl = crl_get(&crlt, a); in parse_load_certchain()
223 if (!valid_x509(uri, ctx, cert->x509, a, crl, &errstr) || in parse_load_certchain()
314 print_signature_path(const char *crl, const char *aia, const struct auth *a) in print_signature_path() argument
316 if (crl != NULL) in print_signature_path()
[all …]
Dvalidate.c335 build_crls(const struct crl *crl, STACK_OF(X509_CRL) **crls) in build_crls() argument
339 if (crl == NULL) in build_crls()
343 if (!sk_X509_CRL_push(*crls, crl->x509_crl)) in build_crls()
352 pretty_revocation_time(X509 *x509, X509_CRL *crl, const char **errstr) in pretty_revocation_time() argument
359 if (X509_CRL_get0_by_cert(crl, &revoked, x509) != 1) in pretty_revocation_time()
377 struct crl *crl, const char **errstr) in valid_x509() argument
388 build_crls(crl, &crls); in valid_x509()
422 pretty_revocation_time(x509, crl->x509_crl, errstr); in valid_x509()
Dx509.c872 char *crl = NULL; in x509_get_crl() local
876 if (!x509_location(fn, "CRL distribution point", name, &crl)) in x509_get_crl()
879 if (*out_crl == NULL && strncasecmp(crl, RSYNC_PROTO, in x509_get_crl()
881 *out_crl = crl; in x509_get_crl()
886 fn, crl); in x509_get_crl()
887 free(crl); in x509_get_crl()
1107 struct crl *crl; in x509_find_expires() local
1115 crl = crl_get(crlt, a); in x509_find_expires()
1116 if (crl != NULL && expires > crl->nextupdate) in x509_find_expires()
1117 expires = crl->nextupdate; in x509_find_expires()
Dextern.h135 char *crl; /* CRL location (rsync:// or NULL) */ member
213 char *crl; /* CRL file name */ member
484 struct crl { struct
485 RB_ENTRY(crl) entry;
495 RB_HEAD(crl_tree, crl); argument
742 struct crl *crl_parse(const char *, const unsigned char *, size_t);
743 struct crl *crl_get(struct crl_tree *, const struct auth *);
744 int crl_insert(struct crl_tree *, struct crl *);
745 void crl_free(struct crl *);
758 struct crl *, const char **);
[all …]
/openbsd/src/lib/libcrypto/x509/
Dx509cset.c87 if (x->crl->version == NULL) { in X509_CRL_set_version()
88 if ((x->crl->version = ASN1_INTEGER_new()) == NULL) in X509_CRL_set_version()
91 return ASN1_INTEGER_set(x->crl->version, version); in X509_CRL_set_version()
98 if (x == NULL || x->crl == NULL) in X509_CRL_set_issuer_name()
100 return X509_NAME_set(&x->crl->issuer, name); in X509_CRL_set_issuer_name()
111 in = x->crl->lastUpdate; in X509_CRL_set_lastUpdate()
115 ASN1_TIME_free(x->crl->lastUpdate); in X509_CRL_set_lastUpdate()
116 x->crl->lastUpdate = in; in X509_CRL_set_lastUpdate()
137 in = x->crl->nextUpdate; in X509_CRL_set_nextUpdate()
141 ASN1_TIME_free(x->crl->nextUpdate); in X509_CRL_set_nextUpdate()
[all …]
Dx509_vfy.c119 static int x509_vfy_check_crl(X509_STORE_CTX *ctx, X509_CRL *crl);
120 static int x509_vfy_cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
130 unsigned int *preasons, X509_CRL *crl, X509 *x);
135 static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
137 static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
938 X509_CRL *crl = NULL, *dcrl = NULL; in check_cert() local
952 ok = get_crl_delta(ctx, &crl, &dcrl, x); in check_cert()
958 ctx->current_crl = crl; in check_cert()
959 ok = x509_vfy_check_crl(ctx, crl); in check_cert()
975 ok = x509_vfy_cert_crl(ctx, crl, x); in check_cert()
[all …]
Dx509_ext.c69 return X509v3_get_ext_count(x->crl->extensions); in X509_CRL_get_ext_count()
76 return X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos); in X509_CRL_get_ext_by_NID()
83 return X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos); in X509_CRL_get_ext_by_OBJ()
90 return X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos); in X509_CRL_get_ext_by_critical()
97 return X509v3_get_ext(x->crl->extensions, loc); in X509_CRL_get_ext()
104 return X509v3_delete_ext(x->crl->extensions, loc); in X509_CRL_delete_ext()
111 return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); in X509_CRL_get_ext_d2i()
119 return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); in X509_CRL_add1_ext_i2d()
126 return X509v3_add_ext(&x->crl->extensions, ex, loc) != NULL; in X509_CRL_add_ext()
Dx_all.c107 d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) in d2i_X509_CRL_bio() argument
109 return ASN1_item_d2i_bio(&X509_CRL_it, bp, crl); in d2i_X509_CRL_bio()
114 i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) in i2d_X509_CRL_bio() argument
116 return ASN1_item_i2d_bio(&X509_CRL_it, bp, crl); in i2d_X509_CRL_bio()
121 d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) in d2i_X509_CRL_fp() argument
123 return ASN1_item_d2i_fp(&X509_CRL_it, fp, crl); in d2i_X509_CRL_fp()
128 i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) in i2d_X509_CRL_fp() argument
130 return ASN1_item_i2d_fp(&X509_CRL_it, fp, crl); in i2d_X509_CRL_fp()
464 x->crl->enc.modified = 1; in X509_CRL_sign()
465 return ASN1_item_sign(&X509_CRL_INFO_it, x->crl->sig_alg, in X509_CRL_sign()
[all …]
Dby_dir.c265 } crl; in get_cert_by_subject() member
284 data.crl.st_crl.crl = &data.crl.st_crl_info; in get_cert_by_subject()
285 data.crl.st_crl_info.issuer = name; in get_cert_by_subject()
286 stmp.data.crl = &data.crl.st_crl; in get_cert_by_subject()
Dx509.h269 X509_CRL *crl; member
318 int X509_CRL_get_signature_nid(const X509_CRL *crl);
322 const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
323 long X509_CRL_get_version(const X509_CRL *crl);
324 const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
325 const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
326 ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
327 ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
328 X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
329 STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
[all …]
Dx509_lu.c133 return X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); in x509_object_cmp()
196 X509_CRL_free(a->data.crl); in X509_OBJECT_free()
401 obj->data.crl = x; in X509_STORE_add_crl()
414 return X509_CRL_up_ref(a->data.crl); in X509_OBJECT_up_ref_count()
446 stmp.data.crl = &crl_s; in x509_object_idx_cnt()
447 crl_s.crl = &crl_info_s; in x509_object_idx_cnt()
505 return xo->data.crl; in X509_OBJECT_get0_X509_CRL()
605 x = obj->data.crl; in STACK_OF()
645 if (!X509_CRL_match(obj->data.crl, x->data.crl)) in X509_OBJECT_retrieve_match()
Dx509_conf.c379 X509_CRL *crl) in X509V3_EXT_CRL_add_nconf() argument
383 if (crl) in X509V3_EXT_CRL_add_nconf()
384 sk = &crl->crl->extensions; in X509V3_EXT_CRL_add_nconf()
432 X509_CRL *crl, int flags) in X509V3_set_ctx() argument
436 ctx->crl = crl; in X509V3_set_ctx()
Dby_mem.c119 if (itmp->crl) { in by_mem_ctrl()
120 ok = X509_STORE_add_crl(lu->store_ctx, itmp->crl); in by_mem_ctrl()
/openbsd/src/usr.bin/openssl/
Dcerthash.c334 X509_CRL *crl = NULL; in certhash_crl() local
338 if ((crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL)) == NULL) in certhash_crl()
341 hash = X509_NAME_hash(X509_CRL_get_issuer(crl)); in certhash_crl()
344 if (X509_CRL_digest(crl, digest, fingerprint, &len) != 1) { in certhash_crl()
352 X509_CRL_free(crl); in certhash_crl()
434 struct hashinfo *cert, *crl; in certhash_merge() local
450 for (crl = *crls; crl != NULL; crl = crl->next) { in certhash_merge()
451 if (crl->is_dup == 1) in certhash_merge()
453 certhash_findlink(*links, crl); in certhash_merge()
463 for (crl = *crls; crl != NULL; crl = crl->next) { in certhash_merge()
[all …]
Dcrl2p7.c167 X509_CRL *crl = NULL; in crl2pkcs7_main() local
204 crl = d2i_X509_CRL_bio(in, NULL); in crl2pkcs7_main()
206 crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); in crl2pkcs7_main()
212 if (crl == NULL) { in crl2pkcs7_main()
230 p7s->crl = crl_stack; in crl2pkcs7_main()
231 if (crl != NULL) { in crl2pkcs7_main()
232 if (!sk_X509_CRL_push(crl_stack, crl)) in crl2pkcs7_main()
234 crl = NULL; in crl2pkcs7_main()
282 X509_CRL_free(crl); in crl2pkcs7_main()
Dpkcs7.c221 crls = p7->d.sign->crl; in pkcs7_main()
227 crls = p7->d.signed_and_enveloped->crl; in pkcs7_main()
250 X509_CRL *crl; in pkcs7_main() local
253 crl = sk_X509_CRL_value(crls, i); in pkcs7_main()
255 X509_CRL_print(out, crl); in pkcs7_main()
258 PEM_write_bio_X509_CRL(out, crl); in pkcs7_main()
/openbsd/src/regress/usr.sbin/rpki-client/
DMakefile.inc30 validate.c as.c cert.c cms.c crl.c mft.c json.c \
39 SRCS_test-cert+= test-cert.c cert.c cms.c crl.c x509.c ip.c as.c io.c \
46 SRCS_test-mft+= test-mft.c mft.c crl.c cms.c x509.c ip.c io.c validate.c \
53 encoding.c print.c validate.c cert.c crl.c mft.c repo-dummy.c \
59 encoding.c print.c validate.c cert.c crl.c mft.c json.c \
64 SRCS_test-gbr+= test-gbr.c gbr.c cms.c crl.c x509.c ip.c io.c \
71 encoding.c print.c validate.c as.c cert.c crl.c mft.c json.c \
77 encoding.c print.c crl.c x509.c json.c cert.c as.c mft.c \
83 encoding.c print.c validate.c cert.c crl.c mft.c repo-dummy.c \
89 encoding.c print.c validate.c cert.c crl.c mft.c json.c \
[all …]
/openbsd/src/lib/libssl/test/
DCAss.cnf36 crl_dir = $dir/crl # Where the issued crl are kept
44 crl = $dir/crl.pem # The current CRL
Dtest.cnf17 crl_dir = $dir/crl # Where the issued crl are kept
23 crl = $dir/crl.pem # The current CRL
/openbsd/src/lib/libcrypto/cms/
Dcms_lib.c618 CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) in CMS_add0_crl() argument
626 rch->d.crl = crl; in CMS_add0_crl()
633 CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) in CMS_add1_crl() argument
637 r = CMS_add0_crl(cms, crl); in CMS_add1_crl()
639 X509_CRL_up_ref(crl); in CMS_add1_crl()
694 if (!sk_X509_CRL_push(crls, rch->d.crl)) { in STACK_OF()
698 X509_CRL_up_ref(rch->d.crl); in STACK_OF()
/openbsd/src/lib/libcrypto/pkcs7/
Dpk7_lib.c340 PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) in PKCS7_add_crl() argument
348 sk = &(p7->d.sign->crl); in PKCS7_add_crl()
351 sk = &(p7->d.signed_and_enveloped->crl); in PKCS7_add_crl()
365 CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); in PKCS7_add_crl()
366 if (!sk_X509_CRL_push(*sk, crl)) { in PKCS7_add_crl()
367 X509_CRL_free(crl); in PKCS7_add_crl()
/openbsd/src/lib/libssl/doc/
Dopenssl.cnf43 crl_dir = $dir/crl # Where the issued crl are kept
51 crlnumber = $dir/crlnumber # the current crl number
53 crl = $dir/crl.pem # The current CRL
205 #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
310 #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem

123