Lines Matching refs:crl
57 CRLCertificateList crl; member
155 free_CRLCertificateList(&(*ctx)->crls.val[i].crl); in hx509_revoke_free()
457 CRLCertificateList *crl, in verify_crl() argument
467 t = _hx509_Time2time_t(&crl->tbsCertList.thisUpdate); in verify_crl()
474 if (crl->tbsCertList.nextUpdate == NULL) { in verify_crl()
480 t = _hx509_Time2time_t(crl->tbsCertList.nextUpdate); in verify_crl()
498 q.subject_name = &crl->tbsCertList.issuer; in verify_crl()
510 &crl->signatureAlgorithm, in verify_crl()
511 &crl->tbsCertList._save, in verify_crl()
512 &crl->signatureValue); in verify_crl()
564 load_crl(const char *path, time_t *t, CRLCertificateList *crl) in load_crl() argument
571 memset(crl, 0, sizeof(*crl)); in load_crl()
583 ret = decode_CRLCertificateList(data, length, crl, &size); in load_crl()
589 if (crl->signatureValue.length & 7) { in load_crl()
590 free_CRLCertificateList(crl); in load_crl()
649 &ctx->crls.val[ctx->crls.len].crl); in hx509_revoke_add_crl()
770 struct revoke_crl *crl = &ctx->crls.val[i]; in hx509_revoke_verify() local
776 &crl->crl.tbsCertList.issuer, &diff); in hx509_revoke_verify()
780 ret = stat(crl->path, &sb); in hx509_revoke_verify()
781 if (ret == 0 && crl->last_modfied != sb.st_mtime) { in hx509_revoke_verify()
784 ret = load_crl(crl->path, &crl->last_modfied, &cl); in hx509_revoke_verify()
786 free_CRLCertificateList(&crl->crl); in hx509_revoke_verify()
787 crl->crl = cl; in hx509_revoke_verify()
788 crl->verified = 0; in hx509_revoke_verify()
789 crl->failed_verify = 0; in hx509_revoke_verify()
792 if (crl->failed_verify) in hx509_revoke_verify()
796 if (crl->verified == 0) { in hx509_revoke_verify()
797 ret = verify_crl(context, ctx, &crl->crl, now, certs, parent_cert); in hx509_revoke_verify()
799 crl->failed_verify = 1; in hx509_revoke_verify()
802 crl->verified = 1; in hx509_revoke_verify()
805 if (crl->crl.tbsCertList.crlExtensions) { in hx509_revoke_verify()
806 for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++) { in hx509_revoke_verify()
807 if (crl->crl.tbsCertList.crlExtensions->val[j].critical) { in hx509_revoke_verify()
816 if (crl->crl.tbsCertList.revokedCertificates == NULL) in hx509_revoke_verify()
820 for (j = 0; j < crl->crl.tbsCertList.revokedCertificates->len; j++) { in hx509_revoke_verify()
823 ret = der_heim_integer_cmp(&crl->crl.tbsCertList.revokedCertificates->val[j].userCertificate, in hx509_revoke_verify()
828 t = _hx509_Time2time_t(&crl->crl.tbsCertList.revokedCertificates->val[j].revocationDate); in hx509_revoke_verify()
832 if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions) in hx509_revoke_verify()
833 for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++) in hx509_revoke_verify()
834 if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical) in hx509_revoke_verify()
1296 hx509_crl_alloc(hx509_context context, hx509_crl *crl) in hx509_crl_alloc() argument
1300 *crl = calloc(1, sizeof(**crl)); in hx509_crl_alloc()
1301 if (*crl == NULL) { in hx509_crl_alloc()
1306 ret = hx509_certs_init(context, "MEMORY:crl", 0, NULL, &(*crl)->revoked); in hx509_crl_alloc()
1308 free(*crl); in hx509_crl_alloc()
1309 *crl = NULL; in hx509_crl_alloc()
1312 (*crl)->expire = 0; in hx509_crl_alloc()
1330 hx509_crl crl, in hx509_crl_add_revoked_certs() argument
1333 return hx509_certs_merge(context, crl->revoked, certs); in hx509_crl_add_revoked_certs()
1350 hx509_crl_lifetime(hx509_context context, hx509_crl crl, int delta) in hx509_crl_lifetime() argument
1352 crl->expire = time(NULL) + delta; in hx509_crl_lifetime()
1366 hx509_crl_free(hx509_context context, hx509_crl *crl) in hx509_crl_free() argument
1368 if (*crl == NULL) in hx509_crl_free()
1370 hx509_certs_free(&(*crl)->revoked); in hx509_crl_free()
1371 memset(*crl, 0, sizeof(**crl)); in hx509_crl_free()
1372 free(*crl); in hx509_crl_free()
1373 *crl = NULL; in hx509_crl_free()
1427 hx509_crl crl, in hx509_crl_sign() argument
1478 time_t next = crl->expire; in hx509_crl_sign()
1495 ret = hx509_certs_iter_f(context, crl->revoked, add_revoked, &c.tbsCertList); in hx509_crl_sign()