Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
2da2ff50
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
2da2ff50
编写于
2月 25, 2010
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
tidy verify code. xn not used any more and check for self signed more efficiently
上级
fbd21640
变更
1
显示空白变更内容
内联
并排
Showing
1 changed file
with
14 addition
and
8 deletion
+14
-8
crypto/x509/x509_vfy.c
crypto/x509/x509_vfy.c
+14
-8
未找到文件。
crypto/x509/x509_vfy.c
浏览文件 @
2da2ff50
...
@@ -149,11 +149,19 @@ static int x509_subject_cmp(X509 **a, X509 **b)
...
@@ -149,11 +149,19 @@ static int x509_subject_cmp(X509 **a, X509 **b)
return X509_subject_name_cmp(*a,*b);
return X509_subject_name_cmp(*a,*b);
}
}
#endif
#endif
/* Return 1 is a certificate is self signed */
static
int
cert_self_signed
(
X509
*
x
)
{
X509_check_purpose
(
x
,
-
1
,
0
);
if
(
x
->
ex_flags
&
EXFLAG_SS
)
return
1
;
else
return
0
;
}
int
X509_verify_cert
(
X509_STORE_CTX
*
ctx
)
int
X509_verify_cert
(
X509_STORE_CTX
*
ctx
)
{
{
X509
*
x
,
*
xtmp
,
*
chain_ss
=
NULL
;
X509
*
x
,
*
xtmp
,
*
chain_ss
=
NULL
;
X509_NAME
*
xn
;
int
bad_chain
=
0
;
int
bad_chain
=
0
;
X509_VERIFY_PARAM
*
param
=
ctx
->
param
;
X509_VERIFY_PARAM
*
param
=
ctx
->
param
;
int
depth
,
i
,
ok
=
0
;
int
depth
,
i
,
ok
=
0
;
...
@@ -205,8 +213,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
...
@@ -205,8 +213,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
*/
*/
/* If we are self signed, we break */
/* If we are self signed, we break */
xn
=
X509_get_issuer_name
(
x
);
if
(
cert_self_signed
(
x
))
if
(
ctx
->
check_issued
(
ctx
,
x
,
x
))
break
;
break
;
/* If we were passed a cert chain, use it first */
/* If we were passed a cert chain, use it first */
if
(
ctx
->
untrusted
!=
NULL
)
if
(
ctx
->
untrusted
!=
NULL
)
...
@@ -242,8 +250,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
...
@@ -242,8 +250,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
i
=
sk_X509_num
(
ctx
->
chain
);
i
=
sk_X509_num
(
ctx
->
chain
);
x
=
sk_X509_value
(
ctx
->
chain
,
i
-
1
);
x
=
sk_X509_value
(
ctx
->
chain
,
i
-
1
);
xn
=
X509_get_subject_name
(
x
);
if
(
cert_self_signed
(
x
))
if
(
ctx
->
check_issued
(
ctx
,
x
,
x
))
{
{
/* we have a self signed certificate */
/* we have a self signed certificate */
if
(
sk_X509_num
(
ctx
->
chain
)
==
1
)
if
(
sk_X509_num
(
ctx
->
chain
)
==
1
)
...
@@ -291,8 +298,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
...
@@ -291,8 +298,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
if
(
depth
<
num
)
break
;
if
(
depth
<
num
)
break
;
/* If we are self signed, we break */
/* If we are self signed, we break */
xn
=
X509_get_issuer_name
(
x
);
if
(
cert_self_signed
(
x
))
if
(
ctx
->
check_issued
(
ctx
,
x
,
x
))
break
;
break
;
ok
=
ctx
->
get_issuer
(
&
xtmp
,
ctx
,
x
);
ok
=
ctx
->
get_issuer
(
&
xtmp
,
ctx
,
x
);
...
@@ -310,7 +317,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
...
@@ -310,7 +317,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
}
}
/* we now have our chain, lets check it... */
/* we now have our chain, lets check it... */
xn
=
X509_get_issuer_name
(
x
);
i
=
check_trust
(
ctx
);
i
=
check_trust
(
ctx
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录