181 	const CERT_CONTEXT *cert;
304 	if (priv->cert)
305 		CertFreeCertificateContext(priv->cert);
332 	if (strncmp(name, "cert://", 7) == 0) {
367 	X509 *cert = NULL;
373 	    (strncmp(name, "cert://", 7) != 0 &&
387 	priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER);
388 	if (priv->cert == NULL) {
389 		priv->cert = cryptoapi_find_cert(
392 	if (priv->cert == NULL) {
398 	cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded,
399 			priv->cert->cbCertEncoded);
400 	if (cert == NULL) {
406 	if (!CryptAcquireCertificatePrivateKey(priv->cert,
432 	if (!SSL_use_certificate(ssl, cert)) {
437 	pub_rsa = cert->cert_info->key->pkey->pkey.rsa;
438 	X509_free(cert);
439 	cert = NULL;
453 	if (cert)
454 		X509_free(cert);
469 	X509 *cert;
491 		wpa_printf(MSG_DEBUG, "%s: failed to open system cert store "
498 		cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded,
500 		if (cert == NULL) {
502 				   "X509 DER encoding for CA cert");
506 		X509_NAME_oneline(X509_get_subject_name(cert), buf,
511 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
517 		X509_free(cert);
521 		wpa_printf(MSG_DEBUG, "%s: failed to close system cert store "
909 	/* load private key first in-case PIN is required for cert */
1077 static int tls_match_altsubject_component(X509 *cert, int type,
1084 	ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1099 static int tls_match_altsubject(X509 *cert, const char *match)
1133 		if (tls_match_altsubject_component(cert, type, pos, len) > 0)
1180 static struct wpabuf * get_x509_cert(X509 *cert)
1185 	int cert_len = i2d_X509(cert, NULL);
1194 	i2d_X509(cert, &tmp);
1205 	struct wpabuf *cert = NULL;
1211 	cert = get_x509_cert(err_cert);
1218 	ev.cert_fail.cert = cert;
1220 	wpabuf_free(cert);
1228 	struct wpabuf *cert = NULL;
1240 		cert = get_x509_cert(err_cert);
1241 		ev.peer_cert.cert = cert;
1244 	if (cert) {
1247 		addr[0] = wpabuf_head(cert);
1248 		len[0] = wpabuf_len(cert);
1258 	wpabuf_free(cert);
1309 		struct wpabuf *cert;
1310 		cert = get_x509_cert(err_cert);
1311 		if (!cert) {
1319 			addr[0] = wpabuf_head(cert);
1320 			len[0] = wpabuf_len(cert);
1327 			wpabuf_free(cert);
1402 				   "cert already in hash table error",
1473 		X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
1475 		if (cert == NULL) {
1481 		if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1490 					   "cert already in hash table error",
1493 				X509_free(cert);
1497 		X509_free(cert);
1787 	X509 *cert;
1793 	cert = NULL;
1795 	if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
1803 	if (cert) {
1804 		X509_NAME_oneline(X509_get_subject_name(cert), buf,
1809 			if (SSL_use_certificate(ssl, cert) != 1)
1812 			if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1)
1815 		X509_free(cert);
1831 		while ((cert = sk_X509_pop(certs)) != NULL) {
1832 			X509_NAME_oneline(X509_get_subject_name(cert), buf,
1837 			 * There is no SSL equivalent for the chain cert - so
1840 			if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) {
1914 			       X509 **cert)
1919 		X509 *cert;
1922 	params.cert = NULL;
1926 		wpa_printf(MSG_ERROR, "ENGINE: cannot load client cert with id"
1931 	if (!params.cert) {
1932 		wpa_printf(MSG_ERROR, "ENGINE: did not properly cert with id"
1936 	*cert = params.cert;
1946 	X509 *cert;
1948 	if (tls_engine_get_cert(conn, cert_id, &cert))
1951 	if (!SSL_use_certificate(conn->ssl, cert)) {
1954                 X509_free(cert);
1957 	X509_free(cert);
1973 	X509 *cert;
1976 	if (tls_engine_get_cert(conn, ca_cert_id, &cert))
1985 		X509_free(cert);
1988 	if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) {
1995 			wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring cert"
1999 			X509_free(cert);
2003 	X509_free(cert);

Indexes created Thu Jun 05 08:14:15 CEST 2014