57 static void ssl_crypto_x509_cert_flush_cached_leaf(CERT *cert) {  in ssl_crypto_x509_cert_flush_cached_leaf()  argument
58   X509_free(cert->x509_leaf);  in ssl_crypto_x509_cert_flush_cached_leaf()
59   cert->x509_leaf = nullptr;  in ssl_crypto_x509_cert_flush_cached_leaf()
62 static void ssl_crypto_x509_cert_flush_cached_chain(CERT *cert) {  in ssl_crypto_x509_cert_flush_cached_chain()  argument
63   sk_X509_pop_free(cert->x509_chain, X509_free);  in ssl_crypto_x509_cert_flush_cached_chain()
64   cert->x509_chain = nullptr;  in ssl_crypto_x509_cert_flush_cached_chain()
67 // ssl_cert_set1_chain sets elements 1.. of |cert->chain| to the serialised
69 // which case no change to |cert->chain| is made. It preverses the existing
70 // leaf from |cert->chain|, if any.
71 static bool ssl_cert_set1_chain(CERT *cert, STACK_OF(X509) *chain) {  in ssl_cert_set1_chain()  argument
72   cert->legacy_credential->ClearIntermediateCerts();  in ssl_cert_set1_chain()
76         !cert->legacy_credential->AppendIntermediateCert(std::move(buffer))) {  in ssl_cert_set1_chain()
81   ssl_crypto_x509_cert_flush_cached_chain(cert);  in ssl_cert_set1_chain()
100 static void ssl_crypto_x509_cert_clear(CERT *cert) {  in ssl_crypto_x509_cert_clear()  argument
101   ssl_crypto_x509_cert_flush_cached_leaf(cert);  in ssl_crypto_x509_cert_clear()
102   ssl_crypto_x509_cert_flush_cached_chain(cert);  in ssl_crypto_x509_cert_clear()
104   X509_free(cert->x509_stash);  in ssl_crypto_x509_cert_clear()
105   cert->x509_stash = nullptr;  in ssl_crypto_x509_cert_clear()
108 static void ssl_crypto_x509_cert_free(CERT *cert) {  in ssl_crypto_x509_cert_free()  argument
109   ssl_crypto_x509_cert_clear(cert);  in ssl_crypto_x509_cert_free()
110   X509_STORE_free(cert->verify_store);  in ssl_crypto_x509_cert_free()
113 static void ssl_crypto_x509_cert_dup(CERT *new_cert, const CERT *cert) {  in ssl_crypto_x509_cert_dup()  argument
114   if (cert->verify_store != nullptr) {  in ssl_crypto_x509_cert_dup()
115     X509_STORE_up_ref(cert->verify_store);  in ssl_crypto_x509_cert_dup()
116     new_cert->verify_store = cert->verify_store;  in ssl_crypto_x509_cert_dup()
138   for (CRYPTO_BUFFER *cert : sess->certs.get()) {  in ssl_crypto_x509_session_cache_objects()
139     UniquePtr<X509> x509(X509_parse_from_buffer(cert));  in ssl_crypto_x509_session_cache_objects()
207   if (hs->config->cert->verify_store != nullptr) {  in ssl_crypto_x509_session_verify_cert_chain()
208     verify_store = hs->config->cert->verify_store;  in ssl_crypto_x509_session_verify_cert_chain()
290   SSL_CREDENTIAL *cred = hs->config->cert->legacy_credential.get();  in ssl_crypto_x509_ssl_auto_chain_if_needed()
561 static int ssl_use_certificate(CERT *cert, X509 *x) {  in ssl_use_certificate()  argument
572   return ssl_set_cert(cert, std::move(buffer));  in ssl_use_certificate()
580   return ssl_use_certificate(ssl->config->cert.get(), x);  in SSL_use_certificate()
585   return ssl_use_certificate(ctx->cert.get(), x);  in SSL_CTX_use_certificate()
588 // ssl_cert_cache_leaf_cert sets |cert->x509_leaf|, if currently NULL, from the
589 // first element of |cert->chain|.
590 static int ssl_cert_cache_leaf_cert(CERT *cert) {  in ssl_cert_cache_leaf_cert()  argument
591   assert(cert->x509_method);  in ssl_cert_cache_leaf_cert()
593   const SSL_CREDENTIAL *cred = cert->legacy_credential.get();  in ssl_cert_cache_leaf_cert()
594   if (cert->x509_leaf != NULL || cred->chain == NULL) {  in ssl_cert_cache_leaf_cert()
603   cert->x509_leaf = X509_parse_from_buffer(leaf);  in ssl_cert_cache_leaf_cert()
604   return cert->x509_leaf != NULL;  in ssl_cert_cache_leaf_cert()
607 static X509 *ssl_cert_get0_leaf(CERT *cert) {  in ssl_cert_get0_leaf()  argument
608   if (cert->x509_leaf == NULL &&  //  in ssl_cert_get0_leaf()
609       !ssl_cert_cache_leaf_cert(cert)) {  in ssl_cert_get0_leaf()
613   return cert->x509_leaf;  in ssl_cert_get0_leaf()
622   return ssl_cert_get0_leaf(ssl->config->cert.get());  in SSL_get_certificate()
628   return ssl_cert_get0_leaf(ctx->cert.get());  in SSL_CTX_get0_certificate()
631 static int ssl_cert_add1_chain_cert(CERT *cert, X509 *x509) {  in ssl_cert_add1_chain_cert()  argument
632   assert(cert->x509_method);  in ssl_cert_add1_chain_cert()
636       !cert->legacy_credential->AppendIntermediateCert(std::move(buffer))) {  in ssl_cert_add1_chain_cert()
640   ssl_crypto_x509_cert_flush_cached_chain(cert);  in ssl_cert_add1_chain_cert()
644 static int ssl_cert_add0_chain_cert(CERT *cert, X509 *x509) {  in ssl_cert_add0_chain_cert()  argument
645   if (!ssl_cert_add1_chain_cert(cert, x509)) {  in ssl_cert_add0_chain_cert()
649   X509_free(cert->x509_stash);  in ssl_cert_add0_chain_cert()
650   cert->x509_stash = x509;  in ssl_cert_add0_chain_cert()
656   if (!ssl_cert_set1_chain(ctx->cert.get(), chain)) {  in SSL_CTX_set0_chain()
665   return ssl_cert_set1_chain(ctx->cert.get(), chain);  in SSL_CTX_set1_chain()
673   if (!ssl_cert_set1_chain(ssl->config->cert.get(), chain)) {  in SSL_set0_chain()
685   return ssl_cert_set1_chain(ssl->config->cert.get(), chain);  in SSL_set1_chain()
690   return ssl_cert_add0_chain_cert(ctx->cert.get(), x509);  in SSL_CTX_add0_chain_cert()
695   return ssl_cert_add1_chain_cert(ctx->cert.get(), x509);  in SSL_CTX_add1_chain_cert()
708   return ssl_cert_add0_chain_cert(ssl->config->cert.get(), x509);  in SSL_add0_chain_cert()
716   return ssl_cert_add1_chain_cert(ssl->config->cert.get(), x509);  in SSL_add1_chain_cert()
734 // ssl_cert_cache_chain_certs fills in |cert->x509_chain| from elements 1.. of
735 // |cert->chain|.
736 static int ssl_cert_cache_chain_certs(CERT *cert) {  in ssl_cert_cache_chain_certs()  argument
737   assert(cert->x509_method);  in ssl_cert_cache_chain_certs()
739   const SSL_CREDENTIAL *cred = cert->legacy_credential.get();  in ssl_cert_cache_chain_certs()
740   if (cert->x509_chain != nullptr || cred->chain == nullptr ||  in ssl_cert_cache_chain_certs()
759   cert->x509_chain = chain.release();  in ssl_cert_cache_chain_certs()
766   if (!ssl_cert_cache_chain_certs(ctx->cert.get())) {  in SSL_CTX_get0_chain_certs()
771   *out_chain = ctx->cert->x509_chain;  in SSL_CTX_get0_chain_certs()
786   if (!ssl_cert_cache_chain_certs(ssl->config->cert.get())) {  in SSL_get0_chain_certs()
791   *out_chain = ssl->config->cert->x509_chain;  in SSL_get0_chain_certs()
1024   if (ssl->config->cert->legacy_credential->IsComplete() ||  in do_client_cert_cb()
1079   return set_cert_store(&ctx->cert->verify_store, store, 0);  in SSL_CTX_set0_verify_cert_store()
1084   return set_cert_store(&ctx->cert->verify_store, store, 1);  in SSL_CTX_set1_verify_cert_store()
1092   return set_cert_store(&ssl->config->cert->verify_store, store, 0);  in SSL_set0_verify_cert_store()
1100   return set_cert_store(&ssl->config->cert->verify_store, store, 1);  in SSL_set1_verify_cert_store()