• Home
  • Raw
  • Download

Lines Matching full:ca

84 static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
85 static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
86 static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
87 static int purpose_smime(const X509 *x, int ca);
88 static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
89 static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
90 static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
91 static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
92 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
93 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
122 int X509_check_purpose(X509 *x, int id, int ca) in X509_check_purpose() argument
133 return pt->check_purpose(pt, x, ca); in X509_check_purpose()
411 if(bs->ca) x->ex_flags |= EXFLAG_CA; in x509v3_cache_extensions()
414 || !bs->ca) { in x509v3_cache_extensions()
534 /* CA checks common to all purposes
536 * 0 not a CA
537 * 1 is a CA
538 * 2 basicConstraints absent so "maybe" a CA
549 /* If basicConstraints says not a CA then say so */ in check_ca()
556 /* Older certificates could have Netscape-specific CA types */ in check_ca()
559 /* can this still be regarded a CA certificate? I doubt it */ in check_ca()
573 /* Check SSL CA: common checks for SSL client and server */
585 static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) in check_purpose_ssl_client() argument
588 if(ca) return check_ssl_ca(x); in check_purpose_ssl_client()
602 static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) in check_purpose_ssl_server() argument
605 if(ca) return check_ssl_ca(x); in check_purpose_ssl_server()
614 static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) in check_purpose_ns_ssl_server() argument
617 ret = check_purpose_ssl_server(xp, x, ca); in check_purpose_ns_ssl_server()
618 if(!ret || ca) return ret; in check_purpose_ns_ssl_server()
625 static int purpose_smime(const X509 *x, int ca) in purpose_smime() argument
628 if(ca) { in purpose_smime()
645 static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca) in check_purpose_smime_sign() argument
648 ret = purpose_smime(x, ca); in check_purpose_smime_sign()
649 if(!ret || ca) return ret; in check_purpose_smime_sign()
654 static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca) in check_purpose_smime_encrypt() argument
657 ret = purpose_smime(x, ca); in check_purpose_smime_encrypt()
658 if(!ret || ca) return ret; in check_purpose_smime_encrypt()
663 static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) in check_purpose_crl_sign() argument
665 if(ca) { in check_purpose_crl_sign()
675 * each CA is valid. Additional checks must be made on the chain.
678 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) in ocsp_helper() argument
680 /* Must be a valid CA. Should we really support the "I don't know" in ocsp_helper()
682 if(ca) return check_ca(x); in ocsp_helper()
688 int ca) in check_purpose_timestamp_sign() argument
692 /* If ca is true we must return if this is a valid CA certificate. */ in check_purpose_timestamp_sign()
693 if (ca) return check_ca(x); in check_purpose_timestamp_sign()
722 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) in no_check() argument