static int policy_cache_create (X509 * x, CERTIFICATEPOLICIES * policies, int crit)
{
int i;
int ret = 0;
X509_POLICY_CACHE *cache = x->policy_cache;
X509_POLICY_DATA *data = NULL;
POLICYINFO *policy;
if (sk_POLICYINFO_num (policies) == 0)
goto bad_policy;
cache->data = sk_X509_POLICY_DATA_new (policy_data_cmp);
if (!cache->data)
goto bad_policy;
for (i = 0; i < sk_POLICYINFO_num (policies); i++)
{
policy = sk_POLICYINFO_value (policies, i);
data = policy_data_new (policy, NULL, crit);
if (!data)
goto bad_policy;
/* Duplicate policy OIDs are illegal: reject if matches
* found.
*/
if (OBJ_obj2nid (data->valid_policy) == NID_any_policy)
{
if (cache->anyPolicy)
{
ret = -1;
goto bad_policy;
}
cache->anyPolicy = data;
}
else if (sk_X509_POLICY_DATA_find (cache->data, data) != -1)
{
ret = -1;
goto bad_policy;
}
else if (!sk_X509_POLICY_DATA_push (cache->data, data))
goto bad_policy;
data = NULL;
}
ret = 1;
bad_policy:
if (ret == -1)
x->ex_flags |= EXFLAG_INVALID_POLICY;
if (data)
policy_data_free (data);
sk_POLICYINFO_pop_free (policies, POLICYINFO_free);
if (ret <= 0)
{
sk_X509_POLICY_DATA_pop_free (cache->data, policy_data_free);
cache->data = NULL;
}
return ret;
}
void policy_cache_free(X509_POLICY_CACHE *cache)
{
if (!cache)
return;
if (cache->anyPolicy)
policy_data_free(cache->anyPolicy);
if (cache->data)
sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
OPENSSL_free(cache);
}
