static X509_REQ *pki_certificate_request(EVP_PKEY *keyring, digital_id_t *digital_id) { jlog(L_DEBUG, "pki_certificate_request"); X509_REQ *cert_req; X509_NAME *subject; const EVP_MD *message_digest; // create a certificate request cert_req = X509_REQ_new(); // set certificate request 'Subject:' subject = X509_NAME_new(); X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (unsigned char*)digital_id->commonName, -1, -1, 0); X509_NAME_add_entry_by_txt(subject, "countryName", MBSTRING_ASC, (unsigned char*)digital_id->countryName, -1, -1, 0); X509_NAME_add_entry_by_txt(subject, "stateOrProvinceName", MBSTRING_ASC, (unsigned char*)digital_id->stateOrProvinceName, -1, -1, 0); X509_NAME_add_entry_by_txt(subject, "localityName", MBSTRING_ASC, (unsigned char*)digital_id->localityName, -1, -1, 0); X509_NAME_add_entry_by_txt(subject, "emailAddress", MBSTRING_ASC, (unsigned char*)digital_id->emailAddress, -1, -1, 0); X509_NAME_add_entry_by_txt(subject, "organizationName", MBSTRING_ASC, (unsigned char*)digital_id->organizationName, -1, -1, 0); X509_REQ_set_subject_name(cert_req, subject); X509_NAME_free(subject); // set certificate request public key X509_REQ_set_pubkey(cert_req, keyring); // create a message digest message_digest = EVP_sha1(); // sign certificate request X509_REQ_sign(cert_req, keyring, message_digest); return cert_req; }
void pkcs7_issuer_and_subject_free(pkcs7_issuer_and_subject *a) { if (a == NULL) return; X509_NAME_free(a->issuer); X509_NAME_free(a->subject); OPENSSL_free(a); }
// Generate a self-signed certificate, with the public key from the // given key pair. Caller is responsible for freeing the returned object. static X509* MakeCertificate(EVP_PKEY* pkey, const char* common_name) { LOG(LS_INFO) << "Making certificate for " << common_name; X509* x509 = NULL; BIGNUM* serial_number = NULL; X509_NAME* name = NULL; if ((x509=X509_new()) == NULL) goto error; if (!X509_set_pubkey(x509, pkey)) goto error; // serial number // temporary reference to serial number inside x509 struct ASN1_INTEGER* asn1_serial_number; if (!(serial_number = BN_new()) || !BN_pseudo_rand(serial_number, SERIAL_RAND_BITS, 0, 0) || !(asn1_serial_number = X509_get_serialNumber(x509)) || !BN_to_ASN1_INTEGER(serial_number, asn1_serial_number)) goto error; if (!X509_set_version(x509, 0L)) // version 1 goto error; // There are a lot of possible components for the name entries. In // our P2P SSL mode however, the certificates are pre-exchanged // (through the secure XMPP channel), and so the certificate // identification is arbitrary. It can't be empty, so we set some // arbitrary common_name. Note that this certificate goes out in // clear during SSL negotiation, so there may be a privacy issue in // putting anything recognizable here. if (!(name = X509_NAME_new()) || !X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8, (unsigned char*)common_name, -1, -1, 0) || !X509_set_subject_name(x509, name) || !X509_set_issuer_name(x509, name)) goto error; if (!X509_gmtime_adj(X509_get_notBefore(x509), 0) || !X509_gmtime_adj(X509_get_notAfter(x509), CERTIFICATE_LIFETIME)) goto error; if (!X509_sign(x509, pkey, EVP_sha1())) goto error; BN_free(serial_number); X509_NAME_free(name); LOG(LS_INFO) << "Returning certificate"; return x509; error: BN_free(serial_number); X509_NAME_free(name); X509_free(x509); return NULL; }
static void string_to_X509_NAME(X509_NAME** name, const std::string& str) { if(name == NULL) return; if(*name != NULL) { X509_NAME_free(*name); *name = NULL; } *name = X509_NAME_new(); if(*name == NULL) return; // The input string is supposed to be /O=Grid/OU=EMI/CN=UserTest std::string::size_type pos1 = 0, pos2; pos1 = str.find("/", 0); while(pos1 != std::string::npos) { std::string entry_name, entry_value; pos2 = str.find("=", pos1); if(pos2 == std::string::npos) break; entry_name = str.substr(pos1+1, pos2-pos1-1); pos1 = str.find("/", pos2); if(pos1 == std::string::npos) entry_value = str.substr(pos2+1); else entry_value = str.substr(pos2+1, pos1-pos2-1); #ifdef HAVE_OPENSSL_OLDRSA int r = X509_NAME_add_entry_by_txt(*name, (char*)(entry_name.c_str()), MBSTRING_ASC, (unsigned char*)(entry_value.c_str()), -1, -1, 0); #else int r = X509_NAME_add_entry_by_txt(*name, entry_name.c_str(), MBSTRING_ASC, (const unsigned char*)(entry_value.c_str()), -1, -1, 0); #endif }; return; }
static int set_cn(X509 *crt, ...) { int ret = 0; X509_NAME *n = NULL; va_list ap; va_start(ap, crt); n = X509_NAME_new(); if (n == NULL) goto out; while (1) { int nid; const char *name; nid = va_arg(ap, int); if (nid == 0) break; name = va_arg(ap, const char *); if (!X509_NAME_add_entry_by_NID(n, nid, MBSTRING_ASC, (unsigned char *)name, -1, -1, 1)) goto out; } if (!X509_set_subject_name(crt, n)) goto out; ret = 1; out: X509_NAME_free(n); va_end(ap); return ret; }
void GENERAL_NAME_free(GENERAL_NAME *a) { if (a == NULL) return; switch(a->type) { case GEN_X400: case GEN_EDIPARTY: ASN1_TYPE_free(a->d.other); break; case GEN_OTHERNAME: OTHERNAME_free(a->d.otherName); break; case GEN_EMAIL: case GEN_DNS: case GEN_URI: M_ASN1_IA5STRING_free(a->d.ia5); break; case GEN_DIRNAME: X509_NAME_free(a->d.dirn); break; case GEN_IPADD: M_ASN1_OCTET_STRING_free(a->d.ip); break; case GEN_RID: ASN1_OBJECT_free(a->d.rid); break; } OPENSSL_free (a); }
static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) { const unsigned char *p = *in, *q; union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; ASN1_VALUE *a; } intname = {NULL}; union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL}; int i, j, ret; STACK_OF(X509_NAME_ENTRY) *entries; X509_NAME_ENTRY *entry; q = p; /* Get internal representation of Name */ ret = ASN1_item_ex_d2i(&intname.a, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), tag, aclass, opt, ctx); if (ret <= 0) return ret; if (*val) x509_name_ex_free(val, NULL); if (!x509_name_ex_new(&nm.a, NULL)) goto err; /* We've decoded it: now cache encoding */ if (!BUF_MEM_grow(nm.x->bytes, p - q)) goto err; memcpy(nm.x->bytes->data, q, p - q); /* Convert internal representation to X509_NAME structure */ for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i); for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { entry = sk_X509_NAME_ENTRY_value(entries, j); entry->set = i; if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) goto err; } sk_X509_NAME_ENTRY_free(entries); } sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); ret = x509_name_canon(nm.x); if (!ret) goto err; nm.x->modified = 0; *val = nm.a; *in = p; return ret; err: if (nm.x != NULL) X509_NAME_free(nm.x); ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); return 0; }
X509_NAME* cnhelper_create_dn(const qeo_platform_device_info *info) { X509_NAME* dn = NULL; do { dn = X509_NAME_new(); if (dn) { char devicename[MAX_CN_LENGTH]; strncpy(devicename, info->userFriendlyName, sizeof(devicename)); if (devicename[sizeof(devicename)-1] != '\0'){ strncpy(&devicename[sizeof(devicename)-4], "...", 4); qeo_log_w("Device name exceeds the maximal allowed length of <%d> characters, cutting it off to <%s>.", sizeof(devicename)-1, devicename); } //TODO: now only the friendly name is forwarded to the server, in the future this needs to be extended if (!X509_NAME_add_entry_by_NID(dn, NID_commonName, MBSTRING_ASC, (unsigned char* ) devicename, -1, -1, 0)) { X509_NAME_free(dn); dn = NULL; break; } } qeo_log_d("created DN for device"); } while (0); return dn; }
static int openssl_xname_gc(lua_State* L) { X509_NAME* xn = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name"); lua_pushnil(L); lua_setmetatable(L, 1); X509_NAME_free(xn); return 0; }
/** This extracts the first commonName and checks it against hostname. */ uint32_t check_cn (SSL *ssl, const char *hostname) { uint32_t ret; char *cn_buf; X509 *certificate; X509_NAME *xname; cn_buf = malloc(HOST_NAME_MAX + 1); if (NULL == cn_buf) { die ("Unable to allocate memory for cn_buf\n"); } certificate = SSL_get_peer_certificate(ssl); if (NULL == certificate) { die ("Unable to extract certificate\n"); } memset(cn_buf, '\0', (HOST_NAME_MAX + 1)); xname = X509_get_subject_name(certificate); ret = X509_NAME_get_text_by_NID(xname, NID_commonName, cn_buf, HOST_NAME_MAX); if (-1 == ret && ret != strlen(hostname)) { die ("Unable to extract commonName\n"); } if (strcasecmp(cn_buf, hostname)) { verb ("V: commonName mismatch! Expected: %s - received: %s\n", hostname, cn_buf); } else { verb ("V: commonName matched: %s\n", cn_buf); X509_NAME_free(xname); X509_free(certificate); free(cn_buf); return 1; } X509_NAME_free(xname); X509_free(certificate); free(cn_buf); return 0; }
MONO_API void mono_btls_x509_name_free (MonoBtlsX509Name *name) { if (name->owns) { if (name->name) { X509_NAME_free(name->name); name->name = NULL; } } OPENSSL_free(name); }
static STACK_OF(X509_NAME) * use_inline_load_client_CA_file (SSL_CTX *ctx, const char *ca_string) { BIO *in = NULL; X509 *x = NULL; X509_NAME *xn = NULL; STACK_OF(X509_NAME) *ret = NULL, *sk; sk=sk_X509_NAME_new(xname_cmp); in = BIO_new_mem_buf ((char *)ca_string, -1); if (!in) goto err; if ((sk == NULL) || (in == NULL)) goto err; for (;;) { if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) break; if (ret == NULL) { ret = sk_X509_NAME_new_null(); if (ret == NULL) goto err; } if ((xn=X509_get_subject_name(x)) == NULL) goto err; /* check for duplicates */ xn=X509_NAME_dup(xn); if (xn == NULL) goto err; if (sk_X509_NAME_find(sk,xn) >= 0) X509_NAME_free(xn); else { sk_X509_NAME_push(sk,xn); sk_X509_NAME_push(ret,xn); } } if (0) { err: if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); ret=NULL; } if (sk != NULL) sk_X509_NAME_free(sk); if (in != NULL) BIO_free(in); if (x != NULL) X509_free(x); if (ret != NULL) ERR_clear_error(); return(ret); }
char * x509_DN_string(u_int8_t *asn1, size_t sz) { X509_NAME *name; u_int8_t *p = asn1; char buf[256]; /* XXX Just a guess at a maximum length. */ name = d2i_X509_NAME(NULL, &p, sz); if (!name) { log_print("x509_DN_string: d2i_X509_NAME failed"); return 0; } if (!X509_NAME_oneline(name, buf, sizeof buf - 1)) { log_print("x509_DN_string: X509_NAME_oneline failed"); X509_NAME_free(name); return 0; } X509_NAME_free(name); buf[sizeof buf - 1] = '\0'; return strdup(buf); }
/* * Deallocate the memory used by the X509Name object * * Arguments: self - The X509Name object * Returns: None */ static void crypto_X509Name_dealloc(crypto_X509NameObj *self) { PyObject_GC_UnTrack(self); /* Sometimes we don't have to dealloc this */ if (self->dealloc) X509_NAME_free(self->x509_name); crypto_X509Name_clear(self); PyObject_GC_Del(self); }
X509_NAME *parse_name(const char *orig_name) { char name[1025]; X509_NAME *parsed = NULL; char *ptr = name; char *part; if(strlen(orig_name) > 1024) { fprintf(stderr, "Name is to long!\n"); return NULL; } strcpy(name, orig_name); if(*name != '/') { fprintf(stderr, "Name does not start with '/'!\n"); return NULL; } parsed = X509_NAME_new(); if(!parsed) { fprintf(stderr, "Failed to allocate memory\n"); return NULL; } while((part = strtok(ptr, "/"))) { char *key; char *value; char *equals = strchr(part, '='); if(!equals) { fprintf(stderr, "The part '%s' doesn't seem to contain a =.\n", part); goto parse_err; } *equals++ = '\0'; value = equals; key = part; ptr = NULL; if(!key) { fprintf(stderr, "Malformed name (%s)\n", part); goto parse_err; } if(!value) { fprintf(stderr, "Malformed name (%s)\n", part); goto parse_err; } if(!X509_NAME_add_entry_by_txt(parsed, key, MBSTRING_UTF8, (unsigned char*)value, -1, -1, 0)) { fprintf(stderr, "Failed adding %s=%s to name.\n", key, value); goto parse_err; } } return parsed; parse_err: X509_NAME_free(parsed); return NULL; }
static std::string ParseSubject ( IN const void * const p, IN const unsigned s ) { char szSubject[1024]; bool fOK = false; #if defined(_WIN32) CRYPT_DER_BLOB blobSubject = {s, (PBYTE)p}; if ( CertNameToStrA ( X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &blobSubject, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, szSubject, sizeof (szSubject) ) != 0 ) { fOK = true; } #else X509_NAME *name; name = X509_NAME_new (); if (name != NULL) { pkcs11_openssl_d2i_t pp = (pkcs11_openssl_d2i_t)p; if ( d2i_X509_NAME ( &name, &pp, s ) ) { X509_NAME_oneline ( name, szSubject, sizeof (szSubject) ); fOK = true; } X509_NAME_free (name); } #endif if (fOK) { return szSubject; } else { return "ERROR"; } }
NamespacesPolicy::NamespacesPolicy(const std::string& issuer_subject_str, const std::string& ca_path): issuer_(issuer_subject_str), file_(NULL) { X509_NAME* name = NULL; if(issuer_.empty()) { error_ = "Issuer for namespaces location is not defined"; return; } string_to_X509_NAME(&name, issuer_); if(!name) { error_ = "Failed to parsed X509_NAME from string"; return; } Init(name, ca_path); X509_NAME_free(name); }
char * ca_asn1_name(uint8_t *asn1, size_t len) { X509_NAME *name = NULL; char *str = NULL; const uint8_t *p; p = asn1; if ((name = d2i_X509_NAME(NULL, &p, len)) == NULL) return (NULL); str = ca_x509_name(name); X509_NAME_free(name); return (str); }
/** Return a newly allocated X509 name with commonName <b>cname</b>. */ static X509_NAME * tor_x509_name_new(const char *cname) { int nid; X509_NAME *name; if (!(name = X509_NAME_new())) return NULL; if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, (unsigned char*)cname, -1, -1, 0))) goto error; return name; error: X509_NAME_free(name); return NULL; }
void spice_openssl_verify_free(SpiceOpenSSLVerify* verify) { if (!verify) return; free(verify->pubkey); free(verify->subject); free(verify->hostname); if (verify->in_subject) X509_NAME_free(verify->in_subject); if (verify->ssl) SSL_set_app_data(verify->ssl, NULL); free(verify); }
static X509 *make_cert() { X509 *ret = NULL; X509 *crt = NULL; X509_NAME *issuer = NULL; crt = X509_new(); if (crt == NULL) goto out; if (!X509_set_version(crt, 3)) goto out; ret = crt; crt = NULL; out: X509_NAME_free(issuer); return ret; }
static X509 * gen_cert(EVP_PKEY* pkey, const char *common, int days) { X509 *x509 = NULL; BIGNUM *serial_number = NULL; X509_NAME *name = NULL; if ((x509 = X509_new()) == NULL) return NULL; if (!X509_set_pubkey(x509, pkey)) return NULL; ASN1_INTEGER* asn1_serial_number; if ((serial_number = BN_new()) == NULL || !BN_pseudo_rand(serial_number, 64, 0, 0) || (asn1_serial_number = X509_get_serialNumber(x509)) == NULL || !BN_to_ASN1_INTEGER(serial_number, asn1_serial_number)) goto cert_err; if (!X509_set_version(x509, 0L)) // version 1 goto cert_err; if ((name = X509_NAME_new()) == NULL || !X509_NAME_add_entry_by_NID( name, NID_commonName, MBSTRING_UTF8, (unsigned char*)common, -1, -1, 0) || !X509_set_subject_name(x509, name) || !X509_set_issuer_name(x509, name)) goto cert_err; if (!X509_gmtime_adj(X509_get_notBefore(x509), 0) || !X509_gmtime_adj(X509_get_notAfter(x509), days * 24 * 3600)) goto cert_err; if (!X509_sign(x509, pkey, EVP_sha1())) goto cert_err; if (0) { cert_err: X509_free(x509); x509 = NULL; } BN_free(serial_number); X509_NAME_free(name); return x509; }
int X509_NAME_set(X509_NAME **xn, X509_NAME *name) { X509_NAME *in; if (*xn == NULL) return(0); if (*xn != name) { in=X509_NAME_dup(name); if (in != NULL) { X509_NAME_free(*xn); *xn=in; } } return(*xn != NULL); }
/** This extracts the first commonName and checks it against hostname. */ uint32_t check_cn (SSL *ssl, const char *hostname) { int ok = 0; int ret; char *cn_buf; X509 *certificate; X509_NAME *xname; // We cast this to cast away g++ complaining about the following: // error: invalid conversion from ‘void*’ to ‘char*’ cn_buf = (char *) xmalloc(TLSDATE_HOST_NAME_MAX + 1); certificate = SSL_get_peer_certificate(ssl); if (NULL == certificate) { die ("Unable to extract certificate"); } memset(cn_buf, '\0', (TLSDATE_HOST_NAME_MAX + 1)); xname = X509_get_subject_name(certificate); ret = X509_NAME_get_text_by_NID(xname, NID_commonName, cn_buf, TLSDATE_HOST_NAME_MAX); if (-1 == ret || ret != (int) strlen(cn_buf)) { die ("Unable to extract commonName"); } if (strcasecmp(cn_buf, hostname)) { verb ("V: commonName mismatch! Expected: %s - received: %s", hostname, cn_buf); } else { verb ("V: commonName matched: %s", cn_buf); ok = 1; } X509_NAME_free(xname); X509_free(certificate); xfree(cn_buf); return ok; }
static PyObject * ssl_Connection_get_client_ca_list(ssl_ConnectionObj *self, PyObject *args) { STACK_OF(X509_NAME) *CANames; PyObject *CAList; int i, n; if (!PyArg_ParseTuple(args, ":get_client_ca_list")) { return NULL; } CANames = SSL_get_client_CA_list(self->ssl); if (CANames == NULL) { return PyList_New(0); } n = sk_X509_NAME_num(CANames); CAList = PyList_New(n); if (CAList == NULL) { return NULL; } for (i = 0; i < n; i++) { X509_NAME *CAName; PyObject *CA; CAName = X509_NAME_dup(sk_X509_NAME_value(CANames, i)); if (CAName == NULL) { Py_DECREF(CAList); exception_from_error_queue(ssl_Error); return NULL; } CA = (PyObject *)new_x509name(CAName, 1); if (CA == NULL) { X509_NAME_free(CAName); Py_DECREF(CAList); return NULL; } if (PyList_SetItem(CAList, i, CA)) { Py_DECREF(CA); Py_DECREF(CAList); return NULL; } } return CAList; }
/** Return a newly allocated X509 name with commonName <b>cname</b>. */ static X509_NAME * tor_x509_name_new(const char *cname) { int nid; X509_NAME *name; /* LCOV_EXCL_BR_START : these branches will only fail on OOM errors */ if (!(name = X509_NAME_new())) return NULL; if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; if (!(X509_NAME_add_entry_by_NID(name, nid, MBSTRING_ASC, (unsigned char*)cname, -1, -1, 0))) goto error; /* LCOV_EXCL_BR_STOP */ return name; /* LCOV_EXCL_START : these lines will only execute on out of memory errors*/ error: X509_NAME_free(name); return NULL; /* LCOV_EXCL_STOP */ }
static OCSP_BASICRESP *make_dummy_resp(void) { const unsigned char namestr[] = "openssl.example.com"; unsigned char keybytes[128] = {7}; OCSP_BASICRESP *bs = OCSP_BASICRESP_new(); OCSP_BASICRESP *bs_out = NULL; OCSP_CERTID *cid = NULL; ASN1_TIME *thisupd = ASN1_TIME_set(NULL, time(NULL)); ASN1_TIME *nextupd = ASN1_TIME_set(NULL, time(NULL) + 200); X509_NAME *name = X509_NAME_new(); ASN1_BIT_STRING *key = ASN1_BIT_STRING_new(); ASN1_INTEGER *serial = ASN1_INTEGER_new(); if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, namestr, -1, -1, 1) || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)) || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)) goto err; cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); if (!TEST_ptr(bs) || !TEST_ptr(thisupd) || !TEST_ptr(nextupd) || !TEST_ptr(cid) || !TEST_true(OCSP_basic_add1_status(bs, cid, V_OCSP_CERTSTATUS_UNKNOWN, 0, NULL, thisupd, nextupd))) goto err; bs_out = bs; bs = NULL; err: ASN1_TIME_free(thisupd); ASN1_TIME_free(nextupd); ASN1_BIT_STRING_free(key); ASN1_INTEGER_free(serial); OCSP_CERTID_free(cid); OCSP_BASICRESP_free(bs); X509_NAME_free(name); return bs_out; }
static bool test_name(const char *name, const char *expected) { char buf[1024]; BIO *bio; const char none[] = {0}; X509_NAME *parsed = parse_name(name); if(parsed == NULL) { return false; } bio = BIO_new(BIO_s_mem()); X509_NAME_print_ex(bio, parsed, 0, XN_FLAG_ONELINE); BIO_write(bio, none, 1); BIO_read(bio, buf, 1024); BIO_free(bio); X509_NAME_free(parsed); if(strcmp(buf, expected) != 0) { fprintf(stderr, "Names not matching: '%s' != '%s'\n", expected, buf); return false; } return true; }
/* check if subject from cert matches the id */ int ca_x509_subject_cmp(X509 *cert, struct iked_static_id *id) { X509_NAME *subject, *idname = NULL; const uint8_t *idptr; size_t idlen; int ret = -1; if (id->id_type != IKEV2_ID_ASN1_DN) return (-1); if ((subject = X509_get_subject_name(cert)) == NULL) return (-1); if (id->id_length <= id->id_offset) return (-1); idlen = id->id_length - id->id_offset; idptr = id->id_data + id->id_offset; if ((idname = d2i_X509_NAME(NULL, &idptr, idlen)) == NULL) return (-1); if (X509_NAME_cmp(subject, idname) == 0) ret = 0; X509_NAME_free(idname); return (ret); }
void pki_x509req::setSubject(const x509name &n) { if (request->req_info->subject != NULL) X509_NAME_free(request->req_info->subject); request->req_info->subject = n.get(); }