int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, TS_RESP_CTX *ctx) { int ret = 0; STACK_OF(X509) *certs_obj = NULL; if (!certs) certs = NCONF_get_string(conf, section, ENV_CERTS); /* Certificate chain is optional. */ if (!certs) goto end; if (!(certs_obj = TS_CONF_load_certs(certs))) goto err; if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) goto err; end: ret = 1; err: sk_X509_pop_free(certs_obj, X509_free); return ret; }
static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, char *queryfile, char *CApath, char *CAfile, char *untrusted, X509_VERIFY_PARAM *vpm) { TS_VERIFY_CTX *ctx = NULL; BIO *input = NULL; TS_REQ *request = NULL; int ret = 0; int f = 0; if (data != NULL || digest != NULL) { if ((ctx = TS_VERIFY_CTX_new()) == NULL) goto err; f = TS_VFY_VERSION | TS_VFY_SIGNER; if (data != NULL) { f |= TS_VFY_DATA; if (TS_VERIFY_CTX_set_data(ctx, BIO_new_file(data, "rb")) == NULL) goto err; } else if (digest != NULL) { long imprint_len; unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len); f |= TS_VFY_IMPRINT; if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) { BIO_printf(bio_err, "invalid digest string\n"); goto err; } } } else if (queryfile != NULL) { if ((input = BIO_new_file(queryfile, "rb")) == NULL) goto err; if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL) goto err; if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL) goto err; } else return NULL; /* Add the signature verification flag and arguments. */ TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE); /* Initialising the X509_STORE object. */ if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile, vpm)) == NULL) goto err; /* Loading untrusted certificates. */ if (untrusted && TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL) goto err; ret = 1; err: if (!ret) { TS_VERIFY_CTX_free(ctx); ctx = NULL; } BIO_free_all(input); TS_REQ_free(request); return ctx; }
static TS_VERIFY_CTX * create_verify_ctx(char *data, char *digest, char *queryfile, char *ca_path, char *ca_file, char *untrusted) { TS_VERIFY_CTX *ctx = NULL; BIO *input = NULL; TS_REQ *request = NULL; int ret = 0; if (data != NULL || digest != NULL) { if (!(ctx = TS_VERIFY_CTX_new())) goto err; ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER; if (data != NULL) { ctx->flags |= TS_VFY_DATA; if (!(ctx->data = BIO_new_file(data, "rb"))) goto err; } else if (digest != NULL) { long imprint_len; ctx->flags |= TS_VFY_IMPRINT; if (!(ctx->imprint = string_to_hex(digest, &imprint_len))) { BIO_printf(bio_err, "invalid digest string\n"); goto err; } ctx->imprint_len = imprint_len; } } else if (queryfile != NULL) { /* * The request has just to be read, decoded and converted to * a verify context object. */ if (!(input = BIO_new_file(queryfile, "rb"))) goto err; if (!(request = d2i_TS_REQ_bio(input, NULL))) goto err; if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL))) goto err; } else return NULL; /* Add the signature verification flag and arguments. */ ctx->flags |= TS_VFY_SIGNATURE; /* Initialising the X509_STORE object. */ if (!(ctx->store = create_cert_store(ca_path, ca_file))) goto err; /* Loading untrusted certificates. */ if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted))) goto err; ret = 1; err: if (!ret) { TS_VERIFY_CTX_free(ctx); ctx = NULL; } BIO_free_all(input); TS_REQ_free(request); return ctx; }