X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, int type,
X509_NAME *name)
{
X509_OBJECT *ret = X509_OBJECT_new();
if (ret == NULL)
return NULL;
if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) {
X509_OBJECT_free(ret);
return NULL;
}
return ret;
}
/*****************************************************************************
*
* Low-level x509 functions
*
*****************************************************************************/
static int
xmlSecOpenSSLX509VerifyCRL(X509_STORE* xst, X509_CRL *crl ) {
X509_STORE_CTX *xsc = NULL;
X509_OBJECT *xobj = NULL;
EVP_PKEY *pkey = NULL;
int ret;
xmlSecAssert2(xst != NULL, -1);
xmlSecAssert2(crl != NULL, -1);
xsc = X509_STORE_CTX_new();
if(xsc == NULL) {
xmlSecOpenSSLError(NULL, "X509_STORE_CTX_new");
goto err;
}
xobj = X509_OBJECT_new();
if(xobj == NULL) {
xmlSecOpenSSLError(NULL, "X509_OBJECT_new");
goto err;
}
ret = X509_STORE_CTX_init(xsc, xst, NULL, NULL);
if(ret != 1) {
xmlSecOpenSSLError(NULL, "X509_STORE_CTX_init");
goto err;
}
ret = X509_STORE_CTX_get_by_subject(xsc, X509_LU_X509,
X509_CRL_get_issuer(crl), xobj);
if(ret <= 0) {
xmlSecOpenSSLError(NULL, "X509_STORE_CTX_get_by_subject");
goto err;
}
pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj));
if(pkey == NULL) {
xmlSecOpenSSLError(NULL, "X509_get_pubkey");
goto err;
}
ret = X509_CRL_verify(crl, pkey);
EVP_PKEY_free(pkey);
if(ret != 1) {
xmlSecOpenSSLError(NULL, "X509_CRL_verify");
}
X509_STORE_CTX_free(xsc);
X509_OBJECT_free(xobj);
return((ret == 1) ? 1 : 0);
err:
X509_STORE_CTX_free(xsc);
X509_OBJECT_free(xobj);
return(-1);
}
