Print this page
4853 illumos-gate is not lint-clean when built with openssl 1.0 (initial commit, openssl 1.0.1h)


  93  */
  94 int
  95 get_cert_chain(PKG_ERR *err, X509 *cert, STACK_OF(X509) *clcerts,
  96     STACK_OF(X509) *cas, STACK_OF(X509) **chain)
  97 {
  98         X509_STORE_CTX  *store_ctx = NULL;
  99         X509_STORE      *ca_store = NULL;
 100         X509            *ca_cert = NULL;
 101         int i;
 102         int ret = 0;
 103 
 104         if ((ca_store = X509_STORE_new()) == NULL) {
 105                 pkgerr_add(err, PKGERR_NOMEM,
 106                     gettext(ERR_MEM));
 107                 ret = 1;
 108                 goto cleanup;
 109         }
 110 
 111         /* add all ca certs into the store */
 112         for (i = 0; i < sk_X509_num(cas); i++) {
 113                 /* LINTED pointer cast may result in improper alignment */
 114                 ca_cert = sk_X509_value(cas, i);
 115                 if (X509_STORE_add_cert(ca_store, ca_cert) == 0) {
 116                         pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
 117                         ret = 1;
 118                         goto cleanup;
 119                 }
 120         }
 121 
 122         /* initialize context object used during the chain resolution */
 123 
 124         if ((store_ctx = X509_STORE_CTX_new()) == NULL) {
 125                 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
 126                 ret = 1;
 127                 goto cleanup;
 128         }
 129 
 130         (void) X509_STORE_CTX_init(store_ctx, ca_store, cert, clcerts);
 131         /* attempt to verify the cert, which builds the cert chain */
 132         if (X509_verify_cert(store_ctx) <= 0) {
 133                 pkgerr_add(err, PKGERR_CHAIN,


 157  * Arguments:   cert - The certificate to get the name from
 158  *
 159  * Returns :    A static buffer containing the common name (CN) of the
 160  *              subject of the cert.
 161  *
 162  *              if the CN is not available, returns a string with the entire
 163  * X509 distinguished name.
 164  */
 165 char
 166 *get_subject_display_name(X509 *cert)
 167 {
 168 
 169         X509_NAME       *xname;
 170         static char     sname[ATTR_MAX];
 171 
 172         xname = X509_get_subject_name(cert);
 173         if (X509_NAME_get_text_by_NID(xname,
 174             NID_commonName, sname,
 175             ATTR_MAX) <= 0) {
 176                 (void) strncpy(sname,
 177                     X509_NAME_oneline(xname,
 178                         NULL, 0), ATTR_MAX);
 179                 sname[ATTR_MAX - 1] = '\0';
 180         }
 181         return (sname);
 182 }
 183 
 184 /*
 185  * Name:                get_display_name
 186  * Description: Retrieves a name used for identifying a certificate's issuer.
 187  *
 188  * Arguments:   cert - The certificate to get the name from
 189  *
 190  * Returns :    A static buffer containing the common name (CN)
 191  *              of the issuer of the cert.
 192  *
 193  *              if the CN is not available, returns a string with the entire
 194  *              X509 distinguished name.
 195  */
 196 char
 197 *get_issuer_display_name(X509 *cert)
 198 {
 199 
 200         X509_NAME       *xname;
 201         static char     sname[ATTR_MAX];
 202 
 203         xname = X509_get_issuer_name(cert);
 204         if (X509_NAME_get_text_by_NID(xname,
 205             NID_commonName, sname,
 206             ATTR_MAX) <= 0) {
 207                 (void) strncpy(sname,
 208                     X509_NAME_oneline(xname,
 209                         NULL, 0), ATTR_MAX);
 210                 sname[ATTR_MAX - 1] = '\0';
 211         }
 212         return (sname);
 213 }
 214 
 215 
 216 /*
 217  * Name:                get_serial_num
 218  * Description: Retrieves the serial number of an X509 cert
 219  *
 220  * Arguments:   cert - The certificate to get the data from
 221  *
 222  * Returns :    A static buffer containing the serial number
 223  *              of the cert
 224  *
 225  *              if the SN is not available, returns NULL
 226  */
 227 char
 228 *get_serial_num(X509 *cert)
 229 {




  93  */
  94 int
  95 get_cert_chain(PKG_ERR *err, X509 *cert, STACK_OF(X509) *clcerts,
  96     STACK_OF(X509) *cas, STACK_OF(X509) **chain)
  97 {
  98         X509_STORE_CTX  *store_ctx = NULL;
  99         X509_STORE      *ca_store = NULL;
 100         X509            *ca_cert = NULL;
 101         int i;
 102         int ret = 0;
 103 
 104         if ((ca_store = X509_STORE_new()) == NULL) {
 105                 pkgerr_add(err, PKGERR_NOMEM,
 106                     gettext(ERR_MEM));
 107                 ret = 1;
 108                 goto cleanup;
 109         }
 110 
 111         /* add all ca certs into the store */
 112         for (i = 0; i < sk_X509_num(cas); i++) {

 113                 ca_cert = sk_X509_value(cas, i);
 114                 if (X509_STORE_add_cert(ca_store, ca_cert) == 0) {
 115                         pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
 116                         ret = 1;
 117                         goto cleanup;
 118                 }
 119         }
 120 
 121         /* initialize context object used during the chain resolution */
 122 
 123         if ((store_ctx = X509_STORE_CTX_new()) == NULL) {
 124                 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
 125                 ret = 1;
 126                 goto cleanup;
 127         }
 128 
 129         (void) X509_STORE_CTX_init(store_ctx, ca_store, cert, clcerts);
 130         /* attempt to verify the cert, which builds the cert chain */
 131         if (X509_verify_cert(store_ctx) <= 0) {
 132                 pkgerr_add(err, PKGERR_CHAIN,


 156  * Arguments:   cert - The certificate to get the name from
 157  *
 158  * Returns :    A static buffer containing the common name (CN) of the
 159  *              subject of the cert.
 160  *
 161  *              if the CN is not available, returns a string with the entire
 162  * X509 distinguished name.
 163  */
 164 char
 165 *get_subject_display_name(X509 *cert)
 166 {
 167 
 168         X509_NAME       *xname;
 169         static char     sname[ATTR_MAX];
 170 
 171         xname = X509_get_subject_name(cert);
 172         if (X509_NAME_get_text_by_NID(xname,
 173             NID_commonName, sname,
 174             ATTR_MAX) <= 0) {
 175                 (void) strncpy(sname,
 176                     X509_NAME_oneline(xname, NULL, 0), ATTR_MAX);

 177                 sname[ATTR_MAX - 1] = '\0';
 178         }
 179         return (sname);
 180 }
 181 
 182 /*
 183  * Name:                get_display_name
 184  * Description: Retrieves a name used for identifying a certificate's issuer.
 185  *
 186  * Arguments:   cert - The certificate to get the name from
 187  *
 188  * Returns :    A static buffer containing the common name (CN)
 189  *              of the issuer of the cert.
 190  *
 191  *              if the CN is not available, returns a string with the entire
 192  *              X509 distinguished name.
 193  */
 194 char
 195 *get_issuer_display_name(X509 *cert)
 196 {
 197 
 198         X509_NAME       *xname;
 199         static char     sname[ATTR_MAX];
 200 
 201         xname = X509_get_issuer_name(cert);
 202         if (X509_NAME_get_text_by_NID(xname,
 203             NID_commonName, sname,
 204             ATTR_MAX) <= 0) {
 205                 (void) strncpy(sname,
 206                     X509_NAME_oneline(xname, NULL, 0), ATTR_MAX);

 207                 sname[ATTR_MAX - 1] = '\0';
 208         }
 209         return (sname);
 210 }
 211 
 212 
 213 /*
 214  * Name:                get_serial_num
 215  * Description: Retrieves the serial number of an X509 cert
 216  *
 217  * Arguments:   cert - The certificate to get the data from
 218  *
 219  * Returns :    A static buffer containing the serial number
 220  *              of the cert
 221  *
 222  *              if the SN is not available, returns NULL
 223  */
 224 char
 225 *get_serial_num(X509 *cert)
 226 {