mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 01:05:41 +00:00
Extract name checking to separate function
Just copy-paste and unindent
This commit is contained in:
parent
6368612a8f
commit
1300e99eb1
|
@ -2154,52 +2154,16 @@ callback:
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Verify the certificate validity
|
* Verify the requested CN - only call this if cn is not NULL!
|
||||||
*/
|
*/
|
||||||
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
|
static void x509_crt_verify_name( mbedtls_x509_crt *crt,
|
||||||
mbedtls_x509_crt *trust_ca,
|
const char *cn,
|
||||||
mbedtls_x509_crl *ca_crl,
|
uint32_t *flags )
|
||||||
const char *cn, uint32_t *flags,
|
|
||||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
|
||||||
void *p_vrfy )
|
|
||||||
{
|
{
|
||||||
return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
|
|
||||||
&mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Verify the certificate validity, with profile
|
|
||||||
*
|
|
||||||
* This function only checks the requested CN (if any) and then delegates
|
|
||||||
* chain building/verification to verify_chain(). Before that, it checks the
|
|
||||||
* key size of the EE certificate, as verify_chain() will only verify that of
|
|
||||||
* parent certificates.
|
|
||||||
*/
|
|
||||||
int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
|
||||||
mbedtls_x509_crt *trust_ca,
|
|
||||||
mbedtls_x509_crl *ca_crl,
|
|
||||||
const mbedtls_x509_crt_profile *profile,
|
|
||||||
const char *cn, uint32_t *flags,
|
|
||||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
|
||||||
void *p_vrfy )
|
|
||||||
{
|
|
||||||
size_t cn_len;
|
|
||||||
int ret;
|
|
||||||
mbedtls_x509_name *name;
|
mbedtls_x509_name *name;
|
||||||
mbedtls_x509_sequence *cur = NULL;
|
mbedtls_x509_sequence *cur = NULL;
|
||||||
mbedtls_pk_type_t pk_type;
|
size_t cn_len;
|
||||||
|
|
||||||
*flags = 0;
|
|
||||||
|
|
||||||
if( profile == NULL )
|
|
||||||
{
|
|
||||||
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( cn != NULL )
|
|
||||||
{
|
|
||||||
name = &crt->subject;
|
name = &crt->subject;
|
||||||
cn_len = strlen( cn );
|
cn_len = strlen( cn );
|
||||||
|
|
||||||
|
@ -2248,8 +2212,53 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
||||||
if( name == NULL )
|
if( name == NULL )
|
||||||
*flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
|
*flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Verify the certificate validity
|
||||||
|
*/
|
||||||
|
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
|
||||||
|
mbedtls_x509_crt *trust_ca,
|
||||||
|
mbedtls_x509_crl *ca_crl,
|
||||||
|
const char *cn, uint32_t *flags,
|
||||||
|
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
||||||
|
void *p_vrfy )
|
||||||
|
{
|
||||||
|
return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
|
||||||
|
&mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Verify the certificate validity, with profile
|
||||||
|
*
|
||||||
|
* This function only checks the requested CN (if any) and then delegates
|
||||||
|
* chain building/verification to verify_chain(). Before that, it checks the
|
||||||
|
* key size of the EE certificate, as verify_chain() will only verify that of
|
||||||
|
* parent certificates.
|
||||||
|
*/
|
||||||
|
int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
||||||
|
mbedtls_x509_crt *trust_ca,
|
||||||
|
mbedtls_x509_crl *ca_crl,
|
||||||
|
const mbedtls_x509_crt_profile *profile,
|
||||||
|
const char *cn, uint32_t *flags,
|
||||||
|
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
||||||
|
void *p_vrfy )
|
||||||
|
{
|
||||||
|
int ret;
|
||||||
|
mbedtls_pk_type_t pk_type;
|
||||||
|
|
||||||
|
*flags = 0;
|
||||||
|
|
||||||
|
if( profile == NULL )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
|
||||||
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* check name if requested */
|
||||||
|
if( cn != NULL )
|
||||||
|
x509_crt_verify_name( crt, cn, flags );
|
||||||
|
|
||||||
/* Check the type and size of the key */
|
/* Check the type and size of the key */
|
||||||
pk_type = mbedtls_pk_get_type( &crt->pk );
|
pk_type = mbedtls_pk_get_type( &crt->pk );
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue