mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 10:44:22 +01:00
Move code to separate function for readability
This commit is contained in:
parent
27e94797aa
commit
6368612a8f
@ -1939,11 +1939,11 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child,
|
|||||||
* rely on key identifier extensions). (This is one way users might choose to
|
* rely on key identifier extensions). (This is one way users might choose to
|
||||||
* handle key rollover, another relies on self-issued certs, see [SIRO].)
|
* handle key rollover, another relies on self-issued certs, see [SIRO].)
|
||||||
*/
|
*/
|
||||||
static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child,
|
static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child,
|
||||||
mbedtls_x509_crt *candidates,
|
mbedtls_x509_crt *candidates,
|
||||||
int top,
|
int top,
|
||||||
int path_cnt,
|
int path_cnt,
|
||||||
int self_cnt )
|
int self_cnt )
|
||||||
{
|
{
|
||||||
mbedtls_x509_crt *parent, *badtime_parent = NULL;
|
mbedtls_x509_crt *parent, *badtime_parent = NULL;
|
||||||
|
|
||||||
@ -1985,6 +1985,32 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child,
|
|||||||
return parent;
|
return parent;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Find a parent in trusted CAs or the provided chain, or return NULL.
|
||||||
|
*
|
||||||
|
* Searches in trusted CAs first, and return the first suitable parent found
|
||||||
|
* (see find_parent_in() for definition of suitable).
|
||||||
|
*/
|
||||||
|
static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child,
|
||||||
|
mbedtls_x509_crt *trust_ca,
|
||||||
|
int *parent_is_trusted,
|
||||||
|
int path_cnt,
|
||||||
|
int self_cnt )
|
||||||
|
{
|
||||||
|
mbedtls_x509_crt *parent;
|
||||||
|
|
||||||
|
/* Look for a parent in trusted CAs */
|
||||||
|
*parent_is_trusted = 1;
|
||||||
|
parent = x509_crt_find_parent_in( child, trust_ca, 1, path_cnt, self_cnt );
|
||||||
|
|
||||||
|
if( parent != NULL )
|
||||||
|
return parent;
|
||||||
|
|
||||||
|
/* Look for a parent upwards the chain */
|
||||||
|
*parent_is_trusted = 0;
|
||||||
|
return( x509_crt_find_parent_in( child, child->next, 0, path_cnt, self_cnt ) );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check if an end-entity certificate is locally trusted
|
* Check if an end-entity certificate is locally trusted
|
||||||
*
|
*
|
||||||
@ -2072,25 +2098,15 @@ static int x509_crt_verify_chain(
|
|||||||
goto callback;
|
goto callback;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Look for a parent in trusted CAs */
|
/* Look for a parent in trusted CAs or up the chain */
|
||||||
parent = x509_crt_find_parent( child, trust_ca, 1, path_cnt, self_cnt );
|
parent = x509_crt_find_parent( child, trust_ca, &parent_is_trusted,
|
||||||
|
path_cnt, self_cnt );
|
||||||
|
|
||||||
/* Found one? Let verify_top() handle that case */
|
/* No parent? We're done here */
|
||||||
if( parent != NULL )
|
if( parent == NULL )
|
||||||
{
|
{
|
||||||
parent_is_trusted = 1;
|
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
|
||||||
}
|
goto callback;
|
||||||
else
|
|
||||||
{
|
|
||||||
/* Look for a parent upwards the chain */
|
|
||||||
parent = x509_crt_find_parent( child, child->next, 0, path_cnt, 0 );
|
|
||||||
|
|
||||||
/* No parent at all? We're done here */
|
|
||||||
if( parent == NULL )
|
|
||||||
{
|
|
||||||
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
|
|
||||||
goto callback;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Counting intermediate self-issued (not necessarily self-signed) certs
|
/* Counting intermediate self-issued (not necessarily self-signed) certs
|
||||||
|
Loading…
Reference in New Issue
Block a user