pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:1556:    // Gentoo, OpenSSL 0.9.7    // Nokia N900 Maemo 5, OpenSSL 0.9.8n    // OpenBSD, OpenSSL 0.9.x    // Slackware, OpenSSL 0.9.6    // SuSE 8.1 / 8.2, OpenSSL 0.9.6    // Ubuntu Maverick (10.10), OpenSSL 0.9.8o    // Ubuntu Precise (12.04), OpenSSL 1.0.1       "/etc/pki/tls/certs",    // Redhat Enterprise 6, OpenSSL 1.0.0 +  // Redhat Enterprise 7    // Redhat Fedora Core 4, OpenSSL 0.9.7    // Redhat Fedora Core 5 / 6, OpenSSL 0.9.8       "/System/Library/OpenSSL/certs",    // Mac OS X 10.1.2, OpenSSL 0.9.6b       "/Library/Keychains",    // Mac OS X.       "/System/Library/Keychains",
pike.git/lib/modules/Standards.pmod/X509.pmod:1616:    {    if(!expire) expire=tbs->not_after;    expire = min(expire, tbs->not_after);    if(tbs->not_before > time(1))    expire = min(expire, tbs->not_before);    };       foreach(root_cert_dirs, string dir) {    if (!Stdio.is_dir(dir)) continue;    -  // Try the merged certificate file first. -  string pem = Stdio.read_bytes(combine_path(dir, "ca-certificates.crt")); +  int found; +  +  // Try the merged certificate files first. +  foreach(({ "ca-certificates.crt", "ca-bundle.crt", "ca-bundle.trust.crt" }), +  string fname) {    if (pem) {    Standards.PEM.Messages messages = Standards.PEM.Messages(pem);    foreach(messages->get_certificates(), string m) {    TBSCertificate tbs = verify_ca_certificate(m);    if (!tbs) continue;    string subj = tbs->subject->get_der();    if( !res[subj] || !has_value(res[subj], tbs->public_key ) )    {    update_expire(tbs);    res[subj] += ({ tbs->public_key });    } -  +  found = 1;    } -  continue; +     } -  +  } +  if (found) continue;       // Then try the Apple KeyChain files. -  int found; +     foreach(({ "X509Anchors", "X509Certificates" }), string fname) {    string keychain = Stdio.read_bytes(combine_path(dir, fname));    if (keychain) {    Apple.Keychain chain = Apple.Keychain(keychain);    foreach(chain->certs, TBSCertificate tbs) {    string subj = tbs->subject->get_der();    if( !res[subj] || !has_value(res[subj], tbs->public_key ) ) -  +  { +  update_expire(tbs);    res[subj] += ({ tbs->public_key });    } -  +  }    found = 1;    }    }    if (found) continue;       // Fall back to trying every file.    foreach(get_dir(dir) || ({}), string fname) {    if (has_suffix(fname, ".0")) {    // Skip OpenSSL hash files for now (as they are duplicates).    continue;    }    fname = combine_path(dir, fname);    if (!Stdio.is_file(fname)) continue; -  pem = Stdio.read_bytes(fname); +  string pem = Stdio.read_bytes(fname);    if (!pem) continue;    string cert = Standards.PEM.simple_decode(pem);    if (!cert) continue;    TBSCertificate tbs = verify_ca_certificate(cert);    if (!tbs) continue;    string subj = tbs->subject->get_der();    if( !res[subj] || !has_value(res[subj], tbs->public_key ) )    {    update_expire(tbs);    res[subj] += ({ tbs->public_key });