pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:1629:   //! (time-wise.) and allowed to sign it's child certificate.   //!   //! No verifications are done on the leaf certificate to determine   //! what it can and can not be used for.   //!   //! Returns a mapping with the following contents, depending   //! on the verification of the certificate chain:   //!   //! @mapping   //! @member int "error_code" - //! Error describing type of verification failurew, if + //! Error describing type of verification failures, if   //! verification failed. May be one of the following, OR:ed   //! together: @[CERT_TOO_NEW], @[CERT_TOO_OLD],   //! @[CERT_ROOT_UNTRUSTED], @[CERT_BAD_SIGNATURE], @[CERT_INVALID]   //! or @[CERT_CHAIN_BROKEN].   //! @member int "error_cert"   //! Index number of the certificate that caused the verification failure.   //! @member int(0..1) "self_signed"   //! Non-zero if the certificate is self-signed.   //! @member int(0..1) "verified"   //! Non-zero if the certificate is verified.
pike.git/lib/modules/Standards.pmod/X509.pmod:1761:    if(!verifiers)    verifiers = ({ tbs->public_key });    }       if (objectp(verifiers))    verifiers = ({ verifiers });    }       else // otherwise, we make sure the chain is unbroken.    { +  // FIXME: We should use identifiers instead of issuer/subject. +     // is the issuer of this certificate the subject of the previous    // (more rootward) certificate?    if(tbs->issuer->get_der() != chain_obj[idx-1]->subject->get_der())    ERROR(CERT_CHAIN_BROKEN);       // the verifier for this certificate should be the public key of    // the previous certificate in the chain.    verifiers = ({ chain_obj[idx-1]->public_key });    }