pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:1346:    if(!tbs)    ERROR(CERT_INVALID);       int idx = len-idx-1;    chain_cert[idx] = cert;    chain_obj[idx] = tbs;    }       // Chain is now reversed so root is first and leaf is last.    +  int my_time = time();    foreach(chain_obj; int idx; TBSCertificate tbs)    {    array(Verifier)|Verifier verifiers;       if(idx != len-1) // Not the leaf    {    Object o = tbs->extensions[ Identifiers.ce_ids["basicConstraints"]->get_der() ];       // id-ce-basicConstraints is required for certificates with    // public key used to validate certificate signatures. RFC 3280,
pike.git/lib/modules/Standards.pmod/X509.pmod:1410:    // always trust our own authority first, even if it is self signed.    if(!verifiers)    verifiers = ({ tbs->public_key });    } else if (objectp(verifiers)) {    verifiers = ({ verifiers });    }    }       else // otherwise, we make sure the chain is unbroken.    { -  // is the certificate in effect (time-wise)? -  int my_time = time(); -  +     // Check not_before. We want the current time to be later.    if(my_time < tbs->not_before)    ERROR(CERT_TOO_NEW);       // Check not_after. We want the current time to be earlier.    if(my_time > tbs->not_after)    ERROR(CERT_TOO_OLD);       // is the issuer of this certificate the subject of the previous    // (more rootward) certificate?