pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:1375:    add("basicConstraints", Sequence(({Boolean(1)})), 1);       return sign_key(dn, c, c, h||Crypto.SHA256, dn, serial, ttl, extensions);   }      //! Decodes a certificate and verifies that it is structually sound.   //! Returns a @[TBSCertificate] object if ok, otherwise @expr{0@}.   TBSCertificate decode_certificate(string|object cert)   {    if (stringp (cert)) { -  cert = Standards.ASN1.Decode.secure_der_decode(cert, x509_types); +  cert = Standards.PKCS.Signature.decode_signed(cert, x509_types);    }       if (!cert    || (cert->type_name != "SEQUENCE")    || (sizeof(cert) != 3)    || (cert[0]->type_name != "SEQUENCE")    || (cert[1]->type_name != "SEQUENCE")    || (!sizeof(cert[1]))    || (cert[1][0]->type_name != "OBJECT IDENTIFIER")    || (cert[2]->type_name != "BIT STRING")
pike.git/lib/modules/Standards.pmod/X509.pmod:1676:       // Decode all certificates in the chain. Leaf is first and root is    // last.       int len = sizeof(cert_chain);    array chain_obj = allocate(len);    array chain_cert = allocate(len);       foreach(cert_chain; int idx; string c)    { -  object cert = Standards.ASN1.Decode.secure_der_decode(c); +  object cert = Standards.PKCS.Signature.decode_signed(c);    TBSCertificate tbs = decode_certificate(cert);    if(!tbs)    FATAL(CERT_INVALID);       int idx = len-idx-1;    chain_cert[idx] = cert;    chain_obj[idx] = tbs;    }    m->certificates = chain_obj;