本文整理汇总了C++中CERT_DestroyCertificate函数的典型用法代码示例。如果您正苦于以下问题:C++ CERT_DestroyCertificate函数的具体用法?C++ CERT_DestroyCertificate怎么用?C++ CERT_DestroyCertificate使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了CERT_DestroyCertificate函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ssl_DestroySID
/* BEWARE: This function gets called for both client and server SIDs !!
* If the unreferenced sid is not in the cache, Free sid and its contents.
*/
static void
ssl_DestroySID(sslSessionID *sid)
{
SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
PORT_Assert((sid->references == 0));
if (sid->cached == in_client_cache)
return; /* it will get taken care of next time cache is traversed. */
if (sid->version < SSL_LIBRARY_VERSION_3_0) {
SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
}
if (sid->peerID != NULL)
PORT_Free((void *)sid->peerID); /* CONST */
if (sid->urlSvrName != NULL)
PORT_Free((void *)sid->urlSvrName); /* CONST */
if ( sid->peerCert ) {
CERT_DestroyCertificate(sid->peerCert);
}
if ( sid->localCert ) {
CERT_DestroyCertificate(sid->localCert);
}
if (sid->u.ssl3.sessionTicket.ticket.data) {
SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE);
}
PORT_ZFree(sid, sizeof(sslSessionID));
}示例2: CMMF_DestroyCertRepContent
SECStatus
CMMF_DestroyCertRepContent(CMMFCertRepContent *inCertRepContent)
{
PORT_Assert(inCertRepContent != NULL);
if (inCertRepContent != NULL) {
CMMFCertResponse **pResponse = inCertRepContent->response;
if (pResponse != NULL) {
for (; *pResponse != NULL; pResponse++) {
CMMFCertifiedKeyPair *certKeyPair = (*pResponse)->certifiedKeyPair;
/* XXX Why not call CMMF_DestroyCertifiedKeyPair or
** XXX cmmf_DestroyCertOrEncCert ?
*/
if (certKeyPair != NULL &&
certKeyPair->certOrEncCert.choice == cmmfCertificate &&
certKeyPair->certOrEncCert.cert.certificate != NULL) {
CERT_DestroyCertificate(certKeyPair->certOrEncCert.cert.certificate);
certKeyPair->certOrEncCert.cert.certificate = NULL;
}
}
}
if (inCertRepContent->caPubs) {
CERTCertificate **caPubs = inCertRepContent->caPubs;
for (; *caPubs; ++caPubs) {
CERT_DestroyCertificate(*caPubs);
*caPubs = NULL;
}
}
if (inCertRepContent->poolp != NULL) {
PORT_FreeArena(inCertRepContent->poolp, PR_TRUE);
}
}
return SECSuccess;
}示例3: check_issuer_cert
/**
*
* Check that the Peer certificate's issuer certificate matches the one found
* by issuer_nickname. This is not exactly the way OpenSSL and GNU TLS do the
* issuer check, so we provide comments that mimic the OpenSSL
* X509_check_issued function (in x509v3/v3_purp.c)
*/
static SECStatus check_issuer_cert(PRFileDesc *sock,
char *issuer_nickname)
{
CERTCertificate *cert,*cert_issuer,*issuer;
SECStatus res=SECSuccess;
void *proto_win = NULL;
/*
PRArenaPool *tmpArena = NULL;
CERTAuthKeyID *authorityKeyID = NULL;
SECITEM *caname = NULL;
*/
cert = SSL_PeerCertificate(sock);
cert_issuer = CERT_FindCertIssuer(cert,PR_Now(),certUsageObjectSigner);
proto_win = SSL_RevealPinArg(sock);
issuer = PK11_FindCertFromNickname(issuer_nickname, proto_win);
if((!cert_issuer) || (!issuer))
res = SECFailure;
else if(SECITEM_CompareItem(&cert_issuer->derCert,
&issuer->derCert)!=SECEqual)
res = SECFailure;
CERT_DestroyCertificate(cert);
CERT_DestroyCertificate(issuer);
CERT_DestroyCertificate(cert_issuer);
return res;
}示例4: ssl_ResetSecurityInfo
/* Reset sec back to its initial state.
** Caller holds any relevant locks.
*/
void
ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
{
if (sec->localCert) {
CERT_DestroyCertificate(sec->localCert);
sec->localCert = NULL;
}
if (sec->peerCert) {
CERT_DestroyCertificate(sec->peerCert);
sec->peerCert = NULL;
}
if (sec->peerKey) {
SECKEY_DestroyPublicKey(sec->peerKey);
sec->peerKey = NULL;
}
/* cleanup the ci */
if (sec->ci.sid != NULL) {
ssl_FreeSID(sec->ci.sid);
}
PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space);
if (doMemset) {
memset(&sec->ci, 0, sizeof sec->ci);
}
}示例5: ssl_DestroySID
/* BEWARE: This function gets called for both client and server SIDs !!
* If the unreferenced sid is not in the cache, Free sid and its contents.
*/
static void
ssl_DestroySID(sslSessionID *sid)
{
int i;
SSL_TRC(8, ("SSL: destroy sid: sid=0x%x cached=%d", sid, sid->cached));
PORT_Assert(sid->references == 0);
PORT_Assert(sid->cached != in_client_cache);
if (sid->version < SSL_LIBRARY_VERSION_3_0) {
SECITEM_ZfreeItem(&sid->u.ssl2.masterKey, PR_FALSE);
SECITEM_ZfreeItem(&sid->u.ssl2.cipherArg, PR_FALSE);
} else {
if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
PR_FALSE);
}
if (sid->u.ssl3.srvName.data) {
SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
}
if (sid->u.ssl3.originalHandshakeHash.data) {
SECITEM_FreeItem(&sid->u.ssl3.originalHandshakeHash, PR_FALSE);
}
if (sid->u.ssl3.signedCertTimestamps.data) {
SECITEM_FreeItem(&sid->u.ssl3.signedCertTimestamps, PR_FALSE);
}
if (sid->u.ssl3.lock) {
NSSRWLock_Destroy(sid->u.ssl3.lock);
}
}
if (sid->peerID != NULL)
PORT_Free((void *)sid->peerID); /* CONST */
if (sid->urlSvrName != NULL)
PORT_Free((void *)sid->urlSvrName); /* CONST */
if ( sid->peerCert ) {
CERT_DestroyCertificate(sid->peerCert);
}
for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
CERT_DestroyCertificate(sid->peerCertChain[i]);
}
if (sid->peerCertStatus.items) {
SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);
}
if ( sid->localCert ) {
CERT_DestroyCertificate(sid->localCert);
}
PORT_ZFree(sid, sizeof(sslSessionID));
}示例6: ssl_ResetSecurityInfo
/* Reset sec back to its initial state.
** Caller holds any relevant locks.
*/
void
ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
{
/* Destroy MAC */
if (sec->hash && sec->hashcx) {
(*sec->hash->destroy)(sec->hashcx, PR_TRUE);
sec->hashcx = NULL;
sec->hash = NULL;
}
SECITEM_ZfreeItem(&sec->sendSecret, PR_FALSE);
SECITEM_ZfreeItem(&sec->rcvSecret, PR_FALSE);
/* Destroy ciphers */
if (sec->destroy) {
(*sec->destroy)(sec->readcx, PR_TRUE);
(*sec->destroy)(sec->writecx, PR_TRUE);
sec->readcx = NULL;
sec->writecx = NULL;
} else {
PORT_Assert(sec->readcx == 0);
PORT_Assert(sec->writecx == 0);
}
sec->readcx = 0;
sec->writecx = 0;
if (sec->localCert) {
CERT_DestroyCertificate(sec->localCert);
sec->localCert = NULL;
}
if (sec->peerCert) {
CERT_DestroyCertificate(sec->peerCert);
sec->peerCert = NULL;
}
if (sec->peerKey) {
SECKEY_DestroyPublicKey(sec->peerKey);
sec->peerKey = NULL;
}
/* cleanup the ci */
if (sec->ci.sid != NULL) {
ssl_FreeSID(sec->ci.sid);
}
PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space);
if (doMemset) {
memset(&sec->ci, 0, sizeof sec->ci);
}
}示例7: FindSigningCert
static CERTCertificate *
FindSigningCert(CERTCertDBHandle *certHandle, CERTSignedCrl *signCrl,
char *certNickName)
{
CERTCertificate *cert = NULL, *certTemp = NULL;
SECStatus rv = SECFailure;
CERTAuthKeyID *authorityKeyID = NULL;
SECItem *subject = NULL;
PORT_Assert(certHandle != NULL);
if (!certHandle || (!signCrl && !certNickName)) {
SECU_PrintError(progName, "invalid args for function "
"FindSigningCert \n");
return NULL;
}
if (signCrl) {
#if 0
authorityKeyID = SECU_FindCRLAuthKeyIDExten(tmpArena, scrl);
#endif
subject = &signCrl->crl.derName;
} else {
certTemp = CERT_FindCertByNickname(certHandle, certNickName);
if (!certTemp) {
SECU_PrintError(progName, "could not find certificate \"%s\" "
"in database",
certNickName);
goto loser;
}
subject = &certTemp->derSubject;
}
cert = SECU_FindCrlIssuer(certHandle, subject, authorityKeyID, PR_Now());
if (!cert) {
SECU_PrintError(progName, "could not find signing certificate "
"in database");
goto loser;
} else {
rv = SECSuccess;
}
loser:
if (certTemp)
CERT_DestroyCertificate(certTemp);
if (cert && rv != SECSuccess)
CERT_DestroyCertificate(cert);
return cert;
}示例8: nss_bad_cert_cb
static SECStatus nss_bad_cert_cb(void *arg, PRFileDesc *fd) {
struct tls_connection *conn = arg;
SECStatus res = SECSuccess;
PRErrorCode err;
CERTCertificate *cert;
char *subject, *issuer;
err = PR_GetError();
if (IS_SEC_ERROR(err))
wpa_printf(MSG_DEBUG, "NSS: Bad Server Certificate (sec err "
"%d)", err - SEC_ERROR_BASE);
else
wpa_printf(MSG_DEBUG, "NSS: Bad Server Certificate (err %d)",
err);
cert = SSL_PeerCertificate(fd);
subject = CERT_NameToAscii(&cert->subject);
issuer = CERT_NameToAscii(&cert->issuer);
wpa_printf(MSG_DEBUG, "NSS: Peer certificate subject='%s' issuer='%s'",
subject, issuer);
CERT_DestroyCertificate(cert);
PR_Free(subject);
PR_Free(issuer);
if (conn->verify_peer)
res = SECFailure;
return res;
}示例9: MOZ_MTLOG
SECStatus TransportLayerDtls::GetClientAuthDataHook(void *arg, PRFileDesc *fd,
CERTDistNames *caNames,
CERTCertificate **pRetCert,
SECKEYPrivateKey **pRetKey) {
MOZ_MTLOG(ML_DEBUG, "Server requested client auth");
TransportLayerDtls *stream = reinterpret_cast<TransportLayerDtls *>(arg);
stream->CheckThread();
if (!stream->identity_) {
MOZ_MTLOG(ML_ERROR, "No identity available");
PR_SetError(SSL_ERROR_NO_CERTIFICATE, 0);
return SECFailure;
}
*pRetCert = CERT_DupCertificate(stream->identity_->cert());
if (!*pRetCert) {
PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0);
return SECFailure;
}
*pRetKey = SECKEY_CopyPrivateKey(stream->identity_->privkey());
if (!*pRetKey) {
CERT_DestroyCertificate(*pRetCert);
*pRetCert = nullptr;
PR_SetError(PR_OUT_OF_MEMORY_ERROR, 0);
return SECFailure;
}
return SECSuccess;
}示例10: nss_check_host
/*
* Host name checking according to RFC 2595.
*/
static enum okay
nss_check_host(const char *server, struct sock *sp)
{
CERTCertificate *cert;
char *cn = NULL;
enum okay ok = STOP;
PRArenaPool *arena;
CERTGeneralName *gn;
SECItem altname;
CERTAltNameEncodedContext ec;
int i;
const SEC_ASN1Template gntempl[] = {
{ SEC_ASN1_SEQUENCE_OF, 0, SEC_AnyTemplate }
};
if ((cert = SSL_PeerCertificate(sp->s_prfd)) == NULL) {
fprintf(stderr, "no certificate from \"%s\"\n", server);
return STOP;
}
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
&altname) == SECSuccess &&
SEC_ASN1DecodeItem(arena, &ec, gntempl,
&altname) == SECSuccess &&
ec.encodedGenName != NULL) {
for (i = 0; ec.encodedGenName[i] != NULL; i++) {
gn = CERT_DecodeGeneralName(arena, ec.encodedGenName[i],
NULL);
if (gn->type == certDNSName) {
char *dn = ac_alloc(gn->name.other.len + 1);
memcpy(dn, gn->name.other.data,
gn->name.other.len);
dn[gn->name.other.len] = '\0';
if (verbose)
fprintf(stderr,
"Comparing DNS name: \"%s\"\n",
dn);
if (rfc2595_hostname_match(server, dn)
== OKAY) {
ac_free(dn);
goto out;
}
ac_free(dn);
}
}
}
if ((cn = CERT_GetCommonName(&cert->subject)) != NULL) {
if (verbose)
fprintf(stderr, "Comparing common name: \"%s\"\n", cn);
ok = rfc2595_hostname_match(server, cn);
}
if (ok == STOP)
fprintf(stderr, "host certificate does not match \"%s\"\n",
server);
out: if (cn)
PORT_Free(cn);
PORT_FreeArena(arena, PR_FALSE);
CERT_DestroyCertificate(cert);
return ok;
}示例11: NSS_LoadPublicKey
/**
* Loads the public key for the specified cert name from the NSS store.
*
* @param certData The DER-encoded X509 certificate to extract the key from.
* @param certDataSize The size of certData.
* @param publicKey Out parameter for the public key to use.
* @return CryptoX_Success on success, CryptoX_Error on error.
*/
CryptoX_Result
NSS_LoadPublicKey(const unsigned char *certData, unsigned int certDataSize,
SECKEYPublicKey **publicKey)
{
CERTCertificate * cert;
SECItem certDataItem = { siBuffer, (unsigned char*) certData, certDataSize };
if (!certData || !publicKey) {
return CryptoX_Error;
}
cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &certDataItem, NULL,
PR_FALSE, PR_TRUE);
/* Get the cert and embedded public key out of the database */
if (!cert) {
return CryptoX_Error;
}
*publicKey = CERT_ExtractPublicKey(cert);
CERT_DestroyCertificate(cert);
if (!*publicKey) {
return CryptoX_Error;
}
return CryptoX_Success;
}示例12: nss_get_cert
static X509*
nss_get_cert(NSS_CTX *ctx, const char *s) {
X509 *x509 = NULL;
CERTCertificate *cert = NULL;
CALL_TRACE("nss_get_cert...\n");
if (ctx == NULL) {
NSSerr(NSS_F_GET_CERT, NSS_R_INVALID_ARGUMENT);
goto done;
}
if (!NSS_IsInitialized()) {
NSSerr(NSS_F_GET_CERT, NSS_R_DB_IS_NOT_INITIALIZED);
goto done;
}
nss_debug(ctx, "search certificate '%s'", s);
cert = PK11_FindCertFromNickname(s, NULL);
nss_trace(ctx, "found certificate mem='%p'", cert);
if (cert == NULL) goto done;
x509 = X509_from_CERTCertificate(cert);
done:
if (cert) CERT_DestroyCertificate(cert);
nss_debug(ctx, "certificate %s", (x509 ? "found": "not found"));
return(x509);
}示例13: ssl_PopulateServerCert
static SECStatus
ssl_PopulateServerCert(sslServerCert *sc, CERTCertificate *cert,
const CERTCertificateList *certChain)
{
if (sc->serverCert) {
CERT_DestroyCertificate(sc->serverCert);
}
if (sc->serverCertChain) {
CERT_DestroyCertificateList(sc->serverCertChain);
}
if (!cert) {
sc->serverCert = NULL;
sc->serverCertChain = NULL;
return SECSuccess;
}
sc->serverCert = CERT_DupCertificate(cert);
if (certChain) {
sc->serverCertChain = CERT_DupCertList(certChain);
} else {
sc->serverCertChain =
CERT_CertChainFromCert(sc->serverCert, certUsageSSLServer,
PR_TRUE);
}
return sc->serverCertChain ? SECSuccess : SECFailure;
}示例14: SecCmsSignerInfoDestroy
/*
* SecCmsSignerInfoDestroy - destroy a SignerInfo data structure
*/
void
SecCmsSignerInfoDestroy(SecCmsSignerInfoRef si)
{
if (si->cert != NULL) {
dprintfRC("SecCmsSignerInfoDestroy top: certp %p cert.rc %d\n",
si->cert, (int)CFGetRetainCount(si->cert));
CERT_DestroyCertificate(si->cert);
}
if (si->certList != NULL) {
dprintfRC("SecCmsSignerInfoDestroy top: certList.rc %d\n",
(int)CFGetRetainCount(si->certList));
CFRelease(si->certList);
}
if (si->timestampCertList != NULL) {
dprintfRC("SecCmsSignerInfoDestroy top: timestampCertList.rc %d\n",
(int)CFGetRetainCount(si->timestampCertList));
CFRelease(si->timestampCertList);
}
if (si->hashAgilityAttrValue != NULL) {
dprintfRC("SecCmsSignerInfoDestroy top: hashAgilityAttrValue.rc %d\n",
(int)CFGetRetainCount(si->hashAgilityAttrValue));
CFRelease(si->hashAgilityAttrValue);
}
/* XXX storage ??? */
}示例15: mySSLAuthCertificate
/* This invokes the "default" AuthCert handler in libssl.
** The only reason to use this one is that it prints out info as it goes.
*/
static SECStatus
mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
PRBool isServer)
{
SECStatus rv;
CERTCertificate * peerCert;
const SECItemArray *csa;
if (MakeCertOK>=2) {
return SECSuccess;
}
peerCert = SSL_PeerCertificate(fd);
PRINTF("strsclnt: Subject: %s\nstrsclnt: Issuer : %s\n",
peerCert->subjectName, peerCert->issuerName);
csa = SSL_PeerStapledOCSPResponses(fd);
if (csa) {
PRINTF("Received %d Cert Status items (OCSP stapled data)\n",
csa->len);
}
/* invoke the "default" AuthCert handler. */
rv = SSL_AuthCertificate(arg, fd, checkSig, isServer);
PR_ATOMIC_INCREMENT(&certsTested);
if (rv == SECSuccess) {
fputs("strsclnt: -- SSL: Server Certificate Validated.\n", stderr);
}
CERT_DestroyCertificate(peerCert);
/* error, if any, will be displayed by the Bad Cert Handler. */
return rv;
}