48 EPNAME(
"X509Chain::Verify");
53 DEBUG(
"Nothing to verify (size: "<<
size<<
")");
69 int opt = (vopt) ? vopt->
opt : 0;
70 int when = (vopt) ? vopt->
when : (int)time(0);
71 int plen = (vopt) ? vopt->
pathlen : -1;
76 if (plen > -1 && plen <
size) {
111 when, xcer, xsig, crl))
139 when, xcer, xsig, crl))
158 while (node && (plen == -1 || plen > 0)) {
172 if (!SubjectOK(errcode, xcer))
176 int pxplen = -1;
bool b;
180 if (!extdata || !cfact || !(cfact && (*(cfact->
ProxyCertInfo()))(extdata, pxplen, &b))) {
189 plen = (pxplen > -1) ? pxplen : plen;
193 plen = (pxplen > -1 && pxplen < plen) ? pxplen : plen;
211 bool XrdCryptogsiX509Chain::SubjectOK(EX509ChainErr &errcode,
XrdCryptoX509 *xcer)
241 int ilen = strlen(xcer->
Issuer());
244 char *pcn = (
char *) strstr(xcer->
Issuer(),
"/CN=");
247 while ((pcnn = (
char *) strstr(pcn+1,
"/CN=")))
249 ilen = (int)(pcn - xcer->
Issuer());
251 if (strncmp(xcer->
Subject() + ilen,
"/CN=",4)) {
253 lastError =
"proxy subject check: found additional chars :";
259 lastError =
"proxy issuer check: issuer not found in subject :";
266 char *pp = (
char *)strstr(xcer->
Subject()+ilen,
"CN=");
269 lastError =
"proxy subject check: no appended 'CN='";
275 pp = strstr(pp+strlen(
"CN="),
"CN=");
278 lastError =
"proxy subject check: too many appended 'CN='s";
#define gsiProxyCertInfo_OID
#define gsiProxyCertInfo_OLD_OID
const int kOptsCheckSubCA
virtual XrdCryptoProxyCertInfo_t ProxyCertInfo()
XrdCryptoX509 * Cert() const
XrdCryptoX509ChainNode * Next() const
virtual bool Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt=0)
XrdCryptoX509ChainNode * begin
const char * X509ChainError(EX509ChainErr e)
virtual XrdCryptoX509data GetExtension(const char *oid)
virtual const char * Subject()
virtual const char * Issuer()
bool Verify(EX509ChainErr &e, x509ChainVerifyOpt_t *vopt=0)