56 	int (*cert_cb)(void *ctx, struct http_cert *cert);
180 static void debug_dump_cert(const char *title, X509 *cert)  in debug_dump_cert()  argument
190 	X509_print_ex(out, cert, XN_FLAG_COMPAT, X509_FLAG_COMPAT);  in debug_dump_cert()
205 static void add_alt_name_othername(struct http_ctx *ctx, struct http_cert *cert,  in add_alt_name_othername()  argument
213 	on = os_realloc_array(cert->othername, cert->num_othername + 1,  in add_alt_name_othername()
217 	cert->othername = on;  in add_alt_name_othername()
218 	on = &on[cert->num_othername];  in add_alt_name_othername()
233 	cert->num_othername++;  in add_alt_name_othername()
237 static void add_alt_name_dns(struct http_ctx *ctx, struct http_cert *cert,  in add_alt_name_dns()  argument
247 	n = os_realloc_array(cert->dnsname, cert->num_dnsname + 1,  in add_alt_name_dns()
252 	cert->dnsname = n;  in add_alt_name_dns()
253 	n[cert->num_dnsname] = buf;  in add_alt_name_dns()
254 	cert->num_dnsname++;  in add_alt_name_dns()
258 static void add_alt_name(struct http_ctx *ctx, struct http_cert *cert,  in add_alt_name()  argument
263 		add_alt_name_othername(ctx, cert, name->d.otherName);  in add_alt_name()
266 		add_alt_name_dns(ctx, cert, name->d.dNSName);  in add_alt_name()
272 static void add_alt_names(struct http_ctx *ctx, struct http_cert *cert,  in add_alt_names()  argument
281 		add_alt_name(ctx, cert, name);  in add_alt_names()
778 			     X509 *cert)  in add_logotype_ext()  argument
792 	pos = X509_get_ext_by_OBJ(cert, obj, -1);  in add_logotype_ext()
799 	ext = X509_get_ext(cert, pos);  in add_logotype_ext()
849 		       X509 *cert, GENERAL_NAMES **names)  in parse_cert()  argument
854 	*names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);  in parse_cert()
858 	add_logotype_ext(ctx, hcert, cert);  in parse_cert()
885 static int validate_server_cert(struct http_ctx *ctx, X509 *cert)  in validate_server_cert()  argument
899 		X509_print_ex(out, cert, XN_FLAG_COMPAT, X509_FLAG_COMPAT);  in validate_server_cert()
903 	parse_cert(ctx, &hcert, cert, &names);  in validate_server_cert()
914 	X509 *cert;  in http_parse_x509_certificate()  local
925 	cert = d2i_X509_bio(in, NULL);  in http_parse_x509_certificate()
928 	if (cert == NULL) {  in http_parse_x509_certificate()
935 		X509_print_ex(out, cert, XN_FLAG_COMPAT,  in http_parse_x509_certificate()
941 	parse_cert(ctx, &hcert, cert, &names);  in http_parse_x509_certificate()
968 	X509_free(cert);  in http_parse_x509_certificate()
975 	X509 *cert;  in curl_cb_ssl_verify()  local
994 	cert = X509_STORE_CTX_get_current_cert(x509_ctx);  in curl_cb_ssl_verify()
995 	if (!cert) {  in curl_cb_ssl_verify()
1002 		ctx->peer_cert = cert;  in curl_cb_ssl_verify()
1004 		ctx->peer_issuer = cert;  in curl_cb_ssl_verify()
1006 		ctx->peer_issuer_issuer = cert;  in curl_cb_ssl_verify()
1008 	name = X509_get_subject_name(cert);  in curl_cb_ssl_verify()
1012 	debug_dump_cert("Server certificate chain - certificate", cert);  in curl_cb_ssl_verify()
1014 	if (depth == 0 && preverify_ok && validate_server_cert(ctx, cert) < 0)  in curl_cb_ssl_verify()
1021 		res = check_ocsp_resp(ssl_ctx, ssl, cert, ctx->peer_issuer,  in curl_cb_ssl_verify()
1147 			X509 *cert;  in ocsp_resp_cb()  local
1148 			cert = X509_dup(ctx->peer_issuer);  in ocsp_resp_cb()
1149 			if (cert && !sk_X509_push(certs, cert)) {  in ocsp_resp_cb()
1153 				X509_free(cert);  in ocsp_resp_cb()
1158 				cert = X509_dup(ctx->peer_issuer_issuer);  in ocsp_resp_cb()
1159 				if (cert && !sk_X509_push(certs, cert)) {  in ocsp_resp_cb()
1163 					X509_free(cert);  in ocsp_resp_cb()
1730 		      int (*cb)(void *ctx, struct http_cert *cert),  in http_set_cert_cb()  argument