30 #include <tqstringlist.h>
34 #include "ksslcertificate.h"
35 #include "ksslcertchain.h"
36 #include "ksslutils.h"
38 #include <kstandarddirs.h>
41 #include <tqdatetime.h>
42 #include <ktempfile.h>
44 #include <sys/types.h>
46 #ifdef HAVE_SYS_STAT_H
53 #define crypt _openssl_crypt
54 #include <openssl/ssl.h>
55 #include <openssl/x509.h>
56 #include <openssl/x509v3.h>
57 #include <openssl/x509_vfy.h>
58 #include <openssl/pem.h>
63 #include <tqcstring.h>
65 #include "ksslx509v3.h"
69 static char hv[] = {
'0',
'1',
'2',
'3',
'4',
'5',
'6',
'7',
'8',
'9',
'A',
'B',
'C',
'D',
'E',
'F'};
72 class KSSLCertificatePrivate {
74 KSSLCertificatePrivate() {
75 kossl = KOSSL::self();
76 _lastPurpose = KSSLCertificate::None;
79 ~KSSLCertificatePrivate() {
90 KSSLCertificate::KSSLPurpose _lastPurpose;
94 d =
new KSSLCertificatePrivate;
95 d->m_stateCached =
false;
96 KGlobal::dirs()->addResourceType(
"kssl", KStandardDirs::kde_default(
"data") +
"kssl");
104 d =
new KSSLCertificatePrivate;
105 d->m_stateCached =
false;
106 KGlobal::dirs()->addResourceType(
"kssl", KStandardDirs::kde_default(
"data") +
"kssl");
109 setCert(KOSSL::self()->X509_dup(const_cast<KSSLCertificate&>(x).getCert()));
121 d->kossl->X509_free(d->m_cert);
137 n->
setCert(KOSSL::self()->X509_dup(x5));
147 if (cert.length() == 0)
150 TQByteArray qba, qbb = cert.copy();
151 KCodecs::base64Decode(qbb, qba);
152 unsigned char *qbap =
reinterpret_cast<unsigned char *
>(qba.data());
153 X509 *x5c = KOSSL::self()->d2i_X509(NULL, &qbap, qba.size());
170 char *t = d->kossl->X509_NAME_oneline(d->kossl->X509_get_subject_name(d->m_cert), 0, 0);
174 d->kossl->OPENSSL_free(t);
184 ASN1_INTEGER *aint = d->kossl->X509_get_serialNumber(d->m_cert);
186 rc = ASN1_INTEGER_QString(aint);
201 i = d->kossl->OBJ_obj2nid(d->m_cert->sig_alg->algorithm);
202 rc = i18n(
"Signature Algorithm: ");
203 rc += (i == NID_undef)?i18n(
"Unknown"):TQString(d->kossl->OBJ_nid2ln(i));
206 rc += i18n(
"Signature Contents:");
207 n = d->m_cert->signature->length;
208 s = (
char *)d->m_cert->signature->data;
209 for (i = 0; i < n; i++) {
210 if (i%20 != 0) rc +=
":";
212 rc.append(hv[(s[i]&0xf0)>>4]);
213 rc.append(hv[s[i]&0x0f]);
228 STACK *s = d->kossl->X509_get1_email(d->m_cert);
230 for(
int n=0; n < s->num; n++) {
231 to.append(d->kossl->sk_value(s,n));
233 d->kossl->X509_email_free(s);
246 int pos = k.findRev(
'(');
248 unsigned int len = k.length();
249 if (k.at(len-1) ==
')') {
250 rc = k.mid(pos+1, len-pos-2);
262 unsigned char md[EVP_MAX_MD_SIZE];
264 if (!d->kossl->X509_digest(d->m_cert, d->kossl->EVP_md5(), md, &n)) {
268 for (
unsigned int j = 0; j < n; j++) {
271 rc.append(hv[(md[j]&0xf0)>>4]);
272 rc.append(hv[md[j]&0x0f]);
287 unsigned char md[EVP_MAX_MD_SIZE];
289 if (!d->kossl->X509_digest(d->m_cert, d->kossl->EVP_md5(), md, &n)) {
293 for (
unsigned int j = 0; j < n; j++) {
294 rc.append(hv[(md[j]&0xf0)>>4]);
295 rc.append(hv[md[j]&0x0f]);
309 EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert);
312 if (pkey->type == EVP_PKEY_RSA)
317 if (pkey->type == EVP_PKEY_DSA)
322 d->kossl->EVP_PKEY_free(pkey);
336 EVP_PKEY *pkey = d->kossl->X509_get_pubkey(d->m_cert);
338 rc = i18n(
"Unknown",
"Unknown key algorithm");
340 if (pkey->type == EVP_PKEY_RSA) {
341 rc = i18n(
"Key type: RSA (%1 bit)") +
"\n";
343 x = d->kossl->BN_bn2hex(pkey->pkey.rsa->n);
344 rc += i18n(
"Modulus: ");
345 rc = rc.arg(strlen(x)*4);
346 for (
unsigned int i = 0; i < strlen(x); i++) {
347 if (i%40 != 0 && i%2 == 0)
354 d->kossl->OPENSSL_free(x);
356 x = d->kossl->BN_bn2hex(pkey->pkey.rsa->e);
357 rc += i18n(
"Exponent: 0x") + x +
"\n";
358 d->kossl->OPENSSL_free(x);
362 if (pkey->type == EVP_PKEY_DSA) {
363 rc = i18n(
"Key type: DSA (%1 bit)") +
"\n";
365 x = d->kossl->BN_bn2hex(pkey->pkey.dsa->p);
366 rc += i18n(
"Prime: ");
368 rc = rc.arg(strlen(x)*4) ;
369 for (
unsigned int i = 0; i < strlen(x); i++) {
370 if (i%40 != 0 && i%2 == 0)
377 d->kossl->OPENSSL_free(x);
379 x = d->kossl->BN_bn2hex(pkey->pkey.dsa->q);
380 rc += i18n(
"160 bit prime factor: ");
381 for (
unsigned int i = 0; i < strlen(x); i++) {
382 if (i%40 != 0 && i%2 == 0)
389 d->kossl->OPENSSL_free(x);
391 x = d->kossl->BN_bn2hex(pkey->pkey.dsa->g);
392 rc += TQString(
"g: ");
393 for (
unsigned int i = 0; i < strlen(x); i++) {
394 if (i%40 != 0 && i%2 == 0)
401 d->kossl->OPENSSL_free(x);
403 x = d->kossl->BN_bn2hex(pkey->pkey.dsa->pub_key);
404 rc += i18n(
"Public key: ");
405 for (
unsigned int i = 0; i < strlen(x); i++) {
406 if (i%40 != 0 && i%2 == 0)
413 d->kossl->OPENSSL_free(x);
416 d->kossl->EVP_PKEY_free(pkey);
429 char *t = d->kossl->X509_NAME_oneline(d->kossl->X509_get_issuer_name(d->m_cert), 0, 0);
435 d->kossl->OPENSSL_free(t);
441 void KSSLCertificate::setChain(
void *c) {
443 d->_chain.setChain(c);
445 d->m_stateCached =
false;
446 d->m_stateCache = KSSLCertificate::Unknown;
453 d->_extensions.flags = 0;
454 d->kossl->X509_check_purpose(c, -1, 0);
457 kdDebug(7029) <<
"---------------- Certificate ------------------"
462 for (
int j = 0; j < d->kossl->X509_PURPOSE_get_count(); j++) {
463 X509_PURPOSE *ptmp = d->kossl->X509_PURPOSE_get0(j);
464 int id = d->kossl->X509_PURPOSE_get_id(ptmp);
465 for (
int ca = 0; ca < 2; ca++) {
466 int idret = d->kossl->X509_check_purpose(c,
id, ca);
467 if (idret == 1 || idret == 2) {
470 d->_extensions.flags |= (1L <<(
id-1));
471 else d->_extensions.flags |= (1L <<(16+
id-1));
474 d->_extensions.flags &= ~(1L <<(
id-1));
475 else d->_extensions.flags &= ~(1L <<(16+
id-1));
481 kdDebug(7029) <<
"flags: " << TQString::number(c->ex_flags, 2)
482 <<
"\nkeyusage: " << TQString::number(c->ex_kusage, 2)
483 <<
"\nxkeyusage: " << TQString::number(c->ex_xkusage, 2)
484 <<
"\nnscert: " << TQString::number(c->ex_nscert, 2)
486 if (c->ex_flags & EXFLAG_KUSAGE)
487 kdDebug(7029) <<
" --- Key Usage extensions found" << endl;
488 else kdDebug(7029) <<
" --- Key Usage extensions NOT found" << endl;
490 if (c->ex_flags & EXFLAG_XKUSAGE)
491 kdDebug(7029) <<
" --- Extended key usage extensions found" << endl;
492 else kdDebug(7029) <<
" --- Extended key usage extensions NOT found" << endl;
494 if (c->ex_flags & EXFLAG_NSCERT)
495 kdDebug(7029) <<
" --- NS extensions found" << endl;
496 else kdDebug(7029) <<
" --- NS extensions NOT found" << endl;
498 if (d->_extensions.certTypeSSLCA())
499 kdDebug(7029) <<
"NOTE: this is an SSL CA file." << endl;
500 else kdDebug(7029) <<
"NOTE: this is NOT an SSL CA file." << endl;
502 if (d->_extensions.certTypeEmailCA())
503 kdDebug(7029) <<
"NOTE: this is an EMAIL CA file." << endl;
504 else kdDebug(7029) <<
"NOTE: this is NOT an EMAIL CA file." << endl;
506 if (d->_extensions.certTypeCodeCA())
507 kdDebug(7029) <<
"NOTE: this is a CODE CA file." << endl;
508 else kdDebug(7029) <<
"NOTE: this is NOT a CODE CA file." << endl;
510 if (d->_extensions.certTypeSSLClient())
511 kdDebug(7029) <<
"NOTE: this is an SSL client." << endl;
512 else kdDebug(7029) <<
"NOTE: this is NOT an SSL client." << endl;
514 if (d->_extensions.certTypeSSLServer())
515 kdDebug(7029) <<
"NOTE: this is an SSL server." << endl;
516 else kdDebug(7029) <<
"NOTE: this is NOT an SSL server." << endl;
518 if (d->_extensions.certTypeNSSSLServer())
519 kdDebug(7029) <<
"NOTE: this is a NETSCAPE SSL server." << endl;
520 else kdDebug(7029) <<
"NOTE: this is NOT a NETSCAPE SSL server." << endl;
522 if (d->_extensions.certTypeSMIME())
523 kdDebug(7029) <<
"NOTE: this is an SMIME certificate." << endl;
524 else kdDebug(7029) <<
"NOTE: this is NOT an SMIME certificate." << endl;
526 if (d->_extensions.certTypeSMIMEEncrypt())
527 kdDebug(7029) <<
"NOTE: this is an SMIME encrypt cert." << endl;
528 else kdDebug(7029) <<
"NOTE: this is NOT an SMIME encrypt cert." << endl;
530 if (d->_extensions.certTypeSMIMESign())
531 kdDebug(7029) <<
"NOTE: this is an SMIME sign cert." << endl;
532 else kdDebug(7029) <<
"NOTE: this is NOT an SMIME sign cert." << endl;
534 if (d->_extensions.certTypeCRLSign())
535 kdDebug(7029) <<
"NOTE: this is a CRL signer." << endl;
536 else kdDebug(7029) <<
"NOTE: this is NOT a CRL signer." << endl;
538 kdDebug(7029) <<
"-----------------------------------------------"
543 d->m_stateCached =
false;
544 d->m_stateCache = KSSLCertificate::Unknown;
547 X509 *KSSLCertificate::getCert() {
557 #include "ksslcallback.c"
561 return (
validate(p) == KSSLCertificate::Ok);
566 return isValid(KSSLCertificate::SSLServer);
570 int KSSLCertificate::purposeToOpenSSL(KSSLCertificate::KSSLPurpose p)
const {
573 if (p == KSSLCertificate::SSLServer) {
574 rc = X509_PURPOSE_SSL_SERVER;
575 }
else if (p == KSSLCertificate::SSLClient) {
576 rc = X509_PURPOSE_SSL_CLIENT;
577 }
else if (p == KSSLCertificate::SMIMEEncrypt) {
578 rc = X509_PURPOSE_SMIME_ENCRYPT;
579 }
else if (p == KSSLCertificate::SMIMESign) {
580 rc = X509_PURPOSE_SMIME_SIGN;
581 }
else if (p == KSSLCertificate::Any) {
582 rc = X509_PURPOSE_ANY;
591 return validate(KSSLCertificate::SSLServer);
597 if (result.isEmpty())
598 return KSSLCertificate::Ok;
600 return result.first();
615 KSSLValidationList errors;
616 if (ca || (d->_lastPurpose != purpose)) {
617 d->m_stateCached =
false;
620 if (!d->m_stateCached)
621 d->_lastPurpose = purpose;
624 X509_STORE *certStore;
625 X509_LOOKUP *certLookup;
626 X509_STORE_CTX *certStoreCTX;
631 errors << KSSLCertificate::Unknown;
635 if (d->m_stateCached) {
636 errors << d->m_stateCache;
640 TQStringList qsl = KGlobal::dirs()->resourceDirs(
"kssl");
643 errors << KSSLCertificate::NoCARoot;
649 for (TQStringList::Iterator j = qsl.begin(); j != qsl.end(); ++j) {
651 TQString _j = (*j) +
"ca-bundle.crt";
652 if (-1 == stat(_j.ascii(), &sb)) {
656 certStore = d->kossl->X509_STORE_new();
658 errors << KSSLCertificate::Unknown;
662 X509_STORE_set_verify_cb_func(certStore, X509Callback);
664 certLookup = d->kossl->X509_STORE_add_lookup(certStore, d->kossl->X509_LOOKUP_file());
666 ksslv = KSSLCertificate::Unknown;
667 d->kossl->X509_STORE_free(certStore);
671 if (!d->kossl->X509_LOOKUP_load_file(certLookup, _j.ascii(), X509_FILETYPE_PEM)) {
673 kdDebug(7029) <<
"KSSL couldn't read CA root: "
675 ksslv = KSSLCertificate::ErrorReadingRoot;
676 d->kossl->X509_STORE_free(certStore);
681 certStoreCTX = d->kossl->X509_STORE_CTX_new();
686 kdDebug(7029) <<
"KSSL couldn't create an X509 store context." << endl;
687 d->kossl->X509_STORE_free(certStore);
691 d->kossl->X509_STORE_CTX_init(certStoreCTX, certStore, d->m_cert, NULL);
692 if (d->_chain.isValid()) {
693 d->kossl->X509_STORE_CTX_set_chain(certStoreCTX, (STACK_OF(X509)*)d->_chain.rawChain());
699 d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX, purposeToOpenSSL(purpose));
701 KSSL_X509CallBack_ca = ca ? ca->d->m_cert : 0;
702 KSSL_X509CallBack_ca_found =
false;
704 certStoreCTX->error = X509_V_OK;
705 rc = d->kossl->X509_verify_cert(certStoreCTX);
706 int errcode = certStoreCTX->error;
707 if (ca && !KSSL_X509CallBack_ca_found) {
708 ksslv = KSSLCertificate::Irrelevant;
710 ksslv = processError(errcode);
713 if ( (ksslv != KSSLCertificate::Ok) &&
714 (ksslv != KSSLCertificate::Irrelevant) &&
715 purpose == KSSLCertificate::SSLServer) {
716 d->kossl->X509_STORE_CTX_set_purpose(certStoreCTX,
717 X509_PURPOSE_NS_SSL_SERVER);
719 certStoreCTX->error = X509_V_OK;
720 rc = d->kossl->X509_verify_cert(certStoreCTX);
721 errcode = certStoreCTX->error;
722 ksslv = processError(errcode);
724 d->kossl->X509_STORE_CTX_free(certStoreCTX);
725 d->kossl->X509_STORE_free(certStore);
736 if (ksslv != NoCARoot && ksslv != InvalidCA) {
737 d->m_stateCached =
true;
738 d->m_stateCache = ksslv;
743 if (ksslv != KSSLCertificate::Ok)
746 errors << KSSLCertificate::NoSSL;
754 return revalidate(KSSLCertificate::SSLServer);
759 d->m_stateCached =
false;
767 rc = KSSLCertificate::Unknown;
771 rc = KSSLCertificate::Ok;
775 case X509_V_ERR_CERT_REJECTED:
776 rc = KSSLCertificate::Rejected;
780 case X509_V_ERR_CERT_UNTRUSTED:
781 rc = KSSLCertificate::Untrusted;
785 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
786 case X509_V_ERR_CERT_SIGNATURE_FAILURE:
787 case X509_V_ERR_CRL_SIGNATURE_FAILURE:
788 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
789 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
790 rc = KSSLCertificate::SignatureFailed;
793 case X509_V_ERR_INVALID_CA:
794 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
795 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
796 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
797 rc = KSSLCertificate::InvalidCA;
801 case X509_V_ERR_INVALID_PURPOSE:
802 rc = KSSLCertificate::InvalidPurpose;
806 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
807 rc = KSSLCertificate::SelfSigned;
810 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
811 rc = KSSLCertificate::SelfSignedChain;
814 case X509_V_ERR_CERT_REVOKED:
815 rc = KSSLCertificate::Revoked;
818 case X509_V_ERR_PATH_LENGTH_EXCEEDED:
819 rc = KSSLCertificate::PathLengthExceeded;
822 case X509_V_ERR_CERT_NOT_YET_VALID:
823 case X509_V_ERR_CERT_HAS_EXPIRED:
824 case X509_V_ERR_CRL_NOT_YET_VALID:
825 case X509_V_ERR_CRL_HAS_EXPIRED:
826 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
827 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
828 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
829 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
830 rc = KSSLCertificate::Expired;
831 kdDebug(7029) <<
"KSSL apparently this is expired. Not after: "
836 case X509_V_ERR_APPLICATION_VERIFICATION:
837 case X509_V_ERR_OUT_OF_MEM:
838 case X509_V_ERR_UNABLE_TO_GET_CRL:
839 case X509_V_ERR_CERT_CHAIN_TOO_LONG:
841 rc = KSSLCertificate::Unknown;
845 d->m_stateCache = rc;
846 d->m_stateCached =
true;
854 return ASN1_UTCTIME_QString(X509_get_notBefore(d->m_cert));
856 return TQString::null;
863 return ASN1_UTCTIME_QString(X509_get_notAfter(d->m_cert));
865 return TQString::null;
872 return ASN1_UTCTIME_QDateTime(X509_get_notBefore(d->m_cert), NULL);
874 return TQDateTime::currentDateTime();
881 return ASN1_UTCTIME_QDateTime(X509_get_notAfter(d->m_cert), NULL);
883 return TQDateTime::currentDateTime();
889 #ifndef KSSL_HAVE_SSL
892 if (!KOSSL::self()->X509_cmp(x.getCert(), y.getCert()))
return 1;
903 newOne->
setCert(d->kossl->X509_dup(getCert()));
913 return KCodecs::base64Encode(
toDer());
919 case KSSLCertificate::Ok:
920 return i18n(
"The certificate is valid.");
921 case KSSLCertificate::PathLengthExceeded:
922 case KSSLCertificate::ErrorReadingRoot:
923 case KSSLCertificate::NoCARoot:
924 return i18n(
"Certificate signing authority root files could not be found so the certificate is not verified.");
925 case KSSLCertificate::SelfSignedChain:
926 case KSSLCertificate::InvalidCA:
927 return i18n(
"Certificate signing authority is unknown or invalid.");
928 case KSSLCertificate::SelfSigned:
929 return i18n(
"Certificate is self-signed and thus may not be trustworthy.");
930 case KSSLCertificate::Expired:
931 return i18n(
"Certificate has expired.");
932 case KSSLCertificate::Revoked:
933 return i18n(
"Certificate has been revoked.");
934 case KSSLCertificate::NoSSL:
935 return i18n(
"SSL support was not found.");
936 case KSSLCertificate::Untrusted:
937 return i18n(
"Signature is untrusted.");
938 case KSSLCertificate::SignatureFailed:
939 return i18n(
"Signature test failed.");
940 case KSSLCertificate::Rejected:
941 case KSSLCertificate::InvalidPurpose:
942 return i18n(
"Rejected, possibly due to an invalid purpose.");
943 case KSSLCertificate::PrivateKeyFailed:
944 return i18n(
"Private key test failed.");
945 case KSSLCertificate::InvalidHost:
946 return i18n(
"The certificate has not been issued for this host.");
947 case KSSLCertificate::Irrelevant:
948 return i18n(
"This certificate is not relevant.");
953 return i18n(
"The certificate is invalid.");
960 unsigned int certlen = d->kossl->i2d_X509(getCert(), NULL);
961 unsigned char *cert =
new unsigned char[certlen];
962 unsigned char *p = cert;
964 d->kossl->i2d_X509(getCert(), &p);
967 qba.duplicate((
const char*)cert, certlen);
978 const char *header =
"-----BEGIN CERTIFICATE-----\n";
979 const char *footer =
"-----END CERTIFICATE-----\n";
983 unsigned int xx = thecert.length() - 1;
984 for (
unsigned int i = 0; i < xx/64; i++) {
985 thecert.insert(64*(i+1)+i,
'\n');
988 thecert.prepend(header);
990 if (thecert[thecert.length()-1] !=
'\n')
993 thecert.append(footer);
995 qba.duplicate(thecert.local8Bit(), thecert.length());
1000 #define NETSCAPE_CERT_HDR "certificate"
1005 #ifdef KSSL_HAVE_SSL
1006 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
1008 ASN1_OCTET_STRING hdr;
1011 ASN1_OCTET_STRING os;
1015 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
1016 hdr.data = (
unsigned char *)NETSCAPE_CERT_HDR;
1017 hdr.length = strlen(NETSCAPE_CERT_HDR);
1019 nx.cert = getCert();
1021 d->kossl->ASN1_i2d_fp(ktf.fstream(),(
unsigned char *)&nx);
1023 os.data = (
unsigned char *)NETSCAPE_CERT_HDR;
1024 os.length = strlen(NETSCAPE_CERT_HDR);
1026 ah.data = (
char *)getCert();
1027 ah.meth = d->kossl->X509_asn1_meth();
1029 d->kossl->ASN1_i2d_fp(ktf.fstream(),(
unsigned char *)&ah);
1034 TQFile qf(ktf.name());
1035 qf.open(IO_ReadOnly);
1036 char *buf =
new char[qf.size()];
1037 qf.readBlock(buf, qf.size());
1038 qba.duplicate(buf, qf.size());
1052 #ifdef KSSL_HAVE_SSL
1055 d->kossl->X509_print(ktf.fstream(), getCert());
1058 TQFile qf(ktf.name());
1059 qf.open(IO_ReadOnly);
1060 char *buf =
new char[qf.size()+1];
1061 qf.readBlock(buf, qf.size());
1073 #ifdef KSSL_HAVE_SSL
1074 TQByteArray qba, qbb = cert.local8Bit().copy();
1075 KCodecs::base64Decode(qbb, qba);
1076 unsigned char *qbap =
reinterpret_cast<unsigned char *
>(qba.data());
1077 X509 *x5c = KOSSL::self()->d2i_X509(NULL, &qbap, qba.size());
1088 return d->_extensions;
1093 return d->_extensions.certTypeCA();
1099 #ifdef KSSL_HAVE_SSL
1100 STACK_OF(GENERAL_NAME) *names;
1101 names = (STACK_OF(GENERAL_NAME)*)d->kossl->X509_get_ext_d2i(d->m_cert, NID_subject_alt_name, 0, 0);
1107 int cnt = d->kossl->sk_GENERAL_NAME_num(names);
1109 for (
int i = 0; i < cnt; i++) {
1110 const GENERAL_NAME *val = (
const GENERAL_NAME *)d->kossl->sk_value(names, i);
1111 if (val->type != GEN_DNS) {
1115 TQString s = (
const char *)d->kossl->ASN1_STRING_data(val->d.ia5);
1118 s.length() == d->kossl->ASN1_STRING_length(val->d.ia5)) {
1122 d->kossl->sk_free(names);
1130 TQPtrList<KSSLCertificate> cl =
const_cast<KSSLCertificate&
>(r).chain().getChain();
1136 cl.setAutoDelete(
true);
1138 s << const_cast<KSSLCertificate&>(r).toString() << qsl;
1150 if (r.
setCert(cert) && !qsl.isEmpty())