Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD build

functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
author: ryker <> 1998-10-05 20:13:14 +0000
committer: ryker <> 1998-10-05 20:13:14 +0000
commit: aeeae06a79815dc190061534d47236cec09f9e32 (patch)
tree: 851692b9c2f9c04f077666855641900f19fdb217 /src/lib/libssl/ssl_cert.c
parent: a4f79641824cbf9f60ca9d1168d1fcc46717a82a (diff)
download: openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.gz
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.bz2
openbsd-aeeae06a79815dc190061534d47236cec09f9e32.zip
1 files changed, 329 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
new file mode 100644
index 0000000000..c1cb86e1b7
--- /dev/null
+++ b/src/lib/libssl/ssl_cert.c
@@ -0,0 +1,329 @@
+/* ssl/ssl_cert.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "objects.h"
+#include "bio.h"
+#include "pem.h"
+#include "ssl_locl.h"
+CERT *ssl_cert_new()
+        {
+        CERT *ret;
+        ret=(CERT *)Malloc(sizeof(CERT));
+        if (ret == NULL)
+                {
+                SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
+                return(NULL);
+                }
+        memset(ret,0,sizeof(CERT));
+/*
+        ret->valid=0;
+        ret->mask=0;
+        ret->export_mask=0;
+        ret->cert_type=0;
+        ret->key->x509=NULL;
+        ret->key->publickey=NULL;
+        ret->key->privatekey=NULL; */
+        ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
+        ret->references=1;
+        return(ret);
+        }
+void ssl_cert_free(c)
+CERT *c;
+        {
+        int i;
+        i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
+#ifdef REF_PRINT
+        REF_PRINT("CERT",c);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"ssl_cert_free, bad reference count\n");
+                abort(); /* ok */
+                }
+#endif
+#ifndef NO_RSA
+        if (c->rsa_tmp) RSA_free(c->rsa_tmp);
+#endif
+#ifndef NO_DH
+        if (c->dh_tmp) DH_free(c->dh_tmp);
+#endif
+        for (i=0; i<SSL_PKEY_NUM; i++)
+                {
+                if (c->pkeys[i].x509 != NULL)
+                        X509_free(c->pkeys[i].x509);
+                if (c->pkeys[i].privatekey != NULL)
+                        EVP_PKEY_free(c->pkeys[i].privatekey);
+#if 0
+                if (c->pkeys[i].publickey != NULL)
+                        EVP_PKEY_free(c->pkeys[i].publickey);
+#endif
+                }
+        if (c->cert_chain != NULL)
+                sk_pop_free(c->cert_chain,X509_free);
+        Free(c);
+        }
+int ssl_set_cert_type(c, type)
+CERT *c;
+int type;
+        {
+        c->cert_type=type;
+        return(1);
+        }
+int ssl_verify_cert_chain(s,sk)
+SSL *s;
+STACK *sk;
+        {
+        X509 *x;
+        int i;
+        X509_STORE_CTX ctx;
+        if ((sk == NULL) || (sk_num(sk) == 0))
+                return(0);
+        x=(X509 *)sk_value(sk,0);
+        X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
+        X509_STORE_CTX_set_app_data(&ctx,(char *)s);
+        if (s->ctx->app_verify_callback != NULL)
+                i=s->ctx->app_verify_callback(&ctx);
+        else
+                i=X509_verify_cert(&ctx);
+        X509_STORE_CTX_cleanup(&ctx);
+        s->verify_result=ctx.error;
+        return(i);
+        }
+static void set_client_CA_list(ca_list,list)
+STACK **ca_list;
+STACK *list;
+        {
+        if (*ca_list != NULL)
+                sk_pop_free(*ca_list,X509_NAME_free);
+        *ca_list=list;
+        }
+STACK *SSL_dup_CA_list(sk)
+STACK *sk;
+        {
+        int i;
+        STACK *ret;
+        X509_NAME *name;
+        ret=sk_new_null();
+        for (i=0; i<sk_num(sk); i++)
+                {
+                name=X509_NAME_dup((X509_NAME *)sk_value(sk,i));
+                if ((name == NULL) || !sk_push(ret,(char *)name))
+                        {
+                        sk_pop_free(ret,X509_NAME_free);
+                        return(NULL);
+                        }
+                }
+        return(ret);
+        }
+void SSL_set_client_CA_list(s,list)
+SSL *s;
+STACK *list;
+        {
+        set_client_CA_list(&(s->client_CA),list);
+        }
+void SSL_CTX_set_client_CA_list(ctx,list)
+SSL_CTX *ctx;
+STACK *list;
+        {
+        set_client_CA_list(&(ctx->client_CA),list);
+        }
+STACK *SSL_CTX_get_client_CA_list(ctx)
+SSL_CTX *ctx;
+        {
+        return(ctx->client_CA);
+        }
+STACK *SSL_get_client_CA_list(s)
+SSL *s;
+        {
+        if (s->type == SSL_ST_CONNECT)
+                { /* we are in the client */
+                if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
+                        (s->s3 != NULL))
+                        return(s->s3->tmp.ca_names);
+                else
+                        return(NULL);
+                }
+        else
+                {
+                if (s->client_CA != NULL)
+                        return(s->client_CA);
+                else
+                        return(s->ctx->client_CA);
+                }
+        }
+static int add_client_CA(sk,x)
+STACK **sk;
+X509 *x;
+        {
+        X509_NAME *name;
+        if (x == NULL) return(0);
+        if ((*sk == NULL) && ((*sk=sk_new_null()) == NULL))
+                return(0);
+                
+        if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
+                return(0);
+        if (!sk_push(*sk,(char *)name))
+                {
+                X509_NAME_free(name);
+                return(0);
+                }
+        return(1);
+        }
+int SSL_add_client_CA(ssl,x)
+SSL *ssl;
+X509 *x;
+        {
+        return(add_client_CA(&(ssl->client_CA),x));
+        }
+int SSL_CTX_add_client_CA(ctx,x)
+SSL_CTX *ctx;
+X509 *x;
+        {
+        return(add_client_CA(&(ctx->client_CA),x));
+        }
+static int name_cmp(a,b)
+X509_NAME **a,**b;
+        {
+        return(X509_NAME_cmp(*a,*b));
+        }
+#ifndef NO_STDIO
+STACK *SSL_load_client_CA_file(file)
+char *file;
+        {
+        BIO *in;
+        X509 *x=NULL;
+        X509_NAME *xn=NULL;
+        STACK *ret,*sk;
+        ret=sk_new(NULL);
+        sk=sk_new(name_cmp);
+        in=BIO_new(BIO_s_file_internal());
+        if ((ret == NULL) || (sk == NULL) || (in == NULL))
+                {
+                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        if (!BIO_read_filename(in,file))
+                goto err;
+        for (;;)
+                {
+                if (PEM_read_bio_X509(in,&x,NULL) == NULL)
+                        break;
+                if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+                /* check for duplicates */
+                xn=X509_NAME_dup(xn);
+                if (xn == NULL) goto err;
+                if (sk_find(sk,(char *)xn) >= 0)
+                        X509_NAME_free(xn);
+                else
+                        {
+                        sk_push(sk,(char *)xn);
+                        sk_push(ret,(char *)xn);
+                        }
+                }
+        if (0)
+                {
+err:
+                if (ret != NULL) sk_pop_free(ret,X509_NAME_free);
+                ret=NULL;
+                }
+        if (sk != NULL) sk_free(sk);
+        if (in != NULL) BIO_free(in);
+        if (x != NULL) X509_free(x);
+        return(ret);
+        }
+#endif
author	ryker <>	1998-10-05 20:13:14 +0000
committer	ryker <>	1998-10-05 20:13:14 +0000
commit	aeeae06a79815dc190061534d47236cec09f9e32 (patch)
tree	851692b9c2f9c04f077666855641900f19fdb217 /src/lib/libssl/ssl_cert.c
parent	a4f79641824cbf9f60ca9d1168d1fcc46717a82a (diff)
download	openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.gz openbsd-aeeae06a79815dc190061534d47236cec09f9e32.tar.bz2 openbsd-aeeae06a79815dc190061534d47236cec09f9e32.zip

diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c new file mode 100644 index 0000000000..c1cb86e1b7 --- /dev/null +++ b/src/lib/libssl/ssl_cert.c
@@ -0,0 +1,329 @@
	1	/* ssl/ssl_cert.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include "objects.h"
	61	#include "bio.h"
	62	#include "pem.h"
	63	#include "ssl_locl.h"
	64
	65	CERT *ssl_cert_new()
	66	{
	67	CERT *ret;
	68
	69	ret=(CERT *)Malloc(sizeof(CERT));
	70	if (ret == NULL)
	71	{
	72	SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
	73	return(NULL);
	74	}
	75	memset(ret,0,sizeof(CERT));
	76	/*
	77	ret->valid=0;
	78	ret->mask=0;
	79	ret->export_mask=0;
	80	ret->cert_type=0;
	81	ret->key->x509=NULL;
	82	ret->key->publickey=NULL;
	83	ret->key->privatekey=NULL; */
	84
	85	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
	86	ret->references=1;
	87
	88	return(ret);
	89	}
	90
	91	void ssl_cert_free(c)
	92	CERT *c;
	93	{
	94	int i;
	95
	96	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
	97	#ifdef REF_PRINT
	98	REF_PRINT("CERT",c);
	99	#endif
	100	if (i > 0) return;
	101	#ifdef REF_CHECK
	102	if (i < 0)
	103	{
	104	fprintf(stderr,"ssl_cert_free, bad reference count\n");
	105	abort(); /* ok */
	106	}
	107	#endif
	108
	109	#ifndef NO_RSA
	110	if (c->rsa_tmp) RSA_free(c->rsa_tmp);
	111	#endif
	112	#ifndef NO_DH
	113	if (c->dh_tmp) DH_free(c->dh_tmp);
	114	#endif
	115
	116	for (i=0; i<SSL_PKEY_NUM; i++)
	117	{
	118	if (c->pkeys[i].x509 != NULL)
	119	X509_free(c->pkeys[i].x509);
	120	if (c->pkeys[i].privatekey != NULL)
	121	EVP_PKEY_free(c->pkeys[i].privatekey);
	122	#if 0
	123	if (c->pkeys[i].publickey != NULL)
	124	EVP_PKEY_free(c->pkeys[i].publickey);
	125	#endif
	126	}
	127	if (c->cert_chain != NULL)
	128	sk_pop_free(c->cert_chain,X509_free);
	129	Free(c);
	130	}
	131
	132	int ssl_set_cert_type(c, type)
	133	CERT *c;
	134	int type;
	135	{
	136	c->cert_type=type;
	137	return(1);
	138	}
	139
	140	int ssl_verify_cert_chain(s,sk)
	141	SSL *s;
	142	STACK *sk;
	143	{
	144	X509 *x;
	145	int i;
	146	X509_STORE_CTX ctx;
	147
	148	if ((sk == NULL) \|\| (sk_num(sk) == 0))
	149	return(0);
	150
	151	x=(X509 *)sk_value(sk,0);
	152	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
	153	X509_STORE_CTX_set_app_data(&ctx,(char *)s);
	154
	155	if (s->ctx->app_verify_callback != NULL)
	156	i=s->ctx->app_verify_callback(&ctx);
	157	else
	158	i=X509_verify_cert(&ctx);
	159
	160	X509_STORE_CTX_cleanup(&ctx);
	161	s->verify_result=ctx.error;
	162
	163	return(i);
	164	}
	165
	166	static void set_client_CA_list(ca_list,list)
	167	STACK **ca_list;
	168	STACK *list;
	169	{
	170	if (*ca_list != NULL)
	171	sk_pop_free(*ca_list,X509_NAME_free);
	172
	173	*ca_list=list;
	174	}
	175
	176	STACK *SSL_dup_CA_list(sk)
	177	STACK *sk;
	178	{
	179	int i;
	180	STACK *ret;
	181	X509_NAME *name;
	182
	183	ret=sk_new_null();
	184	for (i=0; i<sk_num(sk); i++)
	185	{
	186	name=X509_NAME_dup((X509_NAME *)sk_value(sk,i));
	187	if ((name == NULL) \|\| !sk_push(ret,(char *)name))
	188	{
	189	sk_pop_free(ret,X509_NAME_free);
	190	return(NULL);
	191	}
	192	}
	193	return(ret);
	194	}
	195
	196	void SSL_set_client_CA_list(s,list)
	197	SSL *s;
	198	STACK *list;
	199	{
	200	set_client_CA_list(&(s->client_CA),list);
	201	}
	202
	203	void SSL_CTX_set_client_CA_list(ctx,list)
	204	SSL_CTX *ctx;
	205	STACK *list;
	206	{
	207	set_client_CA_list(&(ctx->client_CA),list);
	208	}
	209
	210	STACK *SSL_CTX_get_client_CA_list(ctx)
	211	SSL_CTX *ctx;
	212	{
	213	return(ctx->client_CA);
	214	}
	215
	216	STACK *SSL_get_client_CA_list(s)
	217	SSL *s;
	218	{
	219	if (s->type == SSL_ST_CONNECT)
	220	{ /* we are in the client */
	221	if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
	222	(s->s3 != NULL))
	223	return(s->s3->tmp.ca_names);
	224	else
	225	return(NULL);
	226	}
	227	else
	228	{
	229	if (s->client_CA != NULL)
	230	return(s->client_CA);
	231	else
	232	return(s->ctx->client_CA);
	233	}
	234	}
	235
	236	static int add_client_CA(sk,x)
	237	STACK **sk;
	238	X509 *x;
	239	{
	240	X509_NAME *name;
	241
	242	if (x == NULL) return(0);
	243	if ((sk == NULL) && ((sk=sk_new_null()) == NULL))
	244	return(0);
	245
	246	if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
	247	return(0);
	248
	249	if (!sk_push(sk,(char )name))
	250	{
	251	X509_NAME_free(name);
	252	return(0);
	253	}
	254	return(1);
	255	}
	256
	257	int SSL_add_client_CA(ssl,x)
	258	SSL *ssl;
	259	X509 *x;
	260	{
	261	return(add_client_CA(&(ssl->client_CA),x));
	262	}
	263
	264	int SSL_CTX_add_client_CA(ctx,x)
	265	SSL_CTX *ctx;
	266	X509 *x;
	267	{
	268	return(add_client_CA(&(ctx->client_CA),x));
	269	}
	270
	271	static int name_cmp(a,b)
	272	X509_NAME a,b;
	273	{
	274	return(X509_NAME_cmp(a,b));
	275	}
	276
	277	#ifndef NO_STDIO
	278	STACK *SSL_load_client_CA_file(file)
	279	char *file;
	280	{
	281	BIO *in;
	282	X509 *x=NULL;
	283	X509_NAME *xn=NULL;
	284	STACK ret,sk;
	285
	286	ret=sk_new(NULL);
	287	sk=sk_new(name_cmp);
	288
	289	in=BIO_new(BIO_s_file_internal());
	290
	291	if ((ret == NULL) \|\| (sk == NULL) \|\| (in == NULL))
	292	{
	293	SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
	294	goto err;
	295	}
	296
	297	if (!BIO_read_filename(in,file))
	298	goto err;
	299
	300	for (;;)
	301	{
	302	if (PEM_read_bio_X509(in,&x,NULL) == NULL)
	303	break;
	304	if ((xn=X509_get_subject_name(x)) == NULL) goto err;
	305	/* check for duplicates */
	306	xn=X509_NAME_dup(xn);
	307	if (xn == NULL) goto err;
	308	if (sk_find(sk,(char *)xn) >= 0)
	309	X509_NAME_free(xn);
	310	else
	311	{
	312	sk_push(sk,(char *)xn);
	313	sk_push(ret,(char *)xn);
	314	}
	315	}
	316
	317	if (0)
	318	{
	319	err:
	320	if (ret != NULL) sk_pop_free(ret,X509_NAME_free);
	321	ret=NULL;
	322	}
	323	if (sk != NULL) sk_free(sk);
	324	if (in != NULL) BIO_free(in);
	325	if (x != NULL) X509_free(x);
	326	return(ret);
	327	}
	328	#endif
	329