XRootD
XrdCryptosslX509Crl.cc
Go to the documentation of this file.
1 /******************************************************************************/
2 /* */
3 /* X r d C r y p t o s s l X 5 0 9 C r l. c c */
4 /* */
5 /* (c) 2005 G. Ganis , CERN */
6 /* */
7 /* This file is part of the XRootD software suite. */
8 /* */
9 /* XRootD is free software: you can redistribute it and/or modify it under */
10 /* the terms of the GNU Lesser General Public License as published by the */
11 /* Free Software Foundation, either version 3 of the License, or (at your */
12 /* option) any later version. */
13 /* */
14 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
15 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
16 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
17 /* License for more details. */
18 /* */
19 /* You should have received a copy of the GNU Lesser General Public License */
20 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
21 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
22 /* */
23 /* The copyright holder's institutional names and contributor's names may not */
24 /* be used to endorse or promote products derived from this software without */
25 /* specific prior written permission of the institution or contributor. */
26 /* */
27 /******************************************************************************/
28 
29 /* ************************************************************************** */
30 /* */
31 /* OpenSSL implementation of XrdCryptoX509Crl */
32 /* */
33 /* ************************************************************************** */
34 #include "XrdCrypto/XrdCryptosslRSA.hh"
35 #include "XrdCrypto/XrdCryptosslX509Crl.hh"
36 #include "XrdCrypto/XrdCryptosslAux.hh"
37 #include "XrdCrypto/XrdCryptosslTrace.hh"
38 
39 #include <openssl/bn.h>
40 #include <openssl/pem.h>
41 
42 #include <cerrno>
43 #include <ctime>
44 
45 #include <fcntl.h>
46 #include <sys/types.h>
47 #include <sys/stat.h>
48 #include <unistd.h>
49 
50 //_____________________________________________________________________________
51 XrdCryptosslX509Crl::XrdCryptosslX509Crl(const char *cf, int opt)
52  : XrdCryptoX509Crl()
53 {
54  // Constructor certificate from file 'cf'.
55  EPNAME("X509Crl::XrdCryptosslX509Crl_file");
56 
57  // Make sure file name is defined;
58  if (opt == 0) {
59  if (Init(cf) != 0) {
60  DEBUG("could not initialize the CRL from "<<cf);
61  return;
62  }
63  } else {
64  if (InitFromURI(cf, 0) != 0) {
65  DEBUG("could not initialize the CRL from URI"<<cf);
66  return;
67  }
68  }
69 }
70 
71 //_____________________________________________________________________________
72 XrdCryptosslX509Crl::XrdCryptosslX509Crl(FILE *fc, const char *cf)
73 {
74  // Constructe CRL from a FILE handle `fc` with (assumed) filename `cf`.
75  EPNAME("X509Crl::XrdCryptosslX509Crl_file");
76 
77  if (Init(fc, cf)) {
78  DEBUG("could not initialize the CRL from " << cf);
79  return;
80  }
81 }
82 
83 //_____________________________________________________________________________
84 XrdCryptosslX509Crl::XrdCryptosslX509Crl(XrdCryptoX509 *cacert)
85  : XrdCryptoX509Crl()
86 {
87  // Constructor certificate from CA certificate 'cacert'. This constructor
88  // extracts the information about the location of the CRL cerificate from the
89  // CA certificate extension 'crlDistributionPoints', downloads the file and
90  // loads it in the cache
91  EPNAME("X509Crl::XrdCryptosslX509Crl_CA");
92 
93  // The CA certificate must be defined
94  if (!cacert || cacert->type != XrdCryptoX509::kCA) {
95  DEBUG("the CA certificate is undefined or not CA! ("<<cacert<<")");
96  return;
97  }
98 
99  // Get the extension
100  X509_EXTENSION *crlext = (X509_EXTENSION *) cacert->GetExtension("crlDistributionPoints");
101  if (!crlext) {
102  DEBUG("extension 'crlDistributionPoints' not found in the CA certificate");
103  return;
104  }
105 
106  // Bio for exporting the extension
107  BIO *bext = BIO_new(BIO_s_mem());
108  ASN1_OBJECT *obj = X509_EXTENSION_get_object(crlext);
109  i2a_ASN1_OBJECT(bext, obj);
110  X509V3_EXT_print(bext, crlext, 0, 4);
111  // data length
112  char *cbio = 0;
113  int lbio = (int) BIO_get_mem_data(bext, &cbio);
114  char *buf = (char *) malloc(lbio+1);
115  // Read key from BIO to buf
116  memcpy(buf, cbio, lbio);
117  buf[lbio] = 0;
118  BIO_free(bext);
119  // Save it
120  XrdOucString uris(buf);
121  free(buf);
122 
123  DEBUG("URI string: "<< uris);
124 
125  XrdOucString uri;
126  int from = 0;
127  while ((from = uris.tokenize(uri, from, ' ')) != -1) {
128  if (uri.beginswith("URI:")) {
129  uri.replace("URI:","");
130  uri.replace("\n","");
131  if (InitFromURI(uri.c_str(), cacert->SubjectHash()) == 0) {
132  crluri = uri;
133  // We are done
134  break;
135  }
136  }
137  }
138 }
139 
140 //_____________________________________________________________________________
141 XrdCryptosslX509Crl::~XrdCryptosslX509Crl()
142 {
143  // Destructor
144 
145  // Cleanup CRL
146  if (crl)
147  X509_CRL_free(crl);
148 }
149 
150 //_____________________________________________________________________________
151 int XrdCryptosslX509Crl::Init(const char *cf)
152 {
153  // Load a CRL from an open file handle; for debugging purposes,
154  // we assume it's loaded from file named `cf`.
155  EPNAME("X509Crl::Init");
156 
157  // Make sure file name is defined;
158  if (!cf) {
159  DEBUG("file name undefined");
160  return -1;
161  }
162 
163  // Make sure file exists;
164  int fd = open(cf, O_RDONLY);
165 
166  if (fd == -1) {
167  if (errno == ENOENT) {
168  DEBUG("file "<<cf<<" does not exist - do nothing");
169  } else {
170  DEBUG("cannot open file "<<cf<<" (errno: "<<errno<<")");
171  }
172  return -1;
173  }
174 
175  // Open file in read mode
176  FILE *fc = fdopen(fd, "r");
177 
178  if (!fc) {
179  DEBUG("cannot open file "<<cf<<" (errno: "<<errno<<")");
180  close(fd);
181  return -1;
182  }
183 
184  auto rval = Init(fc, cf);
185 
186  //
187  // Close the file
188  fclose(fc);
189 
190  return rval;
191 }
192 
193 
194 //_____________________________________________________________________________
195 int XrdCryptosslX509Crl::Init(FILE *fc, const char *cf)
196 {
197  // Constructor certificate from file 'cf'.
198  // Return 0 on success, -1 on failure
199  EPNAME("X509Crl::Init");
200 
201  //
202  // Read the content:
203  if (!PEM_read_X509_CRL(fc, &crl, 0, 0)) {
204  DEBUG("Unable to load CRL from file");
205  return -1;
206  }
207 
208  //
209  // Notify
210  DEBUG("CRL successfully loaded from "<< cf);
211 
212  //
213  // Save source file name
214  srcfile = cf;
215  //
216  // Init some of the private members (the others upon need)
217  Issuer();
218  //
219  // Load into cache
220  LoadCache();
221  //
222  // Done
223  return 0;
224 }
225 
226 //_____________________________________________________________________________
227 int XrdCryptosslX509Crl::InitFromURI(const char *uri, const char *hash)
228 {
229  // Initialize the CRL taking the file indicated by URI. Download and
230  // reformat the file first.
231  // Returns 0 on success, -1 on failure.
232  EPNAME("X509Crl::InitFromURI");
233 
234  // Make sure file name is defined;
235  if (!uri) {
236  DEBUG("uri undefined");
237  return -1;
238  }
239  XrdOucString u(uri), h(hash);
240  if (h == "") {
241  int isl = u.rfind('/');
242  if (isl != STR_NPOS) h.assign(u, isl + 1);
243  }
244  if (h == "") h = "hashtmp";
245 
246  // Create local output file path
247  XrdOucString outtmp(getenv("TMPDIR")), outpem;
248  if (outtmp.length() <= 0) outtmp = "/tmp";
249  if (!outtmp.endswith("/")) outtmp += "/";
250  outtmp += h;
251  outtmp += ".crltmp";
252 
253  // Prepare 'wget' command
254  XrdOucString cmd("wget ");
255  cmd += uri;
256  cmd += " -O ";
257  cmd += outtmp;
258 
259  // Execute 'wget'
260  DEBUG("executing ... "<<cmd);
261  if (system(cmd.c_str()) == -1) {
262  DEBUG("'system' could not fork to execute command '"<<cmd<<"'");
263  return -1;
264  }
265  struct stat st;
266  if (stat(outtmp.c_str(), &st) != 0) {
267  DEBUG("did not manage to get the CRL file from "<<uri);
268  return -1;
269  }
270  outpem = outtmp;
271 
272  // Find out the file type
273  int needsopenssl = GetFileType(outtmp.c_str());
274  if (needsopenssl < 0) {
275  DEBUG("did not manage to coorectly parse "<<outtmp);
276  return -1;
277  }
278 
279  if (needsopenssl > 0) {
280  // Put it in PEM format
281  outpem.replace(".crltmp", ".pem");
282  cmd = "openssl crl -inform DER -in ";
283  cmd += outtmp;
284  cmd += " -out ";
285  cmd += outpem;
286  cmd += " -text";
287 
288  // Execute 'openssl crl'
289  DEBUG("executing ... "<<cmd);
290  if (system(cmd.c_str()) == -1) {
291  DEBUG("system: problem executing: "<<cmd);
292  return -1;
293  }
294 
295  // Cleanup the temporary files
296  if (unlink(outtmp.c_str()) != 0) {
297  DEBUG("problems removing "<<outtmp);
298  }
299  }
300 
301  // Make sure the file is there
302  if (stat(outpem.c_str(), &st) != 0) {
303  DEBUG("did not manage to change format from DER to PEM ("<<outpem<<")");
304  return -1;
305  }
306 
307  // Now init from the new file
308  if (Init(outpem.c_str()) != 0) {
309  DEBUG("could not initialize the CRL from "<<outpem);
310  return -1;
311  }
312 
313  // Cleanup the temporary files
314  unlink(outpem.c_str());
315 
316  //
317  // Done
318  return 0;
319 }
320 
321 //_____________________________________________________________________________
322 bool XrdCryptosslX509Crl::ToFile(FILE *fh)
323 {
324  // Write the CRL's contents to a file in the PEM format.
325  EPNAME("ToFile");
326 
327  if (!crl) {
328  DEBUG("CRL object invalid; cannot write to a file");
329  return false;
330  }
331 
332  if (PEM_write_X509_CRL(fh, crl) == 0) {
333  DEBUG("Unable to write CRL to file");
334  return false;
335  }
336 
337  //
338  // Notify
339  DEBUG("CRL successfully written to file");
340 
341  return true;
342 }
343 
344 //_____________________________________________________________________________
345 int XrdCryptosslX509Crl::GetFileType(const char *crlfn)
346 {
347  // Try to understand if file 'crlfn' is in DER (binary) or PEM (ASCII)
348  // format (assume that is not ASCII is a DER).
349  // Return 1 if not-PEM, 0 if PEM, -1 if any error occurred
350  EPNAME("GetFileType");
351 
352  if (!crlfn || strlen(crlfn) <= 0) {
353  PRINT("file name undefined!");
354  return -1;
355  }
356 
357  char line[1024] = {0};
358  FILE *f = fopen(crlfn, "r");
359  if (!f) {
360  PRINT("could not open file "<<crlfn<<" - errno: "<<(int)errno);
361  return -1;
362  }
363 
364  int rc = 1;
365  while (fgets(line, 1024, f)) {
366  // Skip empty lines at beginning
367  if (line[0] == '\n') continue;
368  // Analyse line for '-----BEGIN X509 CRL-----'
369  if (strstr(line, "BEGIN X509 CRL")) rc = 0;
370  break;
371  }
372  // Close the files
373  fclose(f);
374  // Done
375  return rc;
376 }
377 
378 bool XrdCryptosslX509Crl::hasCriticalExtension() {
379  // If the X509_CRL_get_ext_by_critical() function returns -1, no critical extension
380  // has been found
381  return X509_CRL_get_ext_by_critical(crl,1,-1) != -1;
382 }
383 
384 //_____________________________________________________________________________
385 int XrdCryptosslX509Crl::LoadCache()
386 {
387  // Load relevant info into the cache
388  // Return 0 if ok, -1 in case of error
389  EPNAME("LoadCache");
390 
391  // The CRL must exists
392  if (!crl) {
393  DEBUG("CRL undefined");
394  return -1;
395  }
396 
397  // Parse CRL
398  STACK_OF(X509_REVOKED *) rsk = X509_CRL_get_REVOKED(crl);
399  if (!rsk) {
400  DEBUG("could not get stack of revoked instances");
401  return -1;
402  }
403 
404  // Number of revocations
405  nrevoked = sk_X509_REVOKED_num(rsk);
406  DEBUG(nrevoked << "certificates have been revoked");
407  if (nrevoked <= 0) {
408  DEBUG("no valid certificate has been revoked - nothing to do");
409  return 0;
410  }
411 
412  // Get serial numbers of revoked certificates
413  char *tagser = 0;
414  int i = 0;
415  for (; i < nrevoked; i++ ){
416  X509_REVOKED *rev = sk_X509_REVOKED_value(rsk,i);
417  if (rev) {
418  BIGNUM *bn = BN_new();
419  ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), bn);
420  tagser = BN_bn2hex(bn);
421  BN_free(bn);
422  TRACE(Dump, "certificate with serial number: "<<tagser<<
423  " has been revoked");
424  // Add to the cache
425  bool rdlock = false;
426  XrdSutCacheEntry *cent = cache.Get((const char *)tagser, rdlock);
427  if (!cent) {
428  DEBUG("problems getting entry in the cache");
429  return -1;
430  }
431  // Add revocation date
432  cent->mtime = XrdCryptosslASN1toUTC(X509_REVOKED_get0_revocationDate(rev));
433  // Set status
434  cent->mtime = kCE_ok;
435  // Release the string for the serial number
436  OPENSSL_free(tagser);
437  // Unlock the entry
438  cent->rwmtx.UnLock();
439  }
440  }
441 
442  return 0;
443 }
444 
445 //_____________________________________________________________________________
446 time_t XrdCryptosslX509Crl::LastUpdate()
447 {
448  // Time of last update
449 
450  // If we do not have it already, try extraction
451  if (lastupdate < 0) {
452  // Make sure we have a CRL
453  if (crl)
454  // Extract UTC time in secs from Epoch
455  lastupdate = XrdCryptosslASN1toUTC(X509_CRL_get0_lastUpdate(crl));
456  }
457  // return what we have
458  return lastupdate;
459 }
460 
461 //_____________________________________________________________________________
462 time_t XrdCryptosslX509Crl::NextUpdate()
463 {
464  // Time of next update
465 
466  // If we do not have it already, try extraction
467  if (nextupdate < 0) {
468  // Make sure we have a CRL
469  if (crl)
470  // Extract UTC time in secs from Epoch
471  nextupdate = XrdCryptosslASN1toUTC(X509_CRL_get0_nextUpdate(crl));
472  }
473  // return what we have
474  return nextupdate;
475 }
476 
477 //_____________________________________________________________________________
478 const char *XrdCryptosslX509Crl::Issuer()
479 {
480  // Return issuer name
481  EPNAME("X509Crl::Issuer");
482 
483  // If we do not have it already, try extraction
484  if (issuer.length() <= 0) {
485 
486  // Make sure we have a CRL
487  if (!crl) {
488  DEBUG("WARNING: no CRL available - cannot extract issuer name");
489  return (const char *)0;
490  }
491 
492  // Extract issuer name
493  XrdCryptosslNameOneLine(X509_CRL_get_issuer(crl), issuer);
494  }
495 
496  // return what we have
497  return (issuer.length() > 0) ? issuer.c_str() : (const char *)0;
498 }
499 
500 //_____________________________________________________________________________
501 const char *XrdCryptosslX509Crl::IssuerHash(int alg)
502 {
503  // Return hash of issuer name
504  // Use default algorithm (X509_NAME_hash) for alg = 0, old algorithm
505  // (for v>=1.0.0) when alg = 1
506  EPNAME("X509::IssuerHash");
507 
508  if (alg == 1) {
509  // md5 based
510  if (issueroldhash.length() <= 0) {
511  // Make sure we have a certificate
512  if (crl) {
513  char chash[30] = {0};
514  snprintf(chash, sizeof(chash),
515  "%08lx.0",X509_NAME_hash_old(X509_CRL_get_issuer(crl)));
516  issueroldhash = chash;
517  } else {
518  DEBUG("WARNING: no certificate available - cannot extract issuer hash (md5)");
519  }
520  }
521  // return what we have
522  return (issueroldhash.length() > 0) ? issueroldhash.c_str() : (const char *)0;
523  }
524 
525  // If we do not have it already, try extraction
526  if (issuerhash.length() <= 0) {
527 
528  // Make sure we have a certificate
529  if (crl) {
530  char chash[30] = {0};
531  snprintf(chash, sizeof(chash),
532  "%08lx.0",X509_NAME_hash(X509_CRL_get_issuer(crl)));
533  issuerhash = chash;
534  } else {
535  DEBUG("WARNING: no certificate available - cannot extract issuer hash (default)");
536  }
537  }
538 
539  // return what we have
540  return (issuerhash.length() > 0) ? issuerhash.c_str() : (const char *)0;
541 }
542 
543 //_____________________________________________________________________________
544 bool XrdCryptosslX509Crl::Verify(XrdCryptoX509 *ref)
545 {
546  // Verify certificate signature with pub key of ref cert
547 
548  // We must have been initialized
549  if (!crl)
550  return 0;
551 
552  // We must have something to check with
553  X509 *r = ref ? (X509 *)(ref->Opaque()) : 0;
554  EVP_PKEY *rk = r ? X509_get_pubkey(r) : 0;
555  if (!rk)
556  return 0;
557 
558  // Ok: we can verify
559  return (X509_CRL_verify(crl, rk) > 0);
560 }
561 
562 //_____________________________________________________________________________
563 bool XrdCryptosslX509Crl::IsRevoked(int serialnumber, int when)
564 {
565  // Check if certificate with serialnumber is in the
566  // list of revocated certificates
567  EPNAME("IsRevoked");
568 
569  // Reference time
570  int now = (when > 0) ? when : time(0);
571 
572  // Warn if CRL should be updated
573  if (now > NextUpdate()) {
574  DEBUG("WARNING: CRL is expired: you should download the updated one");
575  }
576 
577  // We must have something to check against
578  if (nrevoked <= 0) {
579  DEBUG("No certificate in the list");
580  return 0;
581  }
582 
583  // Ok, build the tag
584  char tagser[20] = {0};
585  sprintf(tagser,"%x",serialnumber);
586 
587  // Look into the cache
588  XrdSutCacheEntry *cent = cache.Get((const char *)tagser);
589  if (cent && cent->status == kCE_ok) {
590  // Check the revocation time
591  if (now > cent->mtime) {
592  DEBUG("certificate "<<tagser<<" has been revoked");
593  cent->rwmtx.UnLock();
594  return 1;
595  }
596  cent->rwmtx.UnLock();
597  }
598 
599  // Certificate not revoked
600  return 0;
601 }
602 
603 //_____________________________________________________________________________
604 bool XrdCryptosslX509Crl::IsRevoked(const char *sernum, int when)
605 {
606  // Check if certificate with 'sernum' is in the
607  // list of revocated certificates
608  EPNAME("IsRevoked");
609 
610  // Reference time
611  int now = (when > 0) ? when : time(0);
612 
613  // Warn if CRL should be updated
614  if (now > NextUpdate()) {
615  DEBUG("WARNING: CRL is expired: you should download the updated one");
616  }
617 
618  // We must have something to check against
619  if (nrevoked <= 0) {
620  DEBUG("No certificate in the list");
621  return 0;
622  }
623 
624  // Look into the cache
625  XrdSutCacheEntry *cent = cache.Get((const char *)sernum);
626  if (cent && cent->status == kCE_ok) {
627  // Check the revocation time
628  if (now > cent->mtime) {
629  DEBUG("certificate "<<sernum<<" has been revoked");
630  cent->rwmtx.UnLock();
631  return 1;
632  }
633  cent->rwmtx.UnLock();
634  }
635 
636  // Certificate not revoked
637  return 0;
638 }
639 
640 //_____________________________________________________________________________
641 void XrdCryptosslX509Crl::Dump()
642 {
643  // Dump content
644  EPNAME("X509Crl::Dump");
645 
646  // Time strings
647  struct tm tst;
648  char stbeg[256] = {0};
649  time_t tbeg = LastUpdate();
650  localtime_r(&tbeg,&tst);
651  asctime_r(&tst,stbeg);
652  stbeg[strlen(stbeg)-1] = 0;
653  char stend[256] = {0};
654  time_t tend = NextUpdate();
655  localtime_r(&tend,&tst);
656  asctime_r(&tst,stend);
657  stend[strlen(stend)-1] = 0;
658 
659  PRINT("+++++++++++++++ X509 CRL dump +++++++++++++++++++++++");
660  PRINT("+");
661  PRINT("+ File: "<<ParentFile());
662  PRINT("+");
663  PRINT("+ Issuer: "<<Issuer());
664  PRINT("+ Issuer hash: "<<IssuerHash(0));
665  PRINT("+");
666  if (IsExpired()) {
667  PRINT("+ Validity: (expired!)");
668  } else {
669  PRINT("+ Validity:");
670  }
671  PRINT("+ LastUpdate: "<<tbeg<<" UTC - "<<stbeg);
672  PRINT("+ NextUpdate: "<<tend<<" UTC - "<<stend);
673  PRINT("+");
674  PRINT("+ Number of revoked certificates: "<<nrevoked);
675  PRINT("+");
676  PRINT("+++++++++++++++++++++++++++++++++++++++++++++++++");
677 }
DEBUG
#define DEBUG(x)
Definition: XrdBwmTrace.hh:54
EPNAME
#define EPNAME(x)
Definition: XrdBwmTrace.hh:56
XrdCryptosslNameOneLine
void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s)
Definition: XrdCryptosslAux.cc:736
XrdCryptosslASN1toUTC
time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1)
Definition: XrdCryptosslAux.cc:675
PRINT
#define PRINT(y)
Definition: XrdCryptosslTrace.hh:39
STR_NPOS
#define STR_NPOS
Definition: XrdOucString.hh:250
fclose
int fclose(FILE *stream)
Definition: XrdPosixPreload.cc:173
close
#define close(a)
Definition: XrdPosix.hh:48
fopen
#define fopen(a, b)
Definition: XrdPosix.hh:54
open
#define open
Definition: XrdPosix.hh:78
unlink
#define unlink(a)
Definition: XrdPosix.hh:121
stat
#define stat(a, b)
Definition: XrdPosix.hh:105
kCE_ok
@ kCE_ok
Definition: XrdSutCacheEntry.hh:45
TRACE
#define TRACE(act, x)
Definition: XrdTrace.hh:63
XrdCryptoX509Crl::IsExpired
virtual bool IsExpired(int when=0)
Definition: XrdCryptoX509Crl.cc:55
XrdCryptoX509Crl::IssuerHash
const char * IssuerHash()
Definition: XrdCryptoX509Crl.hh:73
XrdCryptoX509::GetExtension
virtual XrdCryptoX509data GetExtension(const char *oid)
Definition: XrdCryptoX509.cc:221
XrdCryptoX509::Opaque
virtual XrdCryptoX509data Opaque()
Definition: XrdCryptoX509.cc:181
XrdCryptoX509::SubjectHash
virtual const char * SubjectHash(int)
Definition: XrdCryptoX509.cc:165
XrdCryptoX509::type
EX509Type type
Definition: XrdCryptoX509.hh:56
XrdCryptosslX509Crl::XrdCryptosslX509Crl
XrdCryptosslX509Crl(const char *crlf, int opt=0)
Definition: XrdCryptosslX509Crl.cc:51
XrdCryptosslX509Crl::IsRevoked
bool IsRevoked(int serialnumber, int when=0)
Definition: XrdCryptosslX509Crl.cc:563
XrdCryptosslX509Crl::Verify
bool Verify(XrdCryptoX509 *ref)
Definition: XrdCryptosslX509Crl.cc:544
XrdOucString::c_str
const char * c_str() const
Definition: XrdOucString.hh:278
XrdOucString::beginswith
bool beginswith(char c)
Definition: XrdOucString.hh:289
XrdOucString::replace
int replace(const char *s1, const char *s2, int from=0, int to=-1)
Definition: XrdOucString.cc:733
XrdOucString::length
int length() const
Definition: XrdOucString.hh:279
XrdOucString::tokenize
int tokenize(XrdOucString &tok, int from, char del=':')
Definition: XrdOucString.cc:1220
XrdSutCacheEntry::rwmtx
XrdSysRWLock rwmtx
Definition: XrdSutCacheEntry.hh:85
XrdSutCache::Get
XrdSutCacheEntry * Get(const char *tag)
Definition: XrdSutCache.hh:54