RubyGems - grpc - Versions diffs - 0.13.1 → 0.14.1.pre1 - Mend

grpc 0.13.1 → 0.14.1.pre1

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (724) hide show

checksums.yaml +4 -4
data/Makefile +2098 -828
data/include/grpc/byte_buffer.h +1 -1
data/include/grpc/byte_buffer_reader.h +1 -20
data/include/grpc/census.h +4 -4
data/include/grpc/compression.h +6 -5
data/include/grpc/grpc.h +31 -20
data/include/grpc/grpc_security.h +17 -31
data/include/grpc/grpc_security_constants.h +114 -0
data/include/grpc/grpc_zookeeper.h +1 -1
data/include/grpc/impl/codegen/alloc.h +1 -1
data/include/grpc/impl/codegen/atm.h +1 -1
data/include/grpc/impl/codegen/atm_gcc_atomic.h +1 -1
data/include/grpc/impl/codegen/atm_gcc_sync.h +1 -1
data/include/grpc/impl/codegen/atm_win32.h +1 -1
data/include/grpc/impl/codegen/byte_buffer.h +1 -1
data/{src/core/client_config/lb_policies/round_robin.h → include/grpc/impl/codegen/byte_buffer_reader.h} +19 -8
data/include/grpc/impl/codegen/grpc_types.h +20 -3
data/include/grpc/impl/codegen/log.h +9 -2
data/include/grpc/impl/codegen/port_platform.h +102 -17
data/include/grpc/impl/codegen/propagation_bits.h +3 -3
data/include/grpc/impl/codegen/slice.h +3 -3
data/include/grpc/impl/codegen/slice_buffer.h +3 -3
data/include/grpc/impl/codegen/status.h +1 -1
data/include/grpc/impl/codegen/sync_generic.h +1 -1
data/include/grpc/impl/codegen/sync_posix.h +1 -1
data/include/grpc/impl/codegen/sync_win32.h +1 -1
data/include/grpc/impl/codegen/time.h +3 -3
data/include/grpc/status.h +1 -1
data/include/grpc/support/alloc.h +1 -1
data/include/grpc/support/atm.h +1 -1
data/include/grpc/support/atm_gcc_atomic.h +4 -4
data/include/grpc/support/atm_gcc_sync.h +1 -1
data/include/grpc/support/atm_win32.h +1 -1
data/include/grpc/support/avl.h +1 -1
data/include/grpc/support/cmdline.h +1 -1
data/include/grpc/support/cpu.h +1 -1
data/include/grpc/support/histogram.h +1 -1
data/include/grpc/support/host_port.h +1 -1
data/include/grpc/support/log.h +1 -1
data/include/grpc/support/log_win32.h +1 -1
data/include/grpc/support/port_platform.h +1 -1
data/include/grpc/support/slice.h +1 -1
data/include/grpc/support/slice_buffer.h +1 -1
data/include/grpc/support/string_util.h +3 -1
data/include/grpc/support/subprocess.h +2 -2
data/include/grpc/support/sync.h +1 -1
data/include/grpc/support/sync_generic.h +1 -1
data/include/grpc/support/sync_posix.h +1 -1
data/include/grpc/support/sync_win32.h +1 -1
data/include/grpc/support/thd.h +1 -1
data/include/grpc/support/time.h +1 -1
data/include/grpc/support/tls.h +1 -1
data/include/grpc/support/tls_gcc.h +45 -1
data/include/grpc/support/tls_msvc.h +3 -3
data/include/grpc/support/tls_pthread.h +1 -1
data/include/grpc/support/useful.h +1 -1
data/src/boringssl/err_data.c +258 -252
data/src/core/{census → ext/census}/aggregation.h +3 -3
data/src/core/{statistics → ext/census}/census_interface.h +3 -3
data/src/core/{statistics → ext/census}/census_rpc_stats.h +4 -4
data/src/core/{census → ext/census}/context.c +2 -2
data/src/core/{census → ext/census}/grpc_context.c +2 -2
data/src/core/{census → ext/census}/grpc_filter.c +30 -16
data/src/core/{census → ext/census}/grpc_filter.h +4 -4
data/src/core/ext/census/grpc_plugin.c +82 -0
data/src/core/{census → ext/census}/initialize.c +1 -1
data/src/core/{census → ext/census}/mlog.c +2 -2
data/src/core/{census → ext/census}/mlog.h +4 -4
data/src/core/{census → ext/census}/operation.c +0 -0
data/src/core/{census → ext/census}/placeholders.c +0 -0
data/src/core/{census → ext/census}/rpc_metric_id.h +3 -3
data/src/core/{census → ext/census}/tracing.c +0 -0
data/src/core/{surface → ext/client_config}/channel_connectivity.c +8 -21
data/src/core/{channel → ext/client_config}/client_channel.c +80 -35
data/src/core/{channel → ext/client_config}/client_channel.h +5 -5
data/src/core/{client_config/subchannel_factory.c → ext/client_config/client_channel_factory.c} +14 -6
data/src/core/ext/client_config/client_channel_factory.h +85 -0
data/src/core/{client_config → ext/client_config}/client_config.c +4 -2
data/src/core/{client_config → ext/client_config}/client_config.h +4 -4
data/src/core/ext/client_config/client_config_plugin.c +95 -0
data/src/core/{client_config → ext/client_config}/connector.c +2 -2
data/src/core/{client_config → ext/client_config}/connector.h +7 -10
data/src/core/{client_config → ext/client_config}/default_initial_connect_string.c +1 -1
data/src/core/{client_config → ext/client_config}/initial_connect_string.c +1 -1
data/src/core/{client_config → ext/client_config}/initial_connect_string.h +4 -4
data/src/core/{client_config → ext/client_config}/lb_policy.c +12 -3
data/src/core/{client_config → ext/client_config}/lb_policy.h +19 -6
data/src/core/{client_config → ext/client_config}/lb_policy_factory.c +4 -3
data/src/core/{client_config → ext/client_config}/lb_policy_factory.h +14 -9
data/src/core/{client_config → ext/client_config}/lb_policy_registry.c +4 -9
data/src/core/{client_config → ext/client_config}/lb_policy_registry.h +7 -6
data/src/core/ext/client_config/parse_address.c +137 -0
data/src/core/ext/client_config/parse_address.h +56 -0
data/src/core/{client_config → ext/client_config}/resolver.c +1 -1
data/src/core/{client_config → ext/client_config}/resolver.h +6 -6
data/src/core/{client_config → ext/client_config}/resolver_factory.c +1 -1
data/src/core/{client_config → ext/client_config}/resolver_factory.h +7 -7
data/src/core/{client_config → ext/client_config}/resolver_registry.c +25 -11
data/src/core/{client_config → ext/client_config}/resolver_registry.h +9 -5
data/src/core/{client_config → ext/client_config}/subchannel.c +90 -126
data/src/core/{client_config → ext/client_config}/subchannel.h +15 -15
data/src/core/{channel → ext/client_config}/subchannel_call_holder.c +9 -8
data/src/core/{channel → ext/client_config}/subchannel_call_holder.h +7 -7
data/src/core/{client_config → ext/client_config}/subchannel_index.c +3 -2
data/src/core/{client_config → ext/client_config}/subchannel_index.h +5 -5
data/src/core/{client_config → ext/client_config}/uri_parser.c +69 -1
data/src/core/{client_config → ext/client_config}/uri_parser.h +15 -3
data/src/core/{client_config/lb_policies → ext/lb_policy/grpclb}/load_balancer_api.c +18 -9
data/src/core/{client_config/lb_policies → ext/lb_policy/grpclb}/load_balancer_api.h +5 -5
data/src/core/{proto → ext/lb_policy/grpclb/proto}/grpc/lb/v0/load_balancer.pb.c +1 -1
data/src/core/{proto → ext/lb_policy/grpclb/proto}/grpc/lb/v0/load_balancer.pb.h +0 -0
data/src/core/{client_config/lb_policies → ext/lb_policy/pick_first}/pick_first.c +95 -32
data/src/core/{client_config/lb_policies → ext/lb_policy/round_robin}/round_robin.c +98 -34
data/src/core/{client_config/resolvers → ext/resolver/dns/native}/dns_resolver.c +83 -39
data/src/core/{client_config/resolvers → ext/resolver/sockaddr}/sockaddr_resolver.c +66 -169
data/src/core/{transport/chttp2 → ext/transport/chttp2/alpn}/alpn.c +1 -1
data/src/core/{transport/chttp2 → ext/transport/chttp2/alpn}/alpn.h +3 -3
data/src/core/{surface → ext/transport/chttp2/client/insecure}/channel_create.c +65 -59
data/src/core/{surface → ext/transport/chttp2/client/secure}/secure_channel_create.c +77 -69
data/src/core/{surface → ext/transport/chttp2/server/insecure}/server_chttp2.c +8 -11
data/src/core/{security → ext/transport/chttp2/server/secure}/server_secure_chttp2.c +14 -17
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/bin_encoder.c +28 -74
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/bin_encoder.h +5 -5
data/src/core/ext/transport/chttp2/transport/chttp2_plugin.c +46 -0
data/src/core/{transport → ext/transport/chttp2/transport}/chttp2_transport.c +551 -310
data/src/core/{transport → ext/transport/chttp2/transport}/chttp2_transport.h +5 -5
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame.h +3 -3
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_data.c +30 -14
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_data.h +10 -7
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_goaway.c +2 -2
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_goaway.h +5 -5
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_ping.c +2 -2
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_ping.h +5 -5
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_rst_stream.c +9 -5
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_rst_stream.h +8 -6
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_settings.c +6 -6
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_settings.h +5 -5
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_window_update.c +11 -5
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/frame_window_update.h +8 -6
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/hpack_encoder.c +21 -12
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/hpack_encoder.h +8 -6
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/hpack_parser.c +42 -25
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/hpack_parser.h +7 -7
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/hpack_table.c +21 -11
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/hpack_table.h +4 -4
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/http2_errors.h +3 -3
data/src/core/ext/transport/chttp2/transport/huffsyms.c +105 -0
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/huffsyms.h +3 -3
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/incoming_metadata.c +2 -2
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/incoming_metadata.h +4 -4
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/internal.h +81 -37
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/parsing.c +54 -21
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/status_conversion.c +1 -1
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/status_conversion.h +4 -4
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/stream_lists.c +10 -2
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/stream_map.c +1 -1
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/stream_map.h +3 -3
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/timeout_encoding.c +4 -4
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/timeout_encoding.h +4 -4
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/varint.c +1 -1
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/varint.h +3 -3
data/src/core/{transport/chttp2 → ext/transport/chttp2/transport}/writing.c +30 -20
data/src/core/{channel → lib/channel}/channel_args.c +3 -15
data/src/core/{channel → lib/channel}/channel_args.h +11 -15
data/src/core/{channel → lib/channel}/channel_stack.c +5 -3
data/src/core/{channel → lib/channel}/channel_stack.h +13 -8
data/src/core/lib/channel/channel_stack_builder.c +277 -0
data/src/core/lib/channel/channel_stack_builder.h +161 -0
data/src/core/{channel → lib/channel}/compress_filter.c +51 -16
data/src/core/{channel → lib/channel}/compress_filter.h +6 -4
data/src/core/{channel → lib/channel}/connected_channel.c +34 -24
data/src/core/lib/channel/connected_channel.h +42 -0
data/src/core/{channel → lib/channel}/context.h +3 -3
data/src/core/{channel → lib/channel}/http_client_filter.c +24 -13
data/src/core/{channel → lib/channel}/http_client_filter.h +4 -4
data/src/core/{channel → lib/channel}/http_server_filter.c +39 -19
data/src/core/{channel → lib/channel}/http_server_filter.h +4 -4
data/src/core/{compression → lib/compression}/algorithm_metadata.h +4 -4
data/src/core/{compression → lib/compression}/compression_algorithm.c +46 -9
data/src/core/{compression → lib/compression}/message_compress.c +1 -1
data/src/core/{compression → lib/compression}/message_compress.h +3 -3
data/src/core/{debug → lib/debug}/trace.c +2 -2
data/src/core/{debug → lib/debug}/trace.h +3 -3
data/src/core/{httpcli → lib/http}/format_request.c +8 -8
data/src/core/{httpcli → lib/http}/format_request.h +4 -4
data/src/core/{httpcli → lib/http}/httpcli.c +24 -19
data/src/core/{httpcli → lib/http}/httpcli.h +14 -33
data/src/core/{httpcli → lib/http}/httpcli_security_connector.c +5 -5
data/src/core/lib/http/parser.c +341 -0
data/src/core/lib/http/parser.h +119 -0
data/src/core/{iomgr → lib/iomgr}/closure.c +8 -2
data/src/core/{iomgr → lib/iomgr}/closure.h +7 -4
data/src/core/{iomgr → lib/iomgr}/endpoint.c +1 -1
data/src/core/{iomgr → lib/iomgr}/endpoint.h +5 -5
data/src/core/{iomgr → lib/iomgr}/endpoint_pair.h +4 -4
data/src/core/{iomgr → lib/iomgr}/endpoint_pair_posix.c +8 -7
data/src/core/{iomgr → lib/iomgr}/endpoint_pair_windows.c +4 -4
data/src/core/lib/iomgr/ev_poll_and_epoll_posix.c +1936 -0
data/src/core/lib/iomgr/ev_poll_and_epoll_posix.h +41 -0
data/src/core/lib/iomgr/ev_posix.c +164 -0
data/src/core/lib/iomgr/ev_posix.h +158 -0
data/src/core/{iomgr → lib/iomgr}/exec_ctx.c +78 -3
data/src/core/{iomgr → lib/iomgr}/exec_ctx.h +25 -10
data/src/core/{iomgr → lib/iomgr}/executor.c +3 -3
data/src/core/{iomgr → lib/iomgr}/executor.h +5 -5
data/src/core/{iomgr → lib/iomgr}/iocp_windows.c +6 -6
data/src/core/{iomgr → lib/iomgr}/iocp_windows.h +5 -5
data/src/core/{iomgr → lib/iomgr}/iomgr.c +13 -10
data/src/core/{iomgr → lib/iomgr}/iomgr.h +3 -3
data/src/core/{iomgr → lib/iomgr}/iomgr_internal.h +5 -9
data/src/core/{iomgr → lib/iomgr}/iomgr_posix.c +6 -6
data/src/core/{iomgr → lib/iomgr}/iomgr_posix.h +4 -4
data/src/core/{iomgr → lib/iomgr}/iomgr_windows.c +7 -4
data/src/core/{iomgr → lib/iomgr}/pollset.h +11 -11
data/src/core/{iomgr → lib/iomgr}/pollset_set.h +5 -5
data/src/core/{iomgr → lib/iomgr}/pollset_set_windows.c +2 -2
data/src/core/lib/iomgr/pollset_set_windows.h +39 -0
data/src/core/{iomgr → lib/iomgr}/pollset_windows.c +7 -7
data/src/core/{iomgr → lib/iomgr}/pollset_windows.h +8 -5
data/src/core/{iomgr → lib/iomgr}/resolve_address.h +10 -9
data/src/core/{iomgr → lib/iomgr}/resolve_address_posix.c +22 -22
data/src/core/{iomgr → lib/iomgr}/resolve_address_windows.c +20 -12
data/src/core/{iomgr → lib/iomgr}/sockaddr.h +5 -5
data/src/core/{iomgr → lib/iomgr}/sockaddr_posix.h +5 -5
data/src/core/{iomgr → lib/iomgr}/sockaddr_utils.c +9 -16
data/src/core/{iomgr → lib/iomgr}/sockaddr_utils.h +4 -4
data/src/core/{iomgr → lib/iomgr}/sockaddr_win32.h +6 -4
data/src/core/{iomgr → lib/iomgr}/socket_utils_common_posix.c +29 -7
data/src/core/{iomgr → lib/iomgr}/socket_utils_linux.c +2 -2
data/src/core/{iomgr → lib/iomgr}/socket_utils_posix.c +1 -1
data/src/core/{iomgr → lib/iomgr}/socket_utils_posix.h +14 -4
data/src/core/{iomgr → lib/iomgr}/socket_windows.c +7 -5
data/src/core/{iomgr → lib/iomgr}/socket_windows.h +6 -6
data/src/core/{iomgr → lib/iomgr}/tcp_client.h +6 -6
data/src/core/{iomgr → lib/iomgr}/tcp_client_posix.c +33 -18
data/src/core/{iomgr → lib/iomgr}/tcp_client_windows.c +30 -20
data/src/core/{iomgr → lib/iomgr}/tcp_posix.c +9 -10
data/src/core/{iomgr → lib/iomgr}/tcp_posix.h +6 -6
data/src/core/{iomgr → lib/iomgr}/tcp_server.h +6 -6
data/src/core/{iomgr → lib/iomgr}/tcp_server_posix.c +24 -37
data/src/core/{iomgr → lib/iomgr}/tcp_server_windows.c +8 -36
data/src/core/{iomgr → lib/iomgr}/tcp_windows.c +27 -17
data/src/core/{iomgr → lib/iomgr}/tcp_windows.h +5 -5
data/src/core/{iomgr → lib/iomgr}/time_averaged_stats.c +1 -1
data/src/core/{iomgr → lib/iomgr}/time_averaged_stats.h +3 -3
data/src/core/{iomgr → lib/iomgr}/timer.c +31 -4
data/src/core/{iomgr → lib/iomgr}/timer.h +6 -7
data/src/core/{iomgr → lib/iomgr}/timer_heap.c +2 -2
data/src/core/{iomgr → lib/iomgr}/timer_heap.h +4 -4
data/src/core/{iomgr → lib/iomgr}/udp_server.c +13 -37
data/src/core/{iomgr → lib/iomgr}/udp_server.h +11 -10
data/src/core/lib/iomgr/unix_sockets_posix.c +89 -0
data/src/core/{client_config/resolvers/sockaddr_resolver.h → lib/iomgr/unix_sockets_posix.h} +15 -11
data/src/core/lib/iomgr/unix_sockets_posix_noop.c +59 -0
data/src/core/{iomgr → lib/iomgr}/wakeup_fd_eventfd.c +2 -2
data/src/core/{iomgr → lib/iomgr}/wakeup_fd_nospecial.c +1 -1
data/src/core/{iomgr → lib/iomgr}/wakeup_fd_pipe.c +8 -3
data/src/core/{iomgr → lib/iomgr}/wakeup_fd_pipe.h +4 -4
data/src/core/{iomgr → lib/iomgr}/wakeup_fd_posix.c +2 -2
data/src/core/{iomgr → lib/iomgr}/wakeup_fd_posix.h +3 -3
data/src/core/{iomgr → lib/iomgr}/workqueue.h +10 -10
data/src/core/{iomgr → lib/iomgr}/workqueue_posix.c +5 -6
data/src/core/{iomgr → lib/iomgr}/workqueue_posix.h +5 -5
data/src/core/{iomgr → lib/iomgr}/workqueue_windows.c +1 -1
data/src/core/{iomgr → lib/iomgr}/workqueue_windows.h +3 -3
data/src/core/{json → lib/json}/json.c +1 -1
data/src/core/{json → lib/json}/json.h +4 -4
data/src/core/{json → lib/json}/json_common.h +3 -3
data/src/core/{json → lib/json}/json_reader.c +16 -4
data/src/core/{json → lib/json}/json_reader.h +4 -4
data/src/core/{json → lib/json}/json_string.c +4 -4
data/src/core/{json → lib/json}/json_writer.c +1 -1
data/src/core/{json → lib/json}/json_writer.h +4 -4
data/src/core/{profiling → lib/profiling}/basic_timers.c +3 -2
data/src/core/{profiling → lib/profiling}/stap_timers.c +2 -2
data/src/core/{profiling → lib/profiling}/timers.h +3 -3
data/src/core/{security → lib/security}/auth_filters.h +4 -4
data/src/core/{security → lib/security}/b64.c +2 -2
data/src/core/{security → lib/security}/b64.h +4 -4
data/src/core/{security → lib/security}/client_auth_filter.c +16 -16
data/src/core/{security → lib/security}/credentials.c +42 -26
data/src/core/{security → lib/security}/credentials.h +11 -10
data/src/core/{security → lib/security}/credentials_metadata.c +1 -1
data/src/core/{security → lib/security}/credentials_posix.c +3 -3
data/src/core/{security → lib/security}/credentials_win32.c +3 -3
data/src/core/{security → lib/security}/google_default_credentials.c +10 -9
data/src/core/{security → lib/security}/handshake.c +4 -4
data/src/core/{security → lib/security}/handshake.h +6 -6
data/src/core/{security → lib/security}/json_token.c +4 -4
data/src/core/{security → lib/security}/json_token.h +4 -4
data/src/core/{security → lib/security}/jwt_verifier.c +14 -14
data/src/core/{security → lib/security}/jwt_verifier.h +5 -5
data/src/core/{security → lib/security}/secure_endpoint.c +9 -8
data/src/core/{security → lib/security}/secure_endpoint.h +4 -4
data/src/core/{security → lib/security}/security_connector.c +53 -21
data/src/core/{security → lib/security}/security_connector.h +8 -8
data/src/core/{security → lib/security}/security_context.c +5 -5
data/src/core/{security → lib/security}/security_context.h +5 -5
data/src/core/{security → lib/security}/server_auth_filter.c +9 -9
data/src/core/{support → lib/support}/alloc.c +5 -3
data/src/core/{support → lib/support}/avl.c +1 -1
data/src/core/lib/support/backoff.c +76 -0
data/src/core/lib/support/backoff.h +68 -0
data/src/core/{support → lib/support}/block_annotate.h +3 -3
data/src/core/{support → lib/support}/cmdline.c +1 -1
data/src/core/{support → lib/support}/cpu_iphone.c +0 -0
data/src/core/{support → lib/support}/cpu_linux.c +2 -2
data/src/core/{support → lib/support}/cpu_posix.c +2 -2
data/src/core/{support → lib/support}/cpu_windows.c +0 -0
data/src/core/{support → lib/support}/env.h +3 -3
data/src/core/{support → lib/support}/env_linux.c +3 -3
data/src/core/{support → lib/support}/env_posix.c +2 -2
data/src/core/{support → lib/support}/env_win32.c +27 -21
data/src/core/{support → lib/support}/histogram.c +1 -1
data/src/core/{support → lib/support}/host_port.c +1 -1
data/src/core/{support → lib/support}/load_file.c +4 -4
data/src/core/{support → lib/support}/load_file.h +4 -4
data/src/core/{support → lib/support}/log.c +33 -0
data/src/core/{support → lib/support}/log_android.c +2 -2
data/src/core/{support → lib/support}/log_linux.c +6 -5
data/src/core/{support → lib/support}/log_posix.c +3 -3
data/src/core/{support → lib/support}/log_win32.c +8 -22
data/src/core/{support → lib/support}/murmur_hash.c +1 -1
data/src/core/{support → lib/support}/murmur_hash.h +3 -3
data/src/core/{support → lib/support}/slice.c +0 -0
data/src/core/{support → lib/support}/slice_buffer.c +0 -0
data/src/core/{support → lib/support}/stack_lockfree.c +7 -7
data/src/core/{support → lib/support}/stack_lockfree.h +3 -3
data/src/core/{support → lib/support}/string.c +1 -1
data/src/core/{support → lib/support}/string.h +4 -4
data/src/core/{support → lib/support}/string_posix.c +1 -1
data/src/core/{support/string_win32.c → lib/support/string_util_win32.c} +23 -38
data/src/core/lib/support/string_win32.c +83 -0
data/src/core/{support → lib/support}/string_win32.h +3 -3
data/src/core/{support → lib/support}/subprocess_posix.c +3 -3
data/src/core/{support → lib/support}/subprocess_windows.c +3 -3
data/src/core/{support → lib/support}/sync.c +2 -2
data/src/core/{support → lib/support}/sync_posix.c +3 -3
data/src/core/{support → lib/support}/sync_win32.c +1 -1
data/src/core/{support → lib/support}/thd.c +0 -0
data/src/core/{support → lib/support}/thd_internal.h +3 -3
data/src/core/{support → lib/support}/thd_posix.c +4 -3
data/src/core/{support → lib/support}/thd_win32.c +1 -1
data/src/core/{support → lib/support}/time.c +2 -2
data/src/core/{support → lib/support}/time_posix.c +12 -6
data/src/core/{support → lib/support}/time_precise.c +0 -0
data/src/core/{support → lib/support}/time_precise.h +3 -3
data/src/core/{support → lib/support}/time_win32.c +7 -7
data/src/core/{support → lib/support}/tls_pthread.c +0 -0
data/src/core/{support → lib/support}/tmpfile.h +4 -4
data/src/core/lib/support/tmpfile_msys.c +73 -0
data/src/core/{support → lib/support}/tmpfile_posix.c +5 -5
data/src/core/{support → lib/support}/tmpfile_win32.c +5 -5
data/src/core/{support → lib/support}/wrap_memcpy.c +0 -0
data/src/core/{surface → lib/surface}/alarm.c +3 -3
data/src/core/{surface → lib/surface}/api_trace.c +1 -1
data/src/core/{surface → lib/surface}/api_trace.h +4 -4
data/src/core/{surface → lib/surface}/byte_buffer.c +3 -3
data/src/core/{surface → lib/surface}/byte_buffer_reader.c +3 -3
data/src/core/{surface → lib/surface}/call.c +145 -73
data/src/core/{surface → lib/surface}/call.h +14 -7
data/src/core/{surface → lib/surface}/call_details.c +1 -1
data/src/core/{surface → lib/surface}/call_log_batch.c +2 -2
data/src/core/{surface → lib/surface}/call_test_only.h +3 -3
data/src/core/{surface → lib/surface}/channel.c +33 -34
data/src/core/{surface → lib/surface}/channel.h +9 -9
data/src/core/lib/surface/channel_init.c +140 -0
data/src/core/lib/surface/channel_init.h +87 -0
data/src/core/{surface → lib/surface}/channel_ping.c +4 -4
data/src/core/lib/surface/channel_stack_type.c +54 -0
data/src/core/{httpcli/parser.h → lib/surface/channel_stack_type.h} +22 -28
data/src/core/{surface → lib/surface}/completion_queue.c +15 -11
data/src/core/{surface → lib/surface}/completion_queue.h +4 -4
data/src/core/{surface → lib/surface}/event_string.c +2 -2
data/src/core/{surface → lib/surface}/event_string.h +3 -3
data/src/core/lib/surface/init.c +217 -0
data/src/core/{surface → lib/surface}/init.h +4 -3
data/src/core/lib/surface/init_secure.c +89 -0
data/src/core/{surface → lib/surface}/lame_client.c +31 -19
data/src/core/{iomgr/pollset_set_windows.h → lib/surface/lame_client.h} +7 -5
data/src/core/{surface → lib/surface}/metadata_array.c +1 -1
data/src/core/{surface → lib/surface}/server.c +208 -183
data/src/core/{surface → lib/surface}/server.h +6 -11
data/src/core/{surface → lib/surface}/surface_trace.h +5 -5
data/src/core/{surface → lib/surface}/validate_metadata.c +1 -1
data/src/core/{surface → lib/surface}/version.c +2 -2
data/src/core/{transport → lib/transport}/byte_stream.c +1 -1
data/src/core/{transport → lib/transport}/byte_stream.h +4 -4
data/src/core/{transport → lib/transport}/connectivity_state.c +2 -2
data/src/core/{transport → lib/transport}/connectivity_state.h +4 -4
data/src/core/{transport → lib/transport}/metadata.c +71 -19
data/src/core/{transport → lib/transport}/metadata.h +11 -4
data/src/core/{transport → lib/transport}/metadata_batch.c +2 -2
data/src/core/{transport → lib/transport}/metadata_batch.h +4 -4
data/src/core/{transport → lib/transport}/static_metadata.c +100 -32
data/src/core/{transport → lib/transport}/static_metadata.h +58 -58
data/src/core/{transport → lib/transport}/transport.c +25 -5
data/src/core/{transport → lib/transport}/transport.h +41 -16
data/src/core/{transport → lib/transport}/transport_impl.h +8 -5
data/src/core/{transport → lib/transport}/transport_op_string.c +2 -2
data/src/core/{tsi → lib/tsi}/fake_transport_security.c +18 -14
data/src/core/{tsi → lib/tsi}/fake_transport_security.h +4 -4
data/src/core/{tsi → lib/tsi}/ssl_transport_security.c +173 -63
data/src/core/{tsi → lib/tsi}/ssl_transport_security.h +24 -6
data/src/core/{tsi → lib/tsi}/ssl_types.h +3 -3
data/src/core/{tsi → lib/tsi}/transport_security.c +12 -28
data/src/core/{tsi → lib/tsi}/transport_security.h +4 -4
data/src/core/{tsi → lib/tsi}/transport_security_interface.h +12 -3
data/src/core/plugin_registry/grpc_plugin_registry.c +66 -0
data/src/ruby/ext/grpc/extconf.rb +14 -20
data/src/ruby/ext/grpc/rb_byte_buffer.c +2 -3
data/src/ruby/ext/grpc/rb_call.c +37 -4
data/src/ruby/ext/grpc/rb_call_credentials.c +13 -3
data/src/ruby/ext/grpc/rb_channel.c +2 -3
data/src/ruby/ext/grpc/rb_channel_args.c +2 -3
data/src/ruby/ext/grpc/rb_channel_credentials.c +31 -3
data/src/ruby/ext/grpc/rb_completion_queue.c +2 -2
data/src/ruby/ext/grpc/rb_event_thread.c +1 -1
data/src/ruby/ext/grpc/rb_grpc.c +4 -2
data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +8 -0
data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +14 -2
data/src/ruby/ext/grpc/rb_server.c +2 -3
data/src/ruby/ext/grpc/rb_server_credentials.c +16 -13
data/src/ruby/ext/grpc/rb_signal.c +70 -0
data/src/ruby/ext/grpc/rb_signal.h +39 -0
data/src/ruby/lib/grpc.rb +21 -13
data/src/ruby/lib/grpc/core/time_consts.rb +2 -2
data/src/ruby/lib/grpc/errors.rb +2 -2
data/src/ruby/lib/grpc/generic/active_call.rb +10 -3
data/src/ruby/lib/grpc/generic/bidi_call.rb +2 -2
data/src/ruby/lib/grpc/generic/client_stub.rb +10 -7
data/src/ruby/lib/grpc/generic/rpc_desc.rb +2 -2
data/src/ruby/lib/grpc/generic/rpc_server.rb +21 -61
data/src/ruby/lib/grpc/generic/service.rb +5 -15
data/src/ruby/lib/grpc/grpc.rb +3 -3
data/src/ruby/{bin/interop/interop_server.rb → lib/grpc/signals.rb} +39 -20
data/src/ruby/lib/grpc/version.rb +2 -2
data/src/ruby/pb/generate_proto_ruby.sh +9 -2
data/src/ruby/pb/grpc/health/checker.rb +1 -1
data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services.rb +28 -0
data/src/ruby/pb/grpc/testing/metrics.rb +28 -0
data/src/ruby/pb/grpc/testing/metrics_services.rb +27 -0
data/src/ruby/pb/test/client.rb +12 -23
data/src/ruby/pb/test/server.rb +1 -1
data/src/ruby/spec/client_server_spec.rb +1 -1
data/src/ruby/spec/generic/client_stub_spec.rb +18 -17
data/src/ruby/spec/generic/rpc_server_spec.rb +23 -7
data/src/ruby/spec/generic/service_spec.rb +0 -69
data/src/ruby/{bin/interop/interop_client.rb → spec/pb/duplicate/codegen_spec.rb} +41 -21
data/src/ruby/spec/pb/health/checker_spec.rb +1 -1
data/third_party/boringssl/crypto/asn1/a_bitstr.c +184 -176
data/third_party/boringssl/crypto/asn1/a_bool.c +42 -44
data/third_party/boringssl/crypto/asn1/a_bytes.c +236 -245
data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +173 -192
data/third_party/boringssl/crypto/asn1/a_dup.c +43 -35
data/third_party/boringssl/crypto/asn1/a_enum.c +107 -109
data/third_party/boringssl/crypto/asn1/a_gentm.c +180 -181
data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +73 -80
data/third_party/boringssl/crypto/asn1/a_int.c +357 -353
data/third_party/boringssl/crypto/asn1/a_mbstr.c +272 -253
data/third_party/boringssl/crypto/asn1/a_object.c +293 -309
data/third_party/boringssl/crypto/asn1/a_octet.c +13 -6
data/third_party/boringssl/crypto/asn1/a_print.c +54 -52
data/third_party/boringssl/crypto/asn1/a_strnid.c +179 -157
data/third_party/boringssl/crypto/asn1/a_time.c +125 -129
data/third_party/boringssl/crypto/asn1/a_type.c +79 -86
data/third_party/boringssl/crypto/asn1/a_utctm.c +246 -255
data/third_party/boringssl/crypto/asn1/a_utf8.c +159 -135
data/third_party/boringssl/crypto/asn1/asn1_lib.c +361 -368
data/third_party/boringssl/crypto/asn1/asn1_locl.h +11 -11
data/third_party/boringssl/crypto/asn1/asn1_par.c +309 -351
data/third_party/boringssl/crypto/asn1/asn_pack.c +30 -29
data/third_party/boringssl/crypto/asn1/bio_asn1.c +375 -394
data/third_party/boringssl/crypto/asn1/bio_ndef.c +146 -149
data/third_party/boringssl/crypto/asn1/f_enum.c +128 -134
data/third_party/boringssl/crypto/asn1/f_int.c +131 -139
data/third_party/boringssl/crypto/asn1/f_string.c +125 -133
data/third_party/boringssl/crypto/asn1/t_bitst.c +30 -29
data/third_party/boringssl/crypto/asn1/t_pkey.c +45 -47
data/third_party/boringssl/crypto/asn1/tasn_dec.c +1099 -1216
data/third_party/boringssl/crypto/asn1/tasn_enc.c +556 -592
data/third_party/boringssl/crypto/asn1/tasn_fre.c +175 -193
data/third_party/boringssl/crypto/asn1/tasn_new.c +271 -288
data/third_party/boringssl/crypto/asn1/tasn_prn.c +462 -508
data/third_party/boringssl/crypto/asn1/tasn_typ.c +28 -21
data/third_party/boringssl/crypto/asn1/x_bignum.c +62 -52
data/third_party/boringssl/crypto/asn1/x_long.c +101 -86
data/third_party/boringssl/crypto/bio/buffer.c +3 -3
data/third_party/boringssl/crypto/bn/asm/x86_64-gcc.c +8 -68
data/third_party/boringssl/crypto/bn/bn.c +1 -1
data/third_party/boringssl/crypto/bn/bn_asn1.c +9 -22
data/third_party/boringssl/crypto/bn/convert.c +9 -4
data/third_party/boringssl/crypto/bn/div.c +0 -20
data/third_party/boringssl/crypto/bn/exponentiation.c +22 -13
data/third_party/boringssl/crypto/bn/generic.c +6 -242
data/third_party/boringssl/crypto/bn/internal.h +9 -70
data/third_party/boringssl/crypto/bn/montgomery.c +1 -2
data/third_party/boringssl/crypto/bn/mul.c +6 -26
data/third_party/boringssl/crypto/bn/rsaz_exp.c +21 -28
data/third_party/boringssl/crypto/bytestring/asn1_compat.c +51 -0
data/third_party/boringssl/crypto/bytestring/ber.c +128 -87
data/third_party/boringssl/crypto/bytestring/cbb.c +37 -3
data/third_party/boringssl/crypto/bytestring/internal.h +39 -10
data/third_party/boringssl/crypto/chacha/chacha_vec.c +18 -13
data/third_party/boringssl/crypto/cipher/e_aes.c +2 -2
data/third_party/boringssl/crypto/cipher/e_chacha20poly1305.c +4 -9
data/third_party/boringssl/crypto/cipher/tls_cbc.c +39 -10
data/third_party/boringssl/crypto/conf/conf.c +9 -0
data/third_party/boringssl/crypto/cpu-intel.c +1 -1
data/third_party/boringssl/crypto/crypto.c +2 -0
data/third_party/boringssl/crypto/curve25519/curve25519.c +125 -120
data/third_party/boringssl/crypto/curve25519/internal.h +45 -0
data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +225 -0
data/third_party/boringssl/crypto/dh/check.c +32 -10
data/third_party/boringssl/crypto/dh/dh.c +1 -1
data/third_party/boringssl/crypto/digest/md32_common.h +0 -60
data/third_party/boringssl/crypto/dsa/dsa.c +47 -21
data/third_party/boringssl/crypto/dsa/dsa_asn1.c +249 -64
data/third_party/boringssl/crypto/ec/ec.c +45 -31
data/third_party/boringssl/crypto/ec/ec_asn1.c +315 -382
data/third_party/boringssl/crypto/ec/ec_key.c +1 -4
data/third_party/boringssl/crypto/ec/ec_montgomery.c +0 -9
data/third_party/boringssl/crypto/ec/internal.h +1 -19
data/third_party/boringssl/crypto/ec/oct.c +12 -0
data/third_party/boringssl/crypto/ec/p224-64.c +4 -65
data/third_party/boringssl/crypto/ec/p256-64.c +9 -71
data/third_party/boringssl/crypto/ec/p256-x86_64-table.h +1 -6
data/third_party/boringssl/crypto/ec/p256-x86_64.c +3 -13
data/third_party/boringssl/crypto/ec/simple.c +0 -76
data/third_party/boringssl/crypto/ecdsa/ecdsa.c +1 -1
data/third_party/boringssl/crypto/ecdsa/ecdsa_asn1.c +10 -24
data/third_party/boringssl/crypto/evp/evp.c +4 -3
data/third_party/boringssl/crypto/evp/evp_asn1.c +101 -0
data/third_party/boringssl/crypto/evp/evp_ctx.c +22 -51
data/third_party/boringssl/crypto/evp/internal.h +28 -27
data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +78 -249
data/third_party/boringssl/crypto/evp/p_ec.c +19 -66
data/third_party/boringssl/crypto/evp/p_ec_asn1.c +74 -231
data/third_party/boringssl/crypto/evp/p_rsa.c +90 -13
data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +49 -48
data/third_party/boringssl/crypto/internal.h +16 -1
data/third_party/boringssl/crypto/mem.c +2 -2
data/third_party/boringssl/crypto/modes/ctr.c +2 -1
data/third_party/boringssl/crypto/modes/gcm.c +5 -3
data/third_party/boringssl/crypto/obj/obj_dat.h +6 -3
data/third_party/boringssl/crypto/pem/pem_all.c +83 -102
data/third_party/boringssl/crypto/pem/pem_info.c +286 -309
data/third_party/boringssl/crypto/pem/pem_lib.c +690 -710
data/third_party/boringssl/crypto/pem/pem_oth.c +15 -16
data/third_party/boringssl/crypto/pem/pem_pk8.c +132 -119
data/third_party/boringssl/crypto/pem/pem_pkey.c +144 -220
data/third_party/boringssl/crypto/pem/pem_x509.c +3 -3
data/third_party/boringssl/crypto/pem/pem_xaux.c +5 -4
data/third_party/boringssl/crypto/pkcs8/pkcs8.c +54 -60
data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +3 -1
data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +48 -50
data/third_party/boringssl/crypto/rand/rand.c +2 -0
data/third_party/boringssl/crypto/rsa/blinding.c +8 -48
data/third_party/boringssl/crypto/rsa/internal.h +1 -9
data/third_party/boringssl/crypto/rsa/padding.c +73 -77
data/third_party/boringssl/crypto/rsa/rsa.c +1 -1
data/third_party/boringssl/crypto/rsa/rsa_asn1.c +27 -46
data/third_party/boringssl/crypto/rsa/rsa_impl.c +23 -34
data/third_party/boringssl/crypto/test/scoped_types.h +3 -0
data/third_party/boringssl/crypto/thread_win.c +15 -13
data/third_party/boringssl/crypto/time_support.c +0 -6
data/third_party/boringssl/crypto/x509/a_digest.c +26 -27
data/third_party/boringssl/crypto/x509/a_sign.c +63 -64
data/third_party/boringssl/crypto/x509/a_strex.c +482 -413
data/third_party/boringssl/crypto/x509/a_verify.c +45 -51
data/third_party/boringssl/crypto/x509/asn1_gen.c +715 -769
data/third_party/boringssl/crypto/x509/by_dir.c +355 -393
data/third_party/boringssl/crypto/x509/by_file.c +186 -206
data/third_party/boringssl/crypto/x509/charmap.h +11 -11
data/third_party/boringssl/crypto/x509/i2d_pr.c +21 -22
data/third_party/boringssl/crypto/x509/t_crl.c +50 -51
data/third_party/boringssl/crypto/x509/t_x509.c +414 -406
data/third_party/boringssl/crypto/x509/t_x509a.c +44 -42
data/third_party/boringssl/crypto/x509/vpm_int.h +13 -13
data/third_party/boringssl/crypto/x509/x509_att.c +241 -219
data/third_party/boringssl/crypto/x509/x509_cmp.c +343 -359
data/third_party/boringssl/crypto/x509/x509_d2.c +36 -35
data/third_party/boringssl/crypto/x509/x509_def.c +23 -13
data/third_party/boringssl/crypto/x509/x509_ext.c +75 -75
data/third_party/boringssl/crypto/x509/x509_lu.c +574 -612
data/third_party/boringssl/crypto/x509/x509_obj.c +104 -115
data/third_party/boringssl/crypto/x509/x509_r2x.c +40 -40
data/third_party/boringssl/crypto/x509/x509_req.c +181 -174
data/third_party/boringssl/crypto/x509/x509_set.c +71 -76
data/third_party/boringssl/crypto/x509/x509_trs.c +193 -171
data/third_party/boringssl/crypto/x509/x509_txt.c +135 -138
data/third_party/boringssl/crypto/x509/x509_v3.c +174 -167
data/third_party/boringssl/crypto/x509/x509_vfy.c +2079 -2130
data/third_party/boringssl/crypto/x509/x509_vpm.c +486 -522
data/third_party/boringssl/crypto/x509/x509cset.c +96 -99
data/third_party/boringssl/crypto/x509/x509name.c +280 -275
data/third_party/boringssl/crypto/x509/x509rset.c +15 -14
data/third_party/boringssl/crypto/x509/x509spki.c +62 -60
data/third_party/boringssl/crypto/x509/x509type.c +58 -60
data/third_party/boringssl/crypto/x509/x_algor.c +70 -73
data/third_party/boringssl/crypto/x509/x_all.c +282 -328
data/third_party/boringssl/crypto/x509/x_attrib.c +36 -42
data/third_party/boringssl/crypto/x509/x_crl.c +397 -418
data/third_party/boringssl/crypto/x509/x_exten.c +5 -5
data/third_party/boringssl/crypto/x509/x_info.c +30 -27
data/third_party/boringssl/crypto/x509/x_name.c +387 -388
data/third_party/boringssl/crypto/x509/x_pkey.c +32 -29
data/third_party/boringssl/crypto/x509/x_pubkey.c +261 -280
data/third_party/boringssl/crypto/x509/x_req.c +30 -33
data/third_party/boringssl/crypto/x509/x_sig.c +2 -2
data/third_party/boringssl/crypto/x509/x_spki.c +9 -7
data/third_party/boringssl/crypto/x509/x_val.c +2 -2
data/third_party/boringssl/crypto/x509/x_x509.c +120 -119
data/third_party/boringssl/crypto/x509/x_x509a.c +99 -91
data/third_party/boringssl/crypto/x509v3/ext_dat.h +57 -51
data/third_party/boringssl/crypto/x509v3/pcy_cache.c +199 -214
data/third_party/boringssl/crypto/x509v3/pcy_data.c +57 -64
data/third_party/boringssl/crypto/x509v3/pcy_int.h +95 -90
data/third_party/boringssl/crypto/x509v3/pcy_lib.c +86 -87
data/third_party/boringssl/crypto/x509v3/pcy_map.c +61 -64
data/third_party/boringssl/crypto/x509v3/pcy_node.c +108 -117
data/third_party/boringssl/crypto/x509v3/pcy_tree.c +676 -724
data/third_party/boringssl/crypto/x509v3/v3_akey.c +128 -136
data/third_party/boringssl/crypto/x509v3/v3_akeya.c +7 -6
data/third_party/boringssl/crypto/x509v3/v3_alt.c +499 -507
data/third_party/boringssl/crypto/x509v3/v3_bcons.c +54 -47
data/third_party/boringssl/crypto/x509v3/v3_bitst.c +67 -67
data/third_party/boringssl/crypto/x509v3/v3_conf.c +330 -328
data/third_party/boringssl/crypto/x509v3/v3_cpols.c +354 -338
data/third_party/boringssl/crypto/x509v3/v3_crld.c +441 -496
data/third_party/boringssl/crypto/x509v3/v3_enum.c +35 -33
data/third_party/boringssl/crypto/x509v3/v3_extku.c +66 -63
data/third_party/boringssl/crypto/x509v3/v3_genn.c +157 -159
data/third_party/boringssl/crypto/x509v3/v3_ia5.c +45 -43
data/third_party/boringssl/crypto/x509v3/v3_info.c +124 -112
data/third_party/boringssl/crypto/x509v3/v3_int.c +30 -26
data/third_party/boringssl/crypto/x509v3/v3_lib.c +231 -204
data/third_party/boringssl/crypto/x509v3/v3_ncons.c +353 -381
data/third_party/boringssl/crypto/x509v3/v3_pci.c +252 -270
data/third_party/boringssl/crypto/x509v3/v3_pcia.c +9 -8
data/third_party/boringssl/crypto/x509v3/v3_pcons.c +58 -61
data/third_party/boringssl/crypto/x509v3/v3_pku.c +35 -34
data/third_party/boringssl/crypto/x509v3/v3_pmaps.c +72 -74
data/third_party/boringssl/crypto/x509v3/v3_prn.c +146 -121
data/third_party/boringssl/crypto/x509v3/v3_purp.c +651 -582
data/third_party/boringssl/crypto/x509v3/v3_skey.c +76 -72
data/third_party/boringssl/crypto/x509v3/v3_sxnet.c +139 -131
data/third_party/boringssl/crypto/x509v3/v3_utl.c +1072 -1068
data/third_party/boringssl/include/openssl/asn1.h +40 -38
data/third_party/boringssl/include/openssl/base.h +10 -1
data/third_party/boringssl/include/openssl/bio.h +10 -11
data/third_party/boringssl/include/openssl/bn.h +12 -9
data/third_party/boringssl/include/openssl/buf.h +1 -1
data/third_party/boringssl/include/openssl/bytestring.h +29 -0
data/third_party/boringssl/include/openssl/conf.h +25 -0
data/third_party/boringssl/include/openssl/crypto.h +6 -1
data/third_party/boringssl/include/openssl/curve25519.h +6 -3
data/third_party/boringssl/include/openssl/dh.h +7 -3
data/third_party/boringssl/include/openssl/dsa.h +108 -51
data/third_party/boringssl/include/openssl/ec.h +46 -21
data/third_party/boringssl/include/openssl/ec_key.h +78 -42
data/third_party/boringssl/include/openssl/ecdsa.h +4 -4
data/third_party/boringssl/include/openssl/err.h +3 -2
data/third_party/boringssl/include/openssl/evp.h +120 -37
data/third_party/boringssl/include/openssl/mem.h +4 -13
data/third_party/boringssl/include/openssl/obj_mac.h +4 -0
data/third_party/boringssl/include/openssl/pem.h +0 -9
data/third_party/boringssl/include/openssl/pkcs8.h +6 -2
data/third_party/boringssl/include/openssl/rand.h +3 -0
data/third_party/boringssl/include/openssl/rsa.h +42 -42
data/third_party/boringssl/include/openssl/ssl.h +115 -41
data/third_party/boringssl/include/openssl/stack.h +0 -3
data/third_party/boringssl/include/openssl/stack_macros.h +0 -256
data/third_party/boringssl/include/openssl/tls1.h +1 -1
data/third_party/boringssl/include/openssl/x509.h +0 -2
data/third_party/boringssl/include/openssl/x509_vfy.h +5 -0
data/third_party/boringssl/ssl/d1_both.c +102 -101
data/third_party/boringssl/ssl/d1_clnt.c +145 -150
data/third_party/boringssl/ssl/d1_lib.c +63 -62
data/third_party/boringssl/ssl/d1_pkt.c +73 -71
data/third_party/boringssl/ssl/d1_srvr.c +116 -125
data/third_party/boringssl/ssl/dtls_record.c +3 -3
data/third_party/boringssl/ssl/internal.h +210 -208
data/third_party/boringssl/ssl/pqueue/pqueue.c +2 -2
data/third_party/boringssl/ssl/s3_both.c +116 -130
data/third_party/boringssl/ssl/s3_clnt.c +589 -740
data/third_party/boringssl/ssl/s3_enc.c +52 -151
data/third_party/boringssl/ssl/s3_lib.c +70 -76
data/third_party/boringssl/ssl/s3_pkt.c +105 -144
data/third_party/boringssl/ssl/s3_srvr.c +542 -806
data/third_party/boringssl/ssl/ssl_aead_ctx.c +1 -1
data/third_party/boringssl/ssl/ssl_cert.c +2 -2
data/third_party/boringssl/ssl/ssl_cipher.c +7 -3
data/third_party/boringssl/ssl/ssl_ecdh.c +374 -0
data/third_party/boringssl/ssl/ssl_lib.c +260 -221
data/third_party/boringssl/ssl/ssl_session.c +17 -17
data/third_party/boringssl/ssl/t1_enc.c +128 -273
data/third_party/boringssl/ssl/t1_lib.c +134 -258
data/third_party/boringssl/ssl/test/test_config.h +2 -0
data/third_party/boringssl/ssl/tls_record.c +52 -15
metadata +385 -359
data/src/core/channel/client_uchannel.c +0 -243
data/src/core/channel/client_uchannel.h +0 -60
data/src/core/channel/connected_channel.h +0 -51
data/src/core/client_config/lb_policies/pick_first.h +0 -43
data/src/core/client_config/resolvers/dns_resolver.h +0 -42
data/src/core/client_config/subchannel_factory.h +0 -66
data/src/core/httpcli/parser.c +0 -211
data/src/core/iomgr/fd_posix.c +0 -451
data/src/core/iomgr/fd_posix.h +0 -192
data/src/core/iomgr/pollset_multipoller_with_epoll.c +0 -324
data/src/core/iomgr/pollset_multipoller_with_poll_posix.c +0 -234
data/src/core/iomgr/pollset_posix.c +0 -633
data/src/core/iomgr/pollset_posix.h +0 -153
data/src/core/iomgr/pollset_set_posix.c +0 -202
data/src/core/iomgr/pollset_set_posix.h +0 -45
data/src/core/surface/init.c +0 -174
data/src/core/surface/init_secure.c +0 -42
data/src/core/surface/server_create.c +0 -48
data/src/core/transport/chttp2/huffsyms.c +0 -297
data/src/ruby/bin/grpc_ruby_interop_client +0 -33
data/src/ruby/bin/grpc_ruby_interop_server +0 -33
data/third_party/boringssl/crypto/dsa/internal.h +0 -78

data/third_party/boringssl/crypto/x509v3/v3_prn.c CHANGED

@@ -1,6 +1,7 @@
 /* v3_prn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -63,145 +64,169 @@
 #include <openssl/mem.h>
 #include <openssl/x509v3.h>
 /* Extension printing routines */
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
+                             unsigned long flag, int indent, int supported);
 /* Print out a name+value stack */
-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+                        int ml)
 {
-	size_t i;
-	CONF_VALUE *nval;
-	if(!val) return;
-	if(!ml || !sk_CONF_VALUE_num(val)) {
-		BIO_printf(out, "%*s", indent, "");
-		if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
-		if(ml) BIO_printf(out, "%*s", indent, "");
-		else if(i > 0) BIO_printf(out, ", ");
-		nval = sk_CONF_VALUE_value(val, i);
-		if(!nval->name) BIO_puts(out, nval->value);
-		else if(!nval->value) BIO_puts(out, nval->name);
-		else BIO_printf(out, "%s:%s", nval->name, nval->value);
-		if(ml) BIO_puts(out, "\n");
-	}
+    size_t i;
+    CONF_VALUE *nval;
+    if (!val)
+        return;
+    if (!ml || !sk_CONF_VALUE_num(val)) {
+        BIO_printf(out, "%*s", indent, "");
+        if (!sk_CONF_VALUE_num(val))
+            BIO_puts(out, "<EMPTY>\n");
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(val); i++) {
+        if (ml)
+            BIO_printf(out, "%*s", indent, "");
+        else if (i > 0)
+            BIO_printf(out, ", ");
+        nval = sk_CONF_VALUE_value(val, i);
+        if (!nval->name)
+            BIO_puts(out, nval->value);
+        else if (!nval->value)
+            BIO_puts(out, nval->name);
+        else
+            BIO_printf(out, "%s:%s", nval->name, nval->value);
+        if (ml)
+            BIO_puts(out, "\n");
+    }
 }
 /* Main routine: print out a general extension */
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+                     int indent)
 {
-	void *ext_str = NULL;
-	char *value = NULL;
-	const unsigned char *p;
-	const X509V3_EXT_METHOD *method;
-	STACK_OF(CONF_VALUE) *nval = NULL;
-	int ok = 1;
-	if(!(method = X509V3_EXT_get(ext)))
-		return unknown_ext_print(out, ext, flag, indent, 0);
-	p = ext->value->data;
-	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
-	else ext_str = method->d2i(NULL, &p, ext->value->length);
-	if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
-	if(method->i2s) {
-		if(!(value = method->i2s(method, ext_str))) {
-			ok = 0;
-			goto err;
-		}
-		BIO_printf(out, "%*s%s", indent, "", value);
-	} else if(method->i2v) {
-		if(!(nval = method->i2v(method, ext_str, NULL))) {
-			ok = 0;
-			goto err;
-		}
-		X509V3_EXT_val_prn(out, nval, indent,
-				 method->ext_flags & X509V3_EXT_MULTILINE);
-	} else if(method->i2r) {
-		if(!method->i2r(method, ext_str, out, indent)) ok = 0;
-	} else ok = 0;
-	err:
-		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
-		if(value) OPENSSL_free(value);
-		if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
-		else method->ext_free(ext_str);
-		return ok;
+    void *ext_str = NULL;
+    char *value = NULL;
+    const unsigned char *p;
+    const X509V3_EXT_METHOD *method;
+    STACK_OF(CONF_VALUE) *nval = NULL;
+    int ok = 1;
+    if (!(method = X509V3_EXT_get(ext)))
+        return unknown_ext_print(out, ext, flag, indent, 0);
+    p = ext->value->data;
+    if (method->it)
+        ext_str =
+            ASN1_item_d2i(NULL, &p, ext->value->length,
+                          ASN1_ITEM_ptr(method->it));
+    else
+        ext_str = method->d2i(NULL, &p, ext->value->length);
+    if (!ext_str)
+        return unknown_ext_print(out, ext, flag, indent, 1);
+    if (method->i2s) {
+        if (!(value = method->i2s(method, ext_str))) {
+            ok = 0;
+            goto err;
+        }
+        BIO_printf(out, "%*s%s", indent, "", value);
+    } else if (method->i2v) {
+        if (!(nval = method->i2v(method, ext_str, NULL))) {
+            ok = 0;
+            goto err;
+        }
+        X509V3_EXT_val_prn(out, nval, indent,
+                           method->ext_flags & X509V3_EXT_MULTILINE);
+    } else if (method->i2r) {
+        if (!method->i2r(method, ext_str, out, indent))
+            ok = 0;
+    } else
+        ok = 0;
+ err:
+    sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+    if (value)
+        OPENSSL_free(value);
+    if (method->it)
+        ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+    else
+        method->ext_free(ext_str);
+    return ok;
 }
-int X509V3_extensions_print(BIO *bp, const char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
+int X509V3_extensions_print(BIO *bp, const char *title,
+                            STACK_OF(X509_EXTENSION) *exts,
+                            unsigned long flag, int indent)
 {
-	size_t i;
-	int j;
-	if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
-	if(title)
-		{
-		BIO_printf(bp,"%*s%s:\n",indent, "", title);
-		indent += 4;
-		}
-	for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
-		{
-		ASN1_OBJECT *obj;
-		X509_EXTENSION *ex;
-		ex=sk_X509_EXTENSION_value(exts, i);
-		if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
-		obj=X509_EXTENSION_get_object(ex);
-		i2a_ASN1_OBJECT(bp,obj);
-		j=X509_EXTENSION_get_critical(ex);
-		if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
-			return 0;
-		if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
-			{
-			BIO_printf(bp, "%*s", indent + 4, "");
-			M_ASN1_OCTET_STRING_print(bp,ex->value);
-			}
-		if (BIO_write(bp,"\n",1) <= 0) return 0;
-		}
-	return 1;
+    size_t i;
+    int j;
+    if (sk_X509_EXTENSION_num(exts) <= 0)
+        return 1;
+    if (title) {
+        BIO_printf(bp, "%*s%s:\n", indent, "", title);
+        indent += 4;
+    }
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        ASN1_OBJECT *obj;
+        X509_EXTENSION *ex;
+        ex = sk_X509_EXTENSION_value(exts, i);
+        if (indent && BIO_printf(bp, "%*s", indent, "") <= 0)
+            return 0;
+        obj = X509_EXTENSION_get_object(ex);
+        i2a_ASN1_OBJECT(bp, obj);
+        j = X509_EXTENSION_get_critical(ex);
+        if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
+            return 0;
+        if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
+            BIO_printf(bp, "%*s", indent + 4, "");
+            M_ASN1_OCTET_STRING_print(bp, ex->value);
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            return 0;
+    }
+    return 1;
 }
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
+                             unsigned long flag, int indent, int supported)
 {
-	switch(flag & X509V3_EXT_UNKNOWN_MASK) {
-		case X509V3_EXT_DEFAULT:
-		return 0;
-		case X509V3_EXT_ERROR_UNKNOWN:
-		if(supported)
-			BIO_printf(out, "%*s<Parse Error>", indent, "");
-		else
-			BIO_printf(out, "%*s<Not Supported>", indent, "");
-		return 1;
-		case X509V3_EXT_PARSE_UNKNOWN:
-			return ASN1_parse_dump(out,
-				ext->value->data, ext->value->length, indent, -1);
-		case X509V3_EXT_DUMP_UNKNOWN:
-			return BIO_hexdump(out, ext->value->data, ext->value->length, indent);
-		default:
-		return 1;
-	}
+    switch (flag & X509V3_EXT_UNKNOWN_MASK) {
+    case X509V3_EXT_DEFAULT:
+        return 0;
+    case X509V3_EXT_ERROR_UNKNOWN:
+        if (supported)
+            BIO_printf(out, "%*s<Parse Error>", indent, "");
+        else
+            BIO_printf(out, "%*s<Not Supported>", indent, "");
+        return 1;
+    case X509V3_EXT_PARSE_UNKNOWN:
+        return ASN1_parse_dump(out,
+                               ext->value->data, ext->value->length, indent,
+                               -1);
+    case X509V3_EXT_DUMP_UNKNOWN:
+        return BIO_hexdump(out, ext->value->data, ext->value->length, indent);
+    default:
+        return 1;
+    }
 }
 #ifndef OPENSSL_NO_FP_API
 int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
 {
-	BIO *bio_tmp;
-	int ret;
-	if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
-	ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
-	BIO_free(bio_tmp);
-	return ret;
+    BIO *bio_tmp;
+    int ret;
+    if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)))
+        return 0;
+    ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
+    BIO_free(bio_tmp);
+    return ret;
 }
 #endif

data/third_party/boringssl/crypto/x509v3/v3_purp.c CHANGED

@@ -1,6 +1,7 @@
 /* v3_purp.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -69,26 +70,32 @@
 #include "../internal.h"
 #define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
 #define ku_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
 #define xku_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
+        (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
 #define ns_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
+        (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
 static void x509v3_cache_extensions(X509 *x);
 static int check_ssl_ca(const X509 *x);
-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca);
 static int purpose_smime(const X509 *x, int ca);
-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca);
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+                                  int ca);
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+                                        int ca);
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
@@ -96,15 +103,29 @@ static int xp_cmp(const X509_PURPOSE **a, const X509_PURPOSE **b);
 static void xptable_free(X509_PURPOSE *p);
 static X509_PURPOSE xstandard[] = {
-	{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, (char *) "SSL client", (char *) "sslclient", NULL},
-	{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, (char *) "SSL server", (char *) "sslserver", NULL},
-	{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, (char *) "Netscape SSL server", (char *) "nssslserver", NULL},
-	{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, (char *) "S/MIME signing", (char *) "smimesign", NULL},
-	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, (char *) "S/MIME encryption", (char *) "smimeencrypt", NULL},
-	{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, (char *) "CRL signing", (char *) "crlsign", NULL},
-	{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, (char *) "Any Purpose", (char *) "any", NULL},
-	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, (char *) "OCSP helper", (char *) "ocsphelper", NULL},
-	{X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, (char *) "Time Stamp signing", (char *) "timestampsign", NULL},
+    {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
+     check_purpose_ssl_client, (char *)"SSL client", (char *)"sslclient",
+     NULL},
+    {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+     check_purpose_ssl_server, (char *)"SSL server", (char *)"sslserver",
+     NULL},
+    {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+     check_purpose_ns_ssl_server, (char *)"Netscape SSL server",
+     (char *)"nssslserver", NULL},
+    {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign,
+     (char *)"S/MIME signing", (char *)"smimesign", NULL},
+    {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0,
+     check_purpose_smime_encrypt, (char *)"S/MIME encryption",
+     (char *)"smimeencrypt", NULL},
+    {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign,
+     (char *)"CRL signing", (char *)"crlsign", NULL},
+    {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, (char *)"Any Purpose",
+     (char *)"any", NULL},
+    {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper,
+     (char *)"OCSP helper", (char *)"ocsphelper", NULL},
+    {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0,
+     check_purpose_timestamp_sign, (char *)"Time Stamp signing",
+     (char *)"timestampsign", NULL},
 };
 #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
@@ -113,693 +134,741 @@ static STACK_OF(X509_PURPOSE) *xptable = NULL;
 static int xp_cmp(const X509_PURPOSE **a, const X509_PURPOSE **b)
 {
-	return (*a)->purpose - (*b)->purpose;
+    return (*a)->purpose - (*b)->purpose;
 }
-/* As much as I'd like to make X509_check_purpose use a "const" X509*
- * I really can't because it does recalculate hashes and do other non-const
- * things. */
+/*
+ * As much as I'd like to make X509_check_purpose use a "const" X509* I
+ * really can't because it does recalculate hashes and do other non-const
+ * things.
+ */
 int X509_check_purpose(X509 *x, int id, int ca)
 {
-	int idx;
-	const X509_PURPOSE *pt;
-	if(!(x->ex_flags & EXFLAG_SET)) {
-		x509v3_cache_extensions(x);
-	}
-	if(id == -1) return 1;
-	idx = X509_PURPOSE_get_by_id(id);
-	if(idx == -1) return -1;
-	pt = X509_PURPOSE_get0(idx);
-	return pt->check_purpose(pt, x, ca);
+    int idx;
+    const X509_PURPOSE *pt;
+    if (!(x->ex_flags & EXFLAG_SET)) {
+        x509v3_cache_extensions(x);
+    }
+    if (id == -1)
+        return 1;
+    idx = X509_PURPOSE_get_by_id(id);
+    if (idx == -1)
+        return -1;
+    pt = X509_PURPOSE_get0(idx);
+    return pt->check_purpose(pt, x, ca);
 }
 int X509_PURPOSE_set(int *p, int purpose)
 {
-	if(X509_PURPOSE_get_by_id(purpose) == -1) {
-		OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_PURPOSE);
-		return 0;
-	}
-	*p = purpose;
-	return 1;
+    if (X509_PURPOSE_get_by_id(purpose) == -1) {
+        OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_PURPOSE);
+        return 0;
+    }
+    *p = purpose;
+    return 1;
 }
 int X509_PURPOSE_get_count(void)
 {
-	if(!xptable) return X509_PURPOSE_COUNT;
-	return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
+    if (!xptable)
+        return X509_PURPOSE_COUNT;
+    return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
 }
-X509_PURPOSE * X509_PURPOSE_get0(int idx)
+X509_PURPOSE *X509_PURPOSE_get0(int idx)
 {
-	if(idx < 0) return NULL;
-	if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx;
-	return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
+    if (idx < 0)
+        return NULL;
+    if (idx < (int)X509_PURPOSE_COUNT)
+        return xstandard + idx;
+    return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
 }
 int X509_PURPOSE_get_by_sname(char *sname)
 {
-	int i;
-	X509_PURPOSE *xptmp;
-	for(i = 0; i < X509_PURPOSE_get_count(); i++) {
-		xptmp = X509_PURPOSE_get0(i);
-		if(!strcmp(xptmp->sname, sname)) return i;
-	}
-	return -1;
+    int i;
+    X509_PURPOSE *xptmp;
+    for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+        xptmp = X509_PURPOSE_get0(i);
+        if (!strcmp(xptmp->sname, sname))
+            return i;
+    }
+    return -1;
 }
 int X509_PURPOSE_get_by_id(int purpose)
 {
-	X509_PURPOSE tmp;
-	size_t idx;
-	if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
-		return purpose - X509_PURPOSE_MIN;
-	tmp.purpose = purpose;
-	if(!xptable) return -1;
-	if (!sk_X509_PURPOSE_find(xptable, &idx, &tmp))
-		return -1;
-	return idx + X509_PURPOSE_COUNT;
+    X509_PURPOSE tmp;
+    size_t idx;
+    if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+        return purpose - X509_PURPOSE_MIN;
+    tmp.purpose = purpose;
+    if (!xptable)
+        return -1;
+    if (!sk_X509_PURPOSE_find(xptable, &idx, &tmp))
+        return -1;
+    return idx + X509_PURPOSE_COUNT;
 }
 int X509_PURPOSE_add(int id, int trust, int flags,
-			int (*ck)(const X509_PURPOSE *, const X509 *, int),
-					char *name, char *sname, void *arg)
-{
-	int idx;
-	X509_PURPOSE *ptmp;
-	char *name_dup, *sname_dup;
-	/* This is set according to what we change: application can't set it */
-	flags &= ~X509_PURPOSE_DYNAMIC;
-	/* This will always be set for application modified trust entries */
-	flags |= X509_PURPOSE_DYNAMIC_NAME;
-	/* Get existing entry if any */
-	idx = X509_PURPOSE_get_by_id(id);
-	/* Need a new entry */
-	if(idx == -1) {
-		if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
-			OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		ptmp->flags = X509_PURPOSE_DYNAMIC;
-	} else ptmp = X509_PURPOSE_get0(idx);
-	/* Duplicate the supplied names. */
-	name_dup = BUF_strdup(name);
-	sname_dup = BUF_strdup(sname);
-	if (name_dup == NULL || sname_dup == NULL) {
-		OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
-		if (name_dup != NULL)
-			OPENSSL_free(name_dup);
-		if (sname_dup != NULL)
-			OPENSSL_free(sname_dup);
-		if (idx == -1)
-			OPENSSL_free(ptmp);
-		return 0;
-	}
-	/* OPENSSL_free existing name if dynamic */
-	if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
-		OPENSSL_free(ptmp->name);
-		OPENSSL_free(ptmp->sname);
-	}
-	/* dup supplied name */
-	ptmp->name = name_dup;
-	ptmp->sname = sname_dup;
-	/* Keep the dynamic flag of existing entry */
-	ptmp->flags &= X509_PURPOSE_DYNAMIC;
-	/* Set all other flags */
-	ptmp->flags |= flags;
-	ptmp->purpose = id;
-	ptmp->trust = trust;
-	ptmp->check_purpose = ck;
-	ptmp->usr_data = arg;
-	/* If its a new entry manage the dynamic table */
-	if(idx == -1) {
-		if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
-			OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
-			xptable_free(ptmp);
-			return 0;
-		}
-		if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
-			OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
-			xptable_free(ptmp);
-			return 0;
-		}
-	}
-	return 1;
+                     int (*ck) (const X509_PURPOSE *, const X509 *, int),
+                     char *name, char *sname, void *arg)
+{
+    int idx;
+    X509_PURPOSE *ptmp;
+    char *name_dup, *sname_dup;
+    /*
+     * This is set according to what we change: application can't set it
+     */
+    flags &= ~X509_PURPOSE_DYNAMIC;
+    /* This will always be set for application modified trust entries */
+    flags |= X509_PURPOSE_DYNAMIC_NAME;
+    /* Get existing entry if any */
+    idx = X509_PURPOSE_get_by_id(id);
+    /* Need a new entry */
+    if (idx == -1) {
+        if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
+            OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        ptmp->flags = X509_PURPOSE_DYNAMIC;
+    } else
+        ptmp = X509_PURPOSE_get0(idx);
+    /* Duplicate the supplied names. */
+    name_dup = BUF_strdup(name);
+    sname_dup = BUF_strdup(sname);
+    if (name_dup == NULL || sname_dup == NULL) {
+        OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
+        if (name_dup != NULL)
+            OPENSSL_free(name_dup);
+        if (sname_dup != NULL)
+            OPENSSL_free(sname_dup);
+        if (idx == -1)
+            OPENSSL_free(ptmp);
+        return 0;
+    }
+    /* OPENSSL_free existing name if dynamic */
+    if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
+        OPENSSL_free(ptmp->name);
+        OPENSSL_free(ptmp->sname);
+    }
+    /* dup supplied name */
+    ptmp->name = name_dup;
+    ptmp->sname = sname_dup;
+    /* Keep the dynamic flag of existing entry */
+    ptmp->flags &= X509_PURPOSE_DYNAMIC;
+    /* Set all other flags */
+    ptmp->flags |= flags;
+    ptmp->purpose = id;
+    ptmp->trust = trust;
+    ptmp->check_purpose = ck;
+    ptmp->usr_data = arg;
+    /* If its a new entry manage the dynamic table */
+    if (idx == -1) {
+        if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
+            OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
+            xptable_free(ptmp);
+            return 0;
+        }
+        if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
+            OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
+            xptable_free(ptmp);
+            return 0;
+        }
+    }
+    return 1;
 }
 static void xptable_free(X509_PURPOSE *p)
-	{
-	if(!p) return;
-	if (p->flags & X509_PURPOSE_DYNAMIC)
-		{
-		if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
-			OPENSSL_free(p->name);
-			OPENSSL_free(p->sname);
-		}
-		OPENSSL_free(p);
-		}
-	}
+{
+    if (!p)
+        return;
+    if (p->flags & X509_PURPOSE_DYNAMIC) {
+        if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
+            OPENSSL_free(p->name);
+            OPENSSL_free(p->sname);
+        }
+        OPENSSL_free(p);
+    }
+}
 void X509_PURPOSE_cleanup(void)
 {
-	unsigned int i;
-	sk_X509_PURPOSE_pop_free(xptable, xptable_free);
-	for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
-	xptable = NULL;
+    unsigned int i;
+    sk_X509_PURPOSE_pop_free(xptable, xptable_free);
+    for (i = 0; i < X509_PURPOSE_COUNT; i++)
+        xptable_free(xstandard + i);
+    xptable = NULL;
 }
 int X509_PURPOSE_get_id(X509_PURPOSE *xp)
 {
-	return xp->purpose;
+    return xp->purpose;
 }
 char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
 {
-	return xp->name;
+    return xp->name;
 }
 char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
 {
-	return xp->sname;
+    return xp->sname;
 }
 int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
 {
-	return xp->trust;
+    return xp->trust;
 }
 static int nid_cmp(const void *void_a, const void *void_b)
-	{
-	const int *a = void_a, *b = void_b;
+{
+    const int *a = void_a, *b = void_b;
-	return *a - *b;
-	}
+    return *a - *b;
+}
 int X509_supported_extension(X509_EXTENSION *ex)
-	{
-	/* This table is a list of the NIDs of supported extensions:
-	 * that is those which are used by the verify process. If
-	 * an extension is critical and doesn't appear in this list
-	 * then the verify process will normally reject the certificate.
-	 * The list must be kept in numerical order because it will be
-	 * searched using bsearch.
-	 */
-	static const int supported_nids[] = {
-		NID_netscape_cert_type, /* 71 */
-        	NID_key_usage,		/* 83 */
-		NID_subject_alt_name,	/* 85 */
-		NID_basic_constraints,	/* 87 */
-		NID_certificate_policies, /* 89 */
-        	NID_ext_key_usage,	/* 126 */
-		NID_policy_constraints,	/* 401 */
-		NID_proxyCertInfo,	/* 663 */
-		NID_name_constraints,	/* 666 */
-		NID_policy_mappings,	/* 747 */
-		NID_inhibit_any_policy	/* 748 */
-	};
-	int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
-	if (ex_nid == NID_undef)
-		return 0;
-	if (bsearch(&ex_nid, supported_nids, sizeof(supported_nids)/sizeof(int), sizeof(int), nid_cmp) != NULL)
-		return 1;
-	return 0;
-	}
+{
+    /*
+     * This table is a list of the NIDs of supported extensions: that is
+     * those which are used by the verify process. If an extension is
+     * critical and doesn't appear in this list then the verify process will
+     * normally reject the certificate. The list must be kept in numerical
+     * order because it will be searched using bsearch.
+     */
+    static const int supported_nids[] = {
+        NID_netscape_cert_type, /* 71 */
+        NID_key_usage,          /* 83 */
+        NID_subject_alt_name,   /* 85 */
+        NID_basic_constraints,  /* 87 */
+        NID_certificate_policies, /* 89 */
+        NID_ext_key_usage,      /* 126 */
+        NID_policy_constraints, /* 401 */
+        NID_proxyCertInfo,      /* 663 */
+        NID_name_constraints,   /* 666 */
+        NID_policy_mappings,    /* 747 */
+        NID_inhibit_any_policy  /* 748 */
+    };
+    int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+    if (ex_nid == NID_undef)
+        return 0;
+    if (bsearch
+        (&ex_nid, supported_nids, sizeof(supported_nids) / sizeof(int),
+         sizeof(int), nid_cmp) != NULL)
+        return 1;
+    return 0;
+}
 static void setup_dp(X509 *x, DIST_POINT *dp)
-	{
-	X509_NAME *iname = NULL;
-	size_t i;
-	if (dp->reasons)
-		{
-		if (dp->reasons->length > 0)
-			dp->dp_reasons = dp->reasons->data[0];
-		if (dp->reasons->length > 1)
-			dp->dp_reasons |= (dp->reasons->data[1] << 8);
-		dp->dp_reasons &= CRLDP_ALL_REASONS;
-		}
-	else
-		dp->dp_reasons = CRLDP_ALL_REASONS;
-	if (!dp->distpoint || (dp->distpoint->type != 1))
-		return;
-	for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++)
-		{
-		GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
-		if (gen->type == GEN_DIRNAME)
-			{
-			iname = gen->d.directoryName;
-			break;
-			}
-		}
-	if (!iname)
-		iname = X509_get_issuer_name(x);
-	DIST_POINT_set_dpname(dp->distpoint, iname);
-	}
+{
+    X509_NAME *iname = NULL;
+    size_t i;
+    if (dp->reasons) {
+        if (dp->reasons->length > 0)
+            dp->dp_reasons = dp->reasons->data[0];
+        if (dp->reasons->length > 1)
+            dp->dp_reasons |= (dp->reasons->data[1] << 8);
+        dp->dp_reasons &= CRLDP_ALL_REASONS;
+    } else
+        dp->dp_reasons = CRLDP_ALL_REASONS;
+    if (!dp->distpoint || (dp->distpoint->type != 1))
+        return;
+    for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+        if (gen->type == GEN_DIRNAME) {
+            iname = gen->d.directoryName;
+            break;
+        }
+    }
+    if (!iname)
+        iname = X509_get_issuer_name(x);
+    DIST_POINT_set_dpname(dp->distpoint, iname);
+}
 static void setup_crldp(X509 *x)
-	{
-	size_t i;
-	x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
-	for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
-		setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
-	}
-/* g_x509_cache_extensions_lock is used to protect against concurrent calls to
- * |x509v3_cache_extensions|. Ideally this would be done with a |CRYPTO_once_t|
- * in the |X509| structure, but |CRYPTO_once_t| isn't public.
- *
+{
+    size_t i;
+    x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
+    for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++)
+        setup_dp(x, sk_DIST_POINT_value(x->crldp, i));
+}
+/*
+ * g_x509_cache_extensions_lock is used to protect against concurrent calls
+ * to |x509v3_cache_extensions|. Ideally this would be done with a
+ * |CRYPTO_once_t| in the |X509| structure, but |CRYPTO_once_t| isn't public.
  * Note: it's not entirely clear whether this lock is needed. Not all paths to
- * this function took a lock in OpenSSL. */
+ * this function took a lock in OpenSSL.
+ */
 static struct CRYPTO_STATIC_MUTEX g_x509_cache_extensions_lock =
     CRYPTO_STATIC_MUTEX_INIT;
 static void x509v3_cache_extensions(X509 *x)
 {
-	BASIC_CONSTRAINTS *bs;
-	PROXY_CERT_INFO_EXTENSION *pci;
-	ASN1_BIT_STRING *usage;
-	ASN1_BIT_STRING *ns;
-	EXTENDED_KEY_USAGE *extusage;
-	X509_EXTENSION *ex;
-	size_t i;
-	int j;
-	CRYPTO_STATIC_MUTEX_lock_write(&g_x509_cache_extensions_lock);
-	if(x->ex_flags & EXFLAG_SET)
-		{
-		CRYPTO_STATIC_MUTEX_unlock(&g_x509_cache_extensions_lock);
-		return;
-		}
-	X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
-	/* V1 should mean no extensions ... */
-	if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
-	/* Handle basic constraints */
-	if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
-		if(bs->ca) x->ex_flags |= EXFLAG_CA;
-		if(bs->pathlen) {
-			if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
-						|| !bs->ca) {
-				x->ex_flags |= EXFLAG_INVALID;
-				x->ex_pathlen = 0;
-			} else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
-		} else x->ex_pathlen = -1;
-		BASIC_CONSTRAINTS_free(bs);
-		x->ex_flags |= EXFLAG_BCONS;
-	}
-	/* Handle proxy certificates */
-	if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
-		if (x->ex_flags & EXFLAG_CA
-		    || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
-		    || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
-			x->ex_flags |= EXFLAG_INVALID;
-		}
-		if (pci->pcPathLengthConstraint) {
-			x->ex_pcpathlen =
-				ASN1_INTEGER_get(pci->pcPathLengthConstraint);
-		} else x->ex_pcpathlen = -1;
-		PROXY_CERT_INFO_EXTENSION_free(pci);
-		x->ex_flags |= EXFLAG_PROXY;
-	}
-	/* Handle key usage */
-	if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
-		if(usage->length > 0) {
-			x->ex_kusage = usage->data[0];
-			if(usage->length > 1)
-				x->ex_kusage |= usage->data[1] << 8;
-		} else x->ex_kusage = 0;
-		x->ex_flags |= EXFLAG_KUSAGE;
-		ASN1_BIT_STRING_free(usage);
-	}
-	x->ex_xkusage = 0;
-	if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
-		x->ex_flags |= EXFLAG_XKUSAGE;
-		for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
-			switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
-				case NID_server_auth:
-				x->ex_xkusage |= XKU_SSL_SERVER;
-				break;
-				case NID_client_auth:
-				x->ex_xkusage |= XKU_SSL_CLIENT;
-				break;
-				case NID_email_protect:
-				x->ex_xkusage |= XKU_SMIME;
-				break;
-				case NID_code_sign:
-				x->ex_xkusage |= XKU_CODE_SIGN;
-				break;
-				case NID_ms_sgc:
-				case NID_ns_sgc:
-				x->ex_xkusage |= XKU_SGC;
-				break;
-				case NID_OCSP_sign:
-				x->ex_xkusage |= XKU_OCSP_SIGN;
-				break;
-				case NID_time_stamp:
-				x->ex_xkusage |= XKU_TIMESTAMP;
-				break;
-				case NID_dvcs:
-				x->ex_xkusage |= XKU_DVCS;
-				break;
-				case NID_anyExtendedKeyUsage:
-				x->ex_xkusage |= XKU_ANYEKU;
-				break;
-			}
-		}
-		sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
-	}
-	if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
-		if(ns->length > 0) x->ex_nscert = ns->data[0];
-		else x->ex_nscert = 0;
-		x->ex_flags |= EXFLAG_NSCERT;
-		ASN1_BIT_STRING_free(ns);
-	}
-	x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
-	x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
-	/* Does subject name match issuer ? */
-	if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
-			{
-			x->ex_flags |= EXFLAG_SI;
-			/* If SKID matches AKID also indicate self signed */
-			if (X509_check_akid(x, x->akid) == X509_V_OK &&
-				!ku_reject(x, KU_KEY_CERT_SIGN))
-				x->ex_flags |= EXFLAG_SS;
-			}
-	x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
-	x->nc = X509_get_ext_d2i(x, NID_name_constraints, &j, NULL);
-	if (!x->nc && (j != -1))
-		x->ex_flags |= EXFLAG_INVALID;
-	setup_crldp(x);
-	for (j = 0; j < X509_get_ext_count(x); j++)
-		{
-		ex = X509_get_ext(x, j);
-		if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
-					== NID_freshest_crl)
-			x->ex_flags |= EXFLAG_FRESHEST;
-		if (!X509_EXTENSION_get_critical(ex))
-			continue;
-		if (!X509_supported_extension(ex))
-			{
-			x->ex_flags |= EXFLAG_CRITICAL;
-			break;
-			}
-		}
-	x->ex_flags |= EXFLAG_SET;
-	CRYPTO_STATIC_MUTEX_unlock(&g_x509_cache_extensions_lock);
-}
-/* CA checks common to all purposes
- * return codes:
- * 0 not a CA
- * 1 is a CA
- * 2 basicConstraints absent so "maybe" a CA
- * 3 basicConstraints absent but self signed V1.
- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+    BASIC_CONSTRAINTS *bs;
+    PROXY_CERT_INFO_EXTENSION *pci;
+    ASN1_BIT_STRING *usage;
+    ASN1_BIT_STRING *ns;
+    EXTENDED_KEY_USAGE *extusage;
+    X509_EXTENSION *ex;
+    size_t i;
+    int j;
+    CRYPTO_STATIC_MUTEX_lock_write(&g_x509_cache_extensions_lock);
+    if (x->ex_flags & EXFLAG_SET) {
+        CRYPTO_STATIC_MUTEX_unlock(&g_x509_cache_extensions_lock);
+        return;
+    }
+    X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
+    /* V1 should mean no extensions ... */
+    if (!X509_get_version(x))
+        x->ex_flags |= EXFLAG_V1;
+    /* Handle basic constraints */
+    if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
+        if (bs->ca)
+            x->ex_flags |= EXFLAG_CA;
+        if (bs->pathlen) {
+            if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
+                || !bs->ca) {
+                x->ex_flags |= EXFLAG_INVALID;
+                x->ex_pathlen = 0;
+            } else
+                x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
+        } else
+            x->ex_pathlen = -1;
+        BASIC_CONSTRAINTS_free(bs);
+        x->ex_flags |= EXFLAG_BCONS;
+    }
+    /* Handle proxy certificates */
+    if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
+        if (x->ex_flags & EXFLAG_CA
+            || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
+            || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
+            x->ex_flags |= EXFLAG_INVALID;
+        }
+        if (pci->pcPathLengthConstraint) {
+            x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint);
+        } else
+            x->ex_pcpathlen = -1;
+        PROXY_CERT_INFO_EXTENSION_free(pci);
+        x->ex_flags |= EXFLAG_PROXY;
+    }
+    /* Handle key usage */
+    if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
+        if (usage->length > 0) {
+            x->ex_kusage = usage->data[0];
+            if (usage->length > 1)
+                x->ex_kusage |= usage->data[1] << 8;
+        } else
+            x->ex_kusage = 0;
+        x->ex_flags |= EXFLAG_KUSAGE;
+        ASN1_BIT_STRING_free(usage);
+    }
+    x->ex_xkusage = 0;
+    if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
+        x->ex_flags |= EXFLAG_XKUSAGE;
+        for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
+            switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
+            case NID_server_auth:
+                x->ex_xkusage |= XKU_SSL_SERVER;
+                break;
+            case NID_client_auth:
+                x->ex_xkusage |= XKU_SSL_CLIENT;
+                break;
+            case NID_email_protect:
+                x->ex_xkusage |= XKU_SMIME;
+                break;
+            case NID_code_sign:
+                x->ex_xkusage |= XKU_CODE_SIGN;
+                break;
+            case NID_ms_sgc:
+            case NID_ns_sgc:
+                x->ex_xkusage |= XKU_SGC;
+                break;
+            case NID_OCSP_sign:
+                x->ex_xkusage |= XKU_OCSP_SIGN;
+                break;
+            case NID_time_stamp:
+                x->ex_xkusage |= XKU_TIMESTAMP;
+                break;
+            case NID_dvcs:
+                x->ex_xkusage |= XKU_DVCS;
+                break;
+            case NID_anyExtendedKeyUsage:
+                x->ex_xkusage |= XKU_ANYEKU;
+                break;
+            }
+        }
+        sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+    }
+    if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
+        if (ns->length > 0)
+            x->ex_nscert = ns->data[0];
+        else
+            x->ex_nscert = 0;
+        x->ex_flags |= EXFLAG_NSCERT;
+        ASN1_BIT_STRING_free(ns);
+    }
+    x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
+    x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+    /* Does subject name match issuer ? */
+    if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
+        x->ex_flags |= EXFLAG_SI;
+        /* If SKID matches AKID also indicate self signed */
+        if (X509_check_akid(x, x->akid) == X509_V_OK &&
+            !ku_reject(x, KU_KEY_CERT_SIGN))
+            x->ex_flags |= EXFLAG_SS;
+    }
+    x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    x->nc = X509_get_ext_d2i(x, NID_name_constraints, &j, NULL);
+    if (!x->nc && (j != -1))
+        x->ex_flags |= EXFLAG_INVALID;
+    setup_crldp(x);
+    for (j = 0; j < X509_get_ext_count(x); j++) {
+        ex = X509_get_ext(x, j);
+        if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
+            == NID_freshest_crl)
+            x->ex_flags |= EXFLAG_FRESHEST;
+        if (!X509_EXTENSION_get_critical(ex))
+            continue;
+        if (!X509_supported_extension(ex)) {
+            x->ex_flags |= EXFLAG_CRITICAL;
+            break;
+        }
+    }
+    x->ex_flags |= EXFLAG_SET;
+    CRYPTO_STATIC_MUTEX_unlock(&g_x509_cache_extensions_lock);
+}
+/*
+ * CA checks common to all purposes return codes: 0 not a CA 1 is a CA 2
+ * basicConstraints absent so "maybe" a CA 3 basicConstraints absent but self
+ * signed V1. 4 basicConstraints absent but keyUsage present and keyCertSign
+ * asserted.
  */
 static int check_ca(const X509 *x)
 {
-	/* keyUsage if present should allow cert signing */
-	if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
-	if(x->ex_flags & EXFLAG_BCONS) {
-		if(x->ex_flags & EXFLAG_CA) return 1;
-		/* If basicConstraints says not a CA then say so */
-		else return 0;
-	} else {
-		/* we support V1 roots for...  uh, I don't really know why. */
-		if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
-		/* If key usage present it must have certSign so tolerate it */
-		else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
-		/* Older certificates could have Netscape-specific CA types */
-		else if (x->ex_flags & EXFLAG_NSCERT
-			 && x->ex_nscert & NS_ANY_CA) return 5;
-		/* can this still be regarded a CA certificate?  I doubt it */
-		return 0;
-	}
+    /* keyUsage if present should allow cert signing */
+    if (ku_reject(x, KU_KEY_CERT_SIGN))
+        return 0;
+    if (x->ex_flags & EXFLAG_BCONS) {
+        if (x->ex_flags & EXFLAG_CA)
+            return 1;
+        /* If basicConstraints says not a CA then say so */
+        else
+            return 0;
+    } else {
+        /* we support V1 roots for...  uh, I don't really know why. */
+        if ((x->ex_flags & V1_ROOT) == V1_ROOT)
+            return 3;
+        /*
+         * If key usage present it must have certSign so tolerate it
+         */
+        else if (x->ex_flags & EXFLAG_KUSAGE)
+            return 4;
+        /* Older certificates could have Netscape-specific CA types */
+        else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA)
+            return 5;
+        /* can this still be regarded a CA certificate?  I doubt it */
+        return 0;
+    }
 }
 int X509_check_ca(X509 *x)
 {
-	if(!(x->ex_flags & EXFLAG_SET)) {
-		x509v3_cache_extensions(x);
-	}
+    if (!(x->ex_flags & EXFLAG_SET)) {
+        x509v3_cache_extensions(x);
+    }
-	return check_ca(x);
+    return check_ca(x);
 }
 /* Check SSL CA: common checks for SSL client and server */
 static int check_ssl_ca(const X509 *x)
 {
-	int ca_ret;
-	ca_ret = check_ca(x);
-	if(!ca_ret) return 0;
-	/* check nsCertType if present */
-	if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret;
-	else return 0;
+    int ca_ret;
+    ca_ret = check_ca(x);
+    if (!ca_ret)
+        return 0;
+    /* check nsCertType if present */
+    if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA)
+        return ca_ret;
+    else
+        return 0;
 }
-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
 {
-	if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
-	if(ca) return check_ssl_ca(x);
-	/* We need to do digital signatures or key agreement */
-	if(ku_reject(x,KU_DIGITAL_SIGNATURE|KU_KEY_AGREEMENT)) return 0;
-	/* nsCertType if present should allow SSL client use */
-	if(ns_reject(x, NS_SSL_CLIENT)) return 0;
-	return 1;
+    if (xku_reject(x, XKU_SSL_CLIENT))
+        return 0;
+    if (ca)
+        return check_ssl_ca(x);
+    /* We need to do digital signatures or key agreement */
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))
+        return 0;
+    /* nsCertType if present should allow SSL client use */
+    if (ns_reject(x, NS_SSL_CLIENT))
+        return 0;
+    return 1;
 }
-/* Key usage needed for TLS/SSL server: digital signature, encipherment or
+/*
+ * Key usage needed for TLS/SSL server: digital signature, encipherment or
  * key agreement. The ssl code can check this more thoroughly for individual
  * key types.
  */
 #define KU_TLS \
-	KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT
+        KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT
-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
 {
-	if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
-	if(ca) return check_ssl_ca(x);
+    if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC))
+        return 0;
+    if (ca)
+        return check_ssl_ca(x);
-	if(ns_reject(x, NS_SSL_SERVER)) return 0;
-	if(ku_reject(x, KU_TLS)) return 0;
-	return 1;
+    if (ns_reject(x, NS_SSL_SERVER))
+        return 0;
+    if (ku_reject(x, KU_TLS))
+        return 0;
+    return 1;
 }
-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca)
 {
-	int ret;
-	ret = check_purpose_ssl_server(xp, x, ca);
-	if(!ret || ca) return ret;
-	/* We need to encipher or Netscape complains */
-	if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
-	return ret;
+    int ret;
+    ret = check_purpose_ssl_server(xp, x, ca);
+    if (!ret || ca)
+        return ret;
+    /* We need to encipher or Netscape complains */
+    if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+        return 0;
+    return ret;
 }
 /* common S/MIME checks */
 static int purpose_smime(const X509 *x, int ca)
 {
-	if(xku_reject(x,XKU_SMIME)) return 0;
-	if(ca) {
-		int ca_ret;
-		ca_ret = check_ca(x);
-		if(!ca_ret) return 0;
-		/* check nsCertType if present */
-		if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret;
-		else return 0;
-	}
-	if(x->ex_flags & EXFLAG_NSCERT) {
-		if(x->ex_nscert & NS_SMIME) return 1;
-		/* Workaround for some buggy certificates */
-		if(x->ex_nscert & NS_SSL_CLIENT) return 2;
-		return 0;
-	}
-	return 1;
+    if (xku_reject(x, XKU_SMIME))
+        return 0;
+    if (ca) {
+        int ca_ret;
+        ca_ret = check_ca(x);
+        if (!ca_ret)
+            return 0;
+        /* check nsCertType if present */
+        if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA)
+            return ca_ret;
+        else
+            return 0;
+    }
+    if (x->ex_flags & EXFLAG_NSCERT) {
+        if (x->ex_nscert & NS_SMIME)
+            return 1;
+        /* Workaround for some buggy certificates */
+        if (x->ex_nscert & NS_SSL_CLIENT)
+            return 2;
+        return 0;
+    }
+    return 1;
 }
-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
 {
-	int ret;
-	ret = purpose_smime(x, ca);
-	if(!ret || ca) return ret;
-	if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
-	return ret;
+    int ret;
+    ret = purpose_smime(x, ca);
+    if (!ret || ca)
+        return ret;
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))
+        return 0;
+    return ret;
 }
-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca)
 {
-	int ret;
-	ret = purpose_smime(x, ca);
-	if(!ret || ca) return ret;
-	if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
-	return ret;
+    int ret;
+    ret = purpose_smime(x, ca);
+    if (!ret || ca)
+        return ret;
+    if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+        return 0;
+    return ret;
 }
-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+                                  int ca)
 {
-	if(ca) {
-		int ca_ret;
-		if((ca_ret = check_ca(x)) != 2) return ca_ret;
-		else return 0;
-	}
-	if(ku_reject(x, KU_CRL_SIGN)) return 0;
-	return 1;
+    if (ca) {
+        int ca_ret;
+        if ((ca_ret = check_ca(x)) != 2)
+            return ca_ret;
+        else
+            return 0;
+    }
+    if (ku_reject(x, KU_CRL_SIGN))
+        return 0;
+    return 1;
 }
-/* OCSP helper: this is *not* a full OCSP check. It just checks that
- * each CA is valid. Additional checks must be made on the chain.
+/*
+ * OCSP helper: this is *not* a full OCSP check. It just checks that each CA
+ * is valid. Additional checks must be made on the chain.
  */
 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
-	/* Must be a valid CA.  Should we really support the "I don't know"
-	   value (2)? */
-	if(ca) return check_ca(x);
-	/* leaf certificate is checked in OCSP_verify() */
-	return 1;
+    /*
+     * Must be a valid CA.  Should we really support the "I don't know" value
+     * (2)?
+     */
+    if (ca)
+        return check_ca(x);
+    /* leaf certificate is checked in OCSP_verify() */
+    return 1;
 }
 static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
-					int ca)
+                                        int ca)
 {
-	int i_ext;
-	/* If ca is true we must return if this is a valid CA certificate. */
-	if (ca) return check_ca(x);
-	/*
-	 * Check the optional key usage field:
-	 * if Key Usage is present, it must be one of digitalSignature
-	 * and/or nonRepudiation (other values are not consistent and shall
-	 * be rejected).
-	 */
-	if ((x->ex_flags & EXFLAG_KUSAGE)
-	    && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
-		!(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
-		return 0;
-	/* Only time stamp key usage is permitted and it's required. */
-	if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
-		return 0;
-	/* Extended Key Usage MUST be critical */
-	i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
-	if (i_ext >= 0)
-		{
-		X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
-		if (!X509_EXTENSION_get_critical(ext))
-			return 0;
-		}
-	return 1;
+    int i_ext;
+    /* If ca is true we must return if this is a valid CA certificate. */
+    if (ca)
+        return check_ca(x);
+    /*
+     * Check the optional key usage field:
+     * if Key Usage is present, it must be one of digitalSignature
+     * and/or nonRepudiation (other values are not consistent and shall
+     * be rejected).
+     */
+    if ((x->ex_flags & EXFLAG_KUSAGE)
+        && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
+            !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
+        return 0;
+    /* Only time stamp key usage is permitted and it's required. */
+    if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
+        return 0;
+    /* Extended Key Usage MUST be critical */
+    i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
+    if (i_ext >= 0) {
+        X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
+        if (!X509_EXTENSION_get_critical(ext))
+            return 0;
+    }
+    return 1;
 }
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
-	return 1;
+    return 1;
 }
-/* Various checks to see if one certificate issued the second.
- * This can be used to prune a set of possible issuer certificates
- * which have been looked up using some simple method such as by
- * subject name.
- * These are:
- * 1. Check issuer_name(subject) == subject_name(issuer)
- * 2. If akid(subject) exists check it matches issuer
- * 3. If key_usage(issuer) exists check it supports certificate signing
- * returns 0 for OK, positive for reason for mismatch, reasons match
- * codes for X509_verify_cert()
+/*
+ * Various checks to see if one certificate issued the second. This can be
+ * used to prune a set of possible issuer certificates which have been looked
+ * up using some simple method such as by subject name. These are: 1. Check
+ * issuer_name(subject) == subject_name(issuer) 2. If akid(subject) exists
+ * check it matches issuer 3. If key_usage(issuer) exists check it supports
+ * certificate signing returns 0 for OK, positive for reason for mismatch,
+ * reasons match codes for X509_verify_cert()
  */
 int X509_check_issued(X509 *issuer, X509 *subject)
 {
-	if(X509_NAME_cmp(X509_get_subject_name(issuer),
-			X509_get_issuer_name(subject)))
-				return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
-	x509v3_cache_extensions(issuer);
-	x509v3_cache_extensions(subject);
-	if(subject->akid)
-		{
-		int ret = X509_check_akid(issuer, subject->akid);
-		if (ret != X509_V_OK)
-			return ret;
-		}
-	if(subject->ex_flags & EXFLAG_PROXY)
-		{
-		if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
-			return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
-		}
-	else if(ku_reject(issuer, KU_KEY_CERT_SIGN))
-		return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
-	return X509_V_OK;
+    if (X509_NAME_cmp(X509_get_subject_name(issuer),
+                      X509_get_issuer_name(subject)))
+        return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+    x509v3_cache_extensions(issuer);
+    x509v3_cache_extensions(subject);
+    if (subject->akid) {
+        int ret = X509_check_akid(issuer, subject->akid);
+        if (ret != X509_V_OK)
+            return ret;
+    }
+    if (subject->ex_flags & EXFLAG_PROXY) {
+        if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
+            return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
+    } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
+        return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+    return X509_V_OK;
 }
 int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
-	{
-	if(!akid)
-		return X509_V_OK;
-	/* Check key ids (if present) */
-	if(akid->keyid && issuer->skid &&
-		 ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid) )
-				return X509_V_ERR_AKID_SKID_MISMATCH;
-	/* Check serial number */
-	if(akid->serial &&
-		ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
-				return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-	/* Check issuer name */
-	if(akid->issuer)
-		{
-		/* Ugh, for some peculiar reason AKID includes
-		 * SEQUENCE OF GeneralName. So look for a DirName.
-		 * There may be more than one but we only take any
-		 * notice of the first.
-		 */
-		GENERAL_NAMES *gens;
-		GENERAL_NAME *gen;
-		X509_NAME *nm = NULL;
-		size_t i;
-		gens = akid->issuer;
-		for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
-			{
-			gen = sk_GENERAL_NAME_value(gens, i);
-			if(gen->type == GEN_DIRNAME)
-				{
-				nm = gen->d.dirn;
-				break;
-				}
-			}
-		if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
-			return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-		}
-	return X509_V_OK;
-	}
+{
+    if (!akid)
+        return X509_V_OK;
+    /* Check key ids (if present) */
+    if (akid->keyid && issuer->skid &&
+        ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))
+        return X509_V_ERR_AKID_SKID_MISMATCH;
+    /* Check serial number */
+    if (akid->serial &&
+        ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
+        return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+    /* Check issuer name */
+    if (akid->issuer) {
+        /*
+         * Ugh, for some peculiar reason AKID includes SEQUENCE OF
+         * GeneralName. So look for a DirName. There may be more than one but
+         * we only take any notice of the first.
+         */
+        GENERAL_NAMES *gens;
+        GENERAL_NAME *gen;
+        X509_NAME *nm = NULL;
+        size_t i;
+        gens = akid->issuer;
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            gen = sk_GENERAL_NAME_value(gens, i);
+            if (gen->type == GEN_DIRNAME) {
+                nm = gen->d.dirn;
+                break;
+            }
+        }
+        if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+            return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+    }
+    return X509_V_OK;
+}