all nested list searches are done on a chain of relevant certs, to keep complexity from reaching n^2
| 1382 | int act = aktcerttime(); |
| 1383 | cert *treechain = NULL; // all nested list searches are done on a chain of relevant certs, to keep complexity from reaching n^2 |
| 1384 | loopv(certs) // 1st run: cleanup, age, check if signed by root |
| 1385 | { |
| 1386 | cert *c = certs[i]; |
| 1387 | c->parent = c->next = NULL; |
| 1388 | c->rank = !memcmp(rootcert, c->signedby, 32) ? 1 : 0; |
| 1389 | c->superseded = false; |
| 1390 | c->days2expire = c->days2renew = 365; |
| 1391 | if(certtypeexpiration[c->type]) // age the certs |
| 1392 | { |
| 1393 | int age = act - c->signeddate; |
| 1394 | c->days2renew = certtypeexpiration[c->type] - age; |
| 1395 | c->days2expire = 3 * certtypeexpiration[c->type] - age; |
| 1396 | if(c->days2renew < 0) c->needsrenewal = true; |
| 1397 | if(c->days2expire < 0) { c->expired = true; c->isvalid = false; } |
| 1398 | } |
| 1399 | if(c->pubkey && certblacklist.access(*((uchar32*)c->pubkey))) |
| 1400 | { |
| 1401 | c->blacklisted = true; |
| 1402 | c->isvalid = false; |
| 1403 | } |
| 1404 | if(c->isvalid && c->rank) |
| 1405 | { |
| 1406 | c->next = treechain; |
| 1407 | treechain = c; |
| 1408 | } |
| 1409 | } |
| 1410 | marksuperseded(treechain); |
| 1411 | loopk(200) |
| 1412 | { |