Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include<stdio.h>
- #include<openssl/x509.h>
- #include<openssl/err.h>
- #include<string.h>
- #include<openssl/pem.h>
- #include<openssl/bio.h>
- X509 * parse_cert(char * pem_cert)
- {
- X509 *cert=NULL;
- int inlen=strlen(pem_cert);
- unsigned char *der_cert = malloc(inlen);
- //printf("%s \n",pem_cert);
- BIO *bio_buf = BIO_new(BIO_s_mem());
- BIO_write(bio_buf,pem_cert,inlen);
- BIO *b64 = BIO_new(BIO_f_base64());
- BIO_push(b64,bio_buf);
- BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
- int len,total_len=0;
- unsigned char *der_cert_write=der_cert;
- while((len=BIO_read(b64,der_cert_write,inlen))>0)
- {
- //printf("%d byte read \n",len);
- total_len+=len;
- der_cert_write+=len;
- }
- printf("%d \n",total_len);
- cert = (X509 *) d2i_X509(NULL,&der_cert,total_len);
- if(!cert)
- {
- printf("Error: %s \n",ERR_error_string(ERR_get_error(),NULL));
- exit(255);
- }
- return cert;
- }
- int main(int argc,char **argv)
- {
- ERR_load_crypto_strings();
- X509 *cert,*end_entity;
- X509_STORE *store= X509_STORE_new();
- //if(X509_STORE_load_locations(store,"/etc/ssl/certs/ca-certificates.crt",NULL)!=1)
- // printf("error in loading certificate store \n");
- int i;
- end_entity = parse_cert(argv[1]);
- STACK_OF(X509) *stack = sk_X509_new_null();
- for(i=2;i<argc-1;i++)
- {
- cert=parse_cert(argv[i]);
- sk_X509_push(stack,cert);
- }
- cert=parse_cert(argv[argc-1]);
- if(!strcmp(X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0),X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0)))
- {
- X509_STORE_add_cert(store,cert);
- }
- else
- {
- sk_X509_push(stack,cert);
- }
- X509_STORE_CTX *ctx = X509_STORE_CTX_new();
- if(!ctx)
- printf("unable to create store ctx \n");
- if(X509_STORE_CTX_init(ctx,store,end_entity,stack)!=1)
- printf("unable to init ctx \n");
- //printf("%s \n",X509_NAME_oneline(X509_get_subject_name(end_entity),NULL,0));
- //printf("befre verify %x %x %x %x \n",ctx,store,end_entity,stack);
- X509_STORE_set_default_paths(store);
- int rc=X509_verify_cert(ctx);
- if(rc == 1)
- printf("ok \n");
- else
- printf("validation error %d %s at depth %d \n",rc,X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx)),X509_STORE_CTX_get_error_depth(ctx));
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement