API tools faq
paste
Advertisement
Kaidul

Frank4DD

Kaidul
Nov 19th, 2014
199
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 4.63 KB | None | 0 0
raw download clone embed print report
  1. /* ------------------------------------------------------------ *
  2.  * file:        certverify.c                                    *
  3.  * purpose:     Example code for OpenSSL certificate validation *
  4.  * author:      06/12/2012 Frank4DD                             *
  5.  *                                                              *
  6.  * gcc -lssl -lcrypto -o certverify certverify.c                *
  7.  * ------------------------------------------------------------ */
  8.  
  9. #include <openssl/bio.h>
  10. #include <openssl/err.h>
  11. #include <openssl/pem.h>
  12. #include <openssl/x509.h>
  13. #include <openssl/x509_vfy.h>
  14.  
  15. int main() {
  16.  
  17.   const char ca_bundlestr[] = "./ca-bundle.pem";
  18.   const char cert_filestr[] = "./cert-file.pem";
  19.  
  20.   BIO              *certbio = NULL;
  21.   BIO               *outbio = NULL;
  22.   X509          *error_cert = NULL;
  23.   X509                *cert = NULL;
  24.   X509_NAME    *certsubject = NULL;
  25.   X509_STORE         *store = NULL;
  26.   X509_STORE_CTX  *vrfy_ctx = NULL;
  27.   int ret;
  28.  
  29.   /* ---------------------------------------------------------- *
  30.    * These function calls initialize openssl for correct work.  *
  31.    * ---------------------------------------------------------- */
  32.   OpenSSL_add_all_algorithms();
  33.   ERR_load_BIO_strings();
  34.   ERR_load_crypto_strings();
  35.  
  36.   /* ---------------------------------------------------------- *
  37.    * Create the Input/Output BIO's.                             *
  38.    * ---------------------------------------------------------- */
  39.   certbio = BIO_new(BIO_s_file());
  40.   outbio = BIO_new_fp(stdout, BIO_NOCLOSE);
  41.  
  42.   /* ---------------------------------------------------------- *
  43.    * Initialize the global certificate validation store object. *
  44.    * ---------------------------------------------------------- */
  45.   if (!(store=X509_STORE_new()))
  46.      BIO_printf(outbio, "Error creating X509_STORE_CTX object\n");
  47.  
  48.   /* ---------------------------------------------------------- *
  49.    * Create the context structure for the validation operation. *
  50.    * ---------------------------------------------------------- */
  51.   vrfy_ctx = X509_STORE_CTX_new();
  52.  
  53.   /* ---------------------------------------------------------- *
  54.    * Load the certificate and cacert chain from file (PEM).     *
  55.    * ---------------------------------------------------------- */
  56.   ret = BIO_read_filename(certbio, cert_filestr);
  57.   if (! (cert = PEM_read_bio_X509(certbio, NULL, 0, NULL)))
  58.     BIO_printf(outbio, "Error loading cert into memory\n");
  59.  
  60.   ret = X509_STORE_load_locations(store, ca_bundlestr, NULL);
  61.   if (ret != 1)
  62.     BIO_printf(outbio, "Error loading CA cert or chain file\n");
  63.  
  64.    
  65.   X509_STORE_set_flags(store, 0);  
  66.   /* ---------------------------------------------------------- *
  67.    * Initialize the ctx structure for a verification operation: *
  68.    * Set the trusted cert store, the unvalidated cert, and any  *
  69.    * potential certs that could be needed (here we set it NULL) *
  70.    * ---------------------------------------------------------- */
  71.   X509_STORE_CTX_init(vrfy_ctx, store, cert, NULL);
  72.  
  73.   /* ---------------------------------------------------------- *
  74.    * Check the complete cert chain can be build and validated.  *
  75.    * Returns 1 on success, 0 on verification failures, and -1   *
  76.    * for trouble with the ctx object (i.e. missing certificate) *
  77.    * ---------------------------------------------------------- */
  78.   ret = X509_verify_cert(vrfy_ctx);
  79.   BIO_printf(outbio, "Verification return code: %d\n", ret);
  80.  
  81.   if(ret == 0 || ret == 1)
  82.   BIO_printf(outbio, "Verification result text: %s\n",
  83.              X509_verify_cert_error_string(vrfy_ctx->error));
  84.  
  85.   /* ---------------------------------------------------------- *
  86.    * The error handling below shows how to get failure details  *
  87.    * from the offending certificate.                            *
  88.    * ---------------------------------------------------------- */
  89.   if(ret == 0) {
  90.     /*  get the offending certificate causing the failure */
  91.     error_cert  = X509_STORE_CTX_get_current_cert(vrfy_ctx);
  92.     certsubject = X509_NAME_new();
  93.     certsubject = X509_get_subject_name(error_cert);
  94.     BIO_printf(outbio, "Verification failed cert:\n");
  95.     X509_NAME_print_ex(outbio, certsubject, 0, XN_FLAG_MULTILINE);
  96.     BIO_printf(outbio, "\n");
  97.   }
  98.  
  99.   /* ---------------------------------------------------------- *
  100.    * Free up all structures                                     *
  101.    * ---------------------------------------------------------- */
  102.  
  103.   X509_STORE_CTX_free(vrfy_ctx);
  104.   X509_STORE_free(store);
  105.   X509_free(cert);
  106.   BIO_free_all(certbio);
  107.   BIO_free_all(outbio);
  108.   exit(0);
  109. }
  110.  
  111. static int custom_callback2(void *ctx, void *arg) {
  112.    
  113. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!