daily pastebin goal
93%
SHARE
TWEET

OpenSSL Verify

a guest Feb 1st, 2016 93 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include<stdio.h>
  2. #include<openssl/x509.h>
  3. #include<openssl/err.h>
  4. #include<string.h>
  5. #include<openssl/pem.h>
  6. #include<openssl/bio.h>
  7.  
  8.  
  9. X509 * parse_cert(char * pem_cert)
  10. {
  11.         X509 *cert=NULL;
  12.         int inlen=strlen(pem_cert);
  13.         unsigned char *der_cert = malloc(inlen);
  14.         //printf("%s \n",pem_cert);
  15.         BIO *bio_buf = BIO_new(BIO_s_mem());
  16.         BIO_write(bio_buf,pem_cert,inlen);
  17.         BIO *b64 = BIO_new(BIO_f_base64());
  18.         BIO_push(b64,bio_buf);
  19.         BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
  20.         int len,total_len=0;
  21.         unsigned char *der_cert_write=der_cert;
  22.         while((len=BIO_read(b64,der_cert_write,inlen))>0)
  23.         {
  24.                 //printf("%d byte read \n",len);
  25.                 total_len+=len;
  26.                 der_cert_write+=len;
  27.         }
  28.         printf("%d \n",total_len);
  29.         cert = (X509 *) d2i_X509(NULL,&der_cert,total_len);
  30.         if(!cert)
  31.         {
  32.                 printf("Error: %s \n",ERR_error_string(ERR_get_error(),NULL));
  33.                 exit(255);
  34.         }
  35.         return cert;
  36. }
  37.  
  38. int main(int argc,char **argv)
  39. {
  40.         ERR_load_crypto_strings();
  41.         X509 *cert,*end_entity;
  42.         X509_STORE *store= X509_STORE_new();
  43.         //if(X509_STORE_load_locations(store,"/etc/ssl/certs/ca-certificates.crt",NULL)!=1)
  44.         //      printf("error in loading certificate store \n");
  45.         int i;
  46.         end_entity = parse_cert(argv[1]);
  47.         STACK_OF(X509) *stack = sk_X509_new_null();
  48.         for(i=2;i<argc-1;i++)
  49.         {
  50.                 cert=parse_cert(argv[i]);
  51.                 sk_X509_push(stack,cert);
  52.         }
  53.         cert=parse_cert(argv[argc-1]);
  54.         if(!strcmp(X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0),X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0)))
  55.         {
  56.                 X509_STORE_add_cert(store,cert);
  57.         }
  58.         else
  59.         {
  60.                 sk_X509_push(stack,cert);
  61.         }
  62.         X509_STORE_CTX *ctx = X509_STORE_CTX_new();
  63.         if(!ctx)
  64.                 printf("unable to create store ctx \n");
  65.         if(X509_STORE_CTX_init(ctx,store,end_entity,stack)!=1)
  66.                 printf("unable to init ctx \n");
  67.         //printf("%s \n",X509_NAME_oneline(X509_get_subject_name(end_entity),NULL,0));
  68.         //printf("befre verify %x %x %x %x \n",ctx,store,end_entity,stack);
  69.         X509_STORE_set_default_paths(store);
  70.         int rc=X509_verify_cert(ctx);
  71.         if(rc == 1)
  72.                 printf("ok \n");
  73.         else
  74.                 printf("validation error %d %s at depth %d \n",rc,X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx)),X509_STORE_CTX_get_error_depth(ctx));
  75. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top