| 1 |
forsberg |
429 |
/* Test of various x509 API calls in OpenSSL for later use with rdesktop */ |
| 2 |
|
|
|
| 3 |
|
|
#include <stdio.h> |
| 4 |
|
|
#include <openssl/x509v3.h> |
| 5 |
|
|
|
| 6 |
|
|
int |
| 7 |
|
|
main(int argc, char **argv) |
| 8 |
|
|
{ |
| 9 |
|
|
X509 *cacert, *cert; |
| 10 |
|
|
char *cacertfilename; |
| 11 |
|
|
char *certfilename; |
| 12 |
|
|
FILE *cacertfile; |
| 13 |
|
|
FILE *certfile; |
| 14 |
|
|
FILE *stdout_FILE; |
| 15 |
|
|
RSA *pubkey; |
| 16 |
|
|
EVP_PKEY *epk = NULL; |
| 17 |
|
|
int cert_type = 0; |
| 18 |
|
|
int certstatus = -1; |
| 19 |
|
|
|
| 20 |
|
|
X509_STORE *ctx = NULL; |
| 21 |
|
|
X509_STORE_CTX *csc; |
| 22 |
|
|
X509_LOOKUP *lookup = NULL; |
| 23 |
|
|
|
| 24 |
|
|
if (argc < 3) |
| 25 |
|
|
{ |
| 26 |
|
|
printf("Usage: %s <cacertfile> <certfile>\n", argv[0]); |
| 27 |
|
|
return 1; |
| 28 |
|
|
} |
| 29 |
|
|
|
| 30 |
|
|
cacertfilename = argv[1]; |
| 31 |
|
|
certfilename = argv[2]; |
| 32 |
|
|
|
| 33 |
|
|
cacertfile = fopen(cacertfilename, "r"); |
| 34 |
|
|
if (NULL == cacertfile) |
| 35 |
|
|
{ |
| 36 |
|
|
perror(cacertfilename); |
| 37 |
|
|
return 2; |
| 38 |
|
|
} |
| 39 |
|
|
certfile = fopen(certfilename, "r"); |
| 40 |
|
|
if (NULL == certfile) |
| 41 |
|
|
{ |
| 42 |
|
|
perror(certfilename); |
| 43 |
|
|
fclose(cacertfile); |
| 44 |
|
|
return 3; |
| 45 |
|
|
} |
| 46 |
|
|
|
| 47 |
|
|
cacert = d2i_X509_fp(cacertfile, NULL); |
| 48 |
|
|
if (NULL == cacert) |
| 49 |
|
|
{ |
| 50 |
|
|
printf("Failed to load %s into a X509 structure", cacertfilename); |
| 51 |
|
|
} |
| 52 |
|
|
|
| 53 |
|
|
cert = d2i_X509_fp(certfile, NULL); |
| 54 |
|
|
if (NULL == cert) |
| 55 |
|
|
{ |
| 56 |
|
|
printf("Failed to load %s into a X509 structure", certfilename); |
| 57 |
|
|
} |
| 58 |
|
|
|
| 59 |
|
|
ctx = X509_STORE_new(); |
| 60 |
|
|
|
| 61 |
|
|
// lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); |
| 62 |
|
|
// X509_LOOKUP_load_file(lookup,"w2k3cert_ca.pem",X509_FILETYPE_PEM); |
| 63 |
|
|
X509_STORE_add_cert(ctx, cacert); |
| 64 |
|
|
|
| 65 |
|
|
csc = X509_STORE_CTX_new(); |
| 66 |
|
|
X509_STORE_CTX_init(csc, ctx, cert, NULL); |
| 67 |
|
|
certstatus = X509_verify_cert(csc); |
| 68 |
|
|
|
| 69 |
|
|
|
| 70 |
|
|
printf("X509_verify_cert returns %d\n", certstatus); |
| 71 |
|
|
if (0 == certstatus) |
| 72 |
|
|
{ |
| 73 |
|
|
printf("X509_STORE_CTX_get_error returns %d\n", X509_STORE_CTX_get_error(csc)); |
| 74 |
|
|
X509_print_fp(stdout, X509_STORE_CTX_get_current_cert(csc)); |
| 75 |
|
|
} |
| 76 |
|
|
|
| 77 |
|
|
|
| 78 |
|
|
|
| 79 |
|
|
|
| 80 |
|
|
// Many thanks to Richard Levitte for the following (. intiutive .) lines of code. |
| 81 |
|
|
if (OBJ_obj2nid(cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption) |
| 82 |
|
|
{ |
| 83 |
|
|
printf("Re-setting algorithm type to RSA ($#ยค?=## Microsoft!)\n"); |
| 84 |
|
|
cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); |
| 85 |
|
|
} |
| 86 |
|
|
|
| 87 |
|
|
// X509_print_fp(stdout, cert); |
| 88 |
|
|
|
| 89 |
|
|
epk = X509_get_pubkey(cert); |
| 90 |
|
|
if (NULL == epk) |
| 91 |
|
|
{ |
| 92 |
|
|
printf("Failed to extract public key from X509 structure\n"); |
| 93 |
|
|
} |
| 94 |
|
|
|
| 95 |
|
|
if (EVP_PKEY_RSA == epk->type) |
| 96 |
|
|
{ |
| 97 |
|
|
printf("Type is probably RSA\n"); |
| 98 |
|
|
pubkey = (RSA *) epk->pkey.ptr; |
| 99 |
|
|
} |
| 100 |
|
|
|
| 101 |
|
|
|
| 102 |
|
|
cert_type = X509_certificate_type(cert, epk); |
| 103 |
|
|
|
| 104 |
|
|
printf("X509_certificate_type returned %d\n", cert_type); |
| 105 |
|
|
|
| 106 |
|
|
|
| 107 |
|
|
|
| 108 |
|
|
/* X509->cert_info->key->algor->algorithm is a ASN1_OBJECT */ |
| 109 |
|
|
|
| 110 |
|
|
return 0; |
| 111 |
|
|
|
| 112 |
|
|
} |
Parent Directory
| 
Revision Log