bool X509Certificate_OpenSSL::checkIssuer(ref <const X509Certificate> cert_) const { ref <const X509Certificate_OpenSSL> cert = cert_.dynamicCast <const X509Certificate_OpenSSL>(); // Get issuer for this cert BIO *out; unsigned char *issuer; out = BIO_new(BIO_s_mem()); X509_NAME_print_ex(out, X509_get_issuer_name(m_data->cert), 0, XN_FLAG_RFC2253); int n = BIO_get_mem_data(out, &issuer); vmime::string thisIssuerName((char*)issuer, n); BIO_free(out); // Get subject of issuer unsigned char *subject; out = BIO_new(BIO_s_mem()); X509_NAME_print_ex(out, X509_get_subject_name(cert->m_data->cert), 0, XN_FLAG_RFC2253); n = BIO_get_mem_data(out, &subject); vmime::string subjOfIssuer((char*)subject, n); BIO_free(out); return subjOfIssuer == thisIssuerName; }
int verify_callback(int ok, X509_STORE_CTX * ctx) { X509 *err_cert; int err, depth; err_cert = X509_STORE_CTX_get_current_cert(ctx); err = X509_STORE_CTX_get_error(ctx); depth = X509_STORE_CTX_get_error_depth(ctx); BIO_printf(bio_err, "depth=%d ", depth); if (err_cert) { X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 0, XN_FLAG_ONELINE); BIO_puts(bio_err, "\n"); } else BIO_puts(bio_err, "<no cert>\n"); if (!ok) { BIO_printf(bio_err, "verify error:num=%d:%s\n", err, X509_verify_cert_error_string(err)); if (verify_depth >= depth) { if (!verify_return_error) ok = 1; verify_error = X509_V_OK; } else { ok = 0; verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG; } } switch (err) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: BIO_puts(bio_err, "issuer= "); X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE); BIO_puts(bio_err, "\n"); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: BIO_printf(bio_err, "notBefore="); ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); BIO_printf(bio_err, "\n"); break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: BIO_printf(bio_err, "notAfter="); ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); BIO_printf(bio_err, "\n"); break; case X509_V_ERR_NO_EXPLICIT_POLICY: policies_print(bio_err, ctx); break; } if (err == X509_V_OK && ok == 2) policies_print(bio_err, ctx); BIO_printf(bio_err, "verify return:%d\n", ok); return (ok); }
/* Appends information about an issued certificate to the index file. */ int add_to_index(X509 *cert) { FILE *fp = NULL; BIO *bio = NULL; X509_NAME *subject = X509_get_subject_name(cert); long serial = ASN1_INTEGER_get(X509_get_serialNumber(cert)); fp = fopen(CA_PATH(caIni.indexFile), "a"); if (fp != NULL) { bio = BIO_new_fp(fp, BIO_CLOSE); /* Write serial */ BIO_printf(bio, "%ld\t", serial); /* Write notBefore time */ ASN1_TIME_print(bio, X509_get_notBefore(cert)); BIO_printf(bio, "\t"); /* Write subject */ X509_NAME_print_ex(bio, subject, 0, 0); BIO_printf(bio, "\n"); BIO_free(bio); /* Closes fp too */ return 1; } return 0; }
static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) { int i; OCSP_SERVICELOC *a = in; ACCESS_DESCRIPTION *ad; if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err; if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err; for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) goto err; if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err; if (BIO_puts(bp, " - ") <= 0) goto err; if (GENERAL_NAME_print(bp, ad->location) <= 0) goto err; } return 1; err: return 0; }
/** * Converts X509_NAME struct to string. * * @param name X509_NAME struct that is converted to string. * @return converted value of X509_NAME. * @throws IOException throws exception if conversion failed. */ std::string digidoc::X509Cert::toString(X509_NAME* name) throw(IOException) { BIO* mem = BIO_new(BIO_s_mem()); BIO_scope memScope(&mem); if(mem == NULL) { THROW_IOEXCEPTION("Failed to allocate memory for X509_NAME conversion: %s", ERR_reason_error_string(ERR_get_error())); } // Convert the X509_NAME struct to string. if(X509_NAME_print_ex(mem, name, 0, XN_FLAG_RFC2253) < 0) { THROW_IOEXCEPTION("Failed to convert X509_NAME struct to string: %s", ERR_reason_error_string(ERR_get_error())); } // Read the converted string from buffer. char buf[128]; int bytesRead; std::string str; while((bytesRead = BIO_gets(mem, &buf[0], sizeof(buf))) > 0) { str.append(buf); } return str; }
static char *ssl_var_lookup_ssl_cert_dn_oneline(apr_pool_t *p, request_rec *r, X509_NAME *xsname) { char *result = NULL; SSLDirConfigRec *dc; int legacy_format = 0; if (r) { dc = myDirConfig(r); legacy_format = dc->nOptions & SSL_OPT_LEGACYDNFORMAT; } if (legacy_format) { char *cp = X509_NAME_oneline(xsname, NULL, 0); result = apr_pstrdup(p, cp); OPENSSL_free(cp); } else { BIO* bio; int n; unsigned long flags = XN_FLAG_RFC2253 & ~ASN1_STRFLGS_ESC_MSB; if ((bio = BIO_new(BIO_s_mem())) == NULL) return NULL; X509_NAME_print_ex(bio, xsname, 0, flags); n = BIO_pending(bio); if (n > 0) { result = apr_palloc(p, n+1); n = BIO_read(bio, result, n); result[n] = NUL; } BIO_free(bio); } return result; }
/* * convert an X509_NAME to an RFC 2253 formatted string, optionally truncated * to maxlen characters (specify a maxlen of 0 for no length limit) */ char *modssl_X509_NAME_to_string(apr_pool_t *p, X509_NAME *dn, int maxlen) { char *result = NULL; BIO *bio; int len; if ((bio = BIO_new(BIO_s_mem())) == NULL) return NULL; X509_NAME_print_ex(bio, dn, 0, XN_FLAG_RFC2253); len = BIO_pending(bio); if (len > 0) { result = apr_palloc(p, (maxlen > 0) ? maxlen+1 : len+1); if (maxlen > 0 && maxlen < len) { len = BIO_read(bio, result, maxlen); if (maxlen > 2) { /* insert trailing ellipsis if there's enough space */ apr_snprintf(result + maxlen - 3, 4, "..."); } } else { len = BIO_read(bio, result, len); } result[len] = NUL; } BIO_free(bio); return result; }
static char* GetSubjectFromCertificate_X509_NAME_print_ex(X509 *cert) { X509_NAME *subject; char *ret = NULL; BIO *out = NULL; BUF_MEM *buf; unsigned long flags = XN_FLAG_ONELINE; if ((subject = X509_get_subject_name(cert)) == NULL){ return NULL; } if ((out = BIO_new(BIO_s_mem())) == NULL){ SSL_Error(_d("BIO_new failure:\n %s\n"), GetSSLErrorString()); goto err; } if (!X509_NAME_print_ex(out, subject, 0, flags)){ SSL_Error(_d("X509_NAME_print_ex failure:\n %s\n"),GetSSLErrorString()); goto err; } BIO_write(out, "\0", 1); BIO_get_mem_ptr(out, &buf); if ((ret = xmalloc(buf->length)) == NULL){ goto err; } memcpy(ret, buf->data, buf->length); err: BIO_free(out); return ret; }
void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert) { X509 *x; unsigned char *p; unsigned long flags = ctx->dump_flags; if (flags & CAPI_DMP_FNAME) { char *fname; fname = capi_cert_get_fname(ctx, cert); if (fname) { BIO_printf(out, " Friendly Name \"%s\"\n", fname); OPENSSL_free(fname); } else BIO_printf(out, " <No Friendly Name>\n"); } p = cert->pbCertEncoded; x = d2i_X509(NULL, &p, cert->cbCertEncoded); if (!x) BIO_printf(out, " <Can't parse certificate>\n"); if (flags & CAPI_DMP_SUMMARY) { BIO_printf(out, " Subject: "); X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE); BIO_printf(out, "\n Issuer: "); X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE); BIO_printf(out, "\n"); } if (flags & CAPI_DMP_FULL) X509_print_ex(out, x, XN_FLAG_ONELINE,0); if (flags & CAPI_DMP_PKEYINFO) { CRYPT_KEY_PROV_INFO *pinfo; pinfo = capi_get_prov_info(ctx, cert); capi_dump_prov_info(ctx, out, pinfo); if (pinfo) OPENSSL_free(pinfo); } if (flags & CAPI_DMP_PEM) PEM_write_bio_X509(out, x); X509_free(x); }
DWORD DirCliGetX509Name( X509_NAME *pCertName, DWORD dwFlags, PSTR* ppszSubjectDN ) { DWORD dwError = 0; size_t len = 0; BIO* pBioMem = NULL; PSTR pszSubjectName = NULL; pBioMem = BIO_new(BIO_s_mem()); if (!pBioMem) { dwError = ERROR_OUTOFMEMORY; BAIL_ON_VMAFD_ERROR(dwError); } X509_NAME_print_ex(pBioMem, pCertName, 0, dwFlags); len = BIO_pending(pBioMem); if (len <= 0) { dwError = ERROR_INVALID_DATA; BAIL_ON_VMAFD_ERROR(dwError); } dwError = VmAfdAllocateMemory(len + 1, (PVOID*)&pszSubjectName); BAIL_ON_VMAFD_ERROR(dwError); if (BIO_read(pBioMem, pszSubjectName, len) != len) { dwError = ERROR_INVALID_STATE; BAIL_ON_VMAFD_ERROR(dwError); } *ppszSubjectDN = pszSubjectName; cleanup: if (pBioMem) { BIO_free(pBioMem); } return dwError; error: *ppszSubjectDN = NULL; goto cleanup; }
int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag) { STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; const X509_ALGOR *sig_alg; const ASN1_BIT_STRING *sig; long l; int i; BIO_printf(out, "Certificate Revocation List (CRL):\n"); l = X509_CRL_get_version(x); if (l >= 0 && l <= 1) BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l); else BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l); X509_CRL_get0_signature(x, &sig, &sig_alg); BIO_puts(out, " "); X509_signature_print(out, sig_alg, NULL); BIO_printf(out, "%8sIssuer: ", ""); X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag); BIO_puts(out, "\n"); BIO_printf(out, "%8sLast Update: ", ""); ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x)); BIO_printf(out, "\n%8sNext Update: ", ""); if (X509_CRL_get0_nextUpdate(x)) ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x)); else BIO_printf(out, "NONE"); BIO_printf(out, "\n"); X509V3_extensions_print(out, "CRL extensions", X509_CRL_get0_extensions(x), 0, 8); rev = X509_CRL_get_REVOKED(x); if (sk_X509_REVOKED_num(rev) > 0) BIO_printf(out, "Revoked Certificates:\n"); else BIO_printf(out, "No Revoked Certificates.\n"); for (i = 0; i < sk_X509_REVOKED_num(rev); i++) { r = sk_X509_REVOKED_value(rev, i); BIO_printf(out, " Serial Number: "); i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r)); BIO_printf(out, "\n Revocation Date: "); ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r)); BIO_printf(out, "\n"); X509V3_extensions_print(out, "CRL entry extensions", X509_REVOKED_get0_extensions(r), 0, 8); } X509_signature_print(out, sig_alg, sig); return 1; }
// generate a single string containing the subject or issuer // name of the cert. std::string cert_string_name_from_X509_NAME(X509_NAME* name) { char * name_bio_chars = NULL; // get a memory bio BIO *name_bio = BIO_new(BIO_s_mem()); // stream the name into the bio. The name will be in the 'short name' format X509_NAME_print_ex(name_bio, name, 0, XN_FLAG_RFC2253); int length = BIO_get_mem_data(name_bio, &name_bio_chars); std::string result = std::string(name_bio_chars, length); BIO_free(name_bio); return result; }
void tls_x509_format_dn(X509_NAME *name, GString *dn) { BIO *bio; gchar *buf; long len; bio = BIO_new(BIO_s_mem()); X509_NAME_print_ex(bio, name, 0, ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_UTF8_CONVERT | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_DN_REV); len = BIO_get_mem_data(bio, &buf); g_string_assign_len(dn, buf, len); BIO_free(bio); }
const string X509Certificate_OpenSSL::getIssuerString() const { // Get issuer for this cert BIO* out = BIO_new(BIO_s_mem()); X509_NAME_print_ex(out, X509_get_issuer_name(m_data->cert), 0, XN_FLAG_RFC2253); unsigned char* issuer; const long n = BIO_get_mem_data(out, &issuer); vmime::string name(reinterpret_cast <char*>(issuer), n); BIO_free(out); return name; }
static int openssl_xname_print(lua_State*L) { X509_NAME* xname = CHECK_OBJECT(1, X509_NAME, "openssl.x509_name"); BIO* bio = load_bio_object(L, 2); int indent = luaL_optint(L, 3, 0); unsigned long flags = luaL_optinteger(L, 4, 0); int ret = X509_NAME_print_ex(bio, xname, indent, flags); BIO_free(bio); if (ret == 1) lua_pushboolean(L, 1); else return openssl_pushresult(L, ret); return 1; };
/* Extract a human readable version of a X509_NAME and put the result * into a nmalloc'd buffer. * The X509_NAME structure is used for example in certificate subject * and issuer names. * * You need to nfree() the returned pointer. */ static char *ssl_printname(X509_NAME *name) { int len; char *data, *buf; BIO *bio = BIO_new(BIO_s_mem()); /* X509_NAME_oneline() is easier and shorter, but is deprecated and the manual discourages it's usage, so let's not be lazy ;) */ X509_NAME_print_ex(bio, name, 0, XN_FLAG_ONELINE & ~XN_FLAG_SPC_EQ); len = BIO_get_mem_data(bio, &data) + 1; buf = nmalloc(len); strncpyz(buf, data, len); BIO_free(bio); return buf; }
char * _mongoc_ssl_extract_subject (const char *filename) { X509_NAME *subject = NULL; X509 *cert = NULL; BIO *certbio = NULL; BIO *strbio = NULL; char *str = NULL; int ret; if (!filename) { return NULL; } certbio = BIO_new (BIO_s_file ()); strbio = BIO_new (BIO_s_mem ());; BSON_ASSERT (certbio); BSON_ASSERT (strbio); BIO_read_filename (certbio, filename); if ((cert = PEM_read_bio_X509 (certbio, NULL, 0, NULL))) { if ((subject = X509_get_subject_name (cert))) { ret = X509_NAME_print_ex (strbio, subject, 0, XN_FLAG_RFC2253); if ((ret > 0) && (ret < INT_MAX)) { str = bson_malloc (ret + 2); BIO_gets (strbio, str, ret + 1); str [ret] = '\0'; } } } if (cert) { X509_free (cert); } if (certbio) { BIO_free (certbio); } if (strbio) { BIO_free (strbio); } return str; }
// VERIFY int dummy_ssl_verify_callback(int ok, X509_STORE_CTX* store) { char buf[256]; X509* err_cert; err_cert = X509_STORE_CTX_get_current_cert(store); int err = X509_STORE_CTX_get_error(store); int depth = X509_STORE_CTX_get_error_depth(store); X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); BIO* outbio = BIO_new_fp(stdout, BIO_NOCLOSE); X509_NAME* cert_name = X509_get_subject_name(err_cert); X509_NAME_print_ex(outbio, cert_name, 0, XN_FLAG_MULTILINE); BIO_free_all(outbio); printf("\tssl_verify_callback(), ok: %d, error: %d, depth: %d, name: %s\n", ok, err, depth, buf); return 1; // We always return 1, so no verification actually }
char* crypto_print_name(X509_NAME* name) { char* buffer = NULL; BIO* outBIO = BIO_new(BIO_s_mem()); if (X509_NAME_print_ex(outBIO, name, 0, XN_FLAG_ONELINE) > 0) { unsigned long size = BIO_number_written(outBIO); buffer = xzalloc(size + 1); memset(buffer, 0, size + 1); BIO_read(outBIO, buffer, size); } BIO_free(outBIO); return buffer; }
static int openssl_verify_callback (int preverify_ok, X509_STORE_CTX * x509_ctx) { GstDtlsConnection *self; SSL *ssl; BIO *bio; gchar *pem = NULL; gboolean accepted = FALSE; ssl = X509_STORE_CTX_get_ex_data (x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx ()); self = SSL_get_ex_data (ssl, connection_ex_index); g_return_val_if_fail (GST_IS_DTLS_CONNECTION (self), FALSE); pem = _gst_dtls_x509_to_pem (X509_STORE_CTX_get0_cert (x509_ctx)); if (!pem) { GST_WARNING_OBJECT (self, "failed to convert received certificate to pem format"); } else { bio = BIO_new (BIO_s_mem ()); if (bio) { gchar buffer[2048]; gint len; len = X509_NAME_print_ex (bio, X509_get_subject_name (X509_STORE_CTX_get0_cert (x509_ctx)), 1, XN_FLAG_MULTILINE); BIO_read (bio, buffer, len); buffer[len] = '\0'; GST_DEBUG_OBJECT (self, "Peer certificate received:\n%s", buffer); BIO_free (bio); } else { GST_DEBUG_OBJECT (self, "failed to create certificate print membio"); } g_signal_emit (self, signals[SIGNAL_ON_PEER_CERTIFICATE], 0, pem, &accepted); g_free (pem); } return accepted; }
char * x509_get_subject (X509 *cert, struct gc_arena *gc) { BIO *subject_bio = NULL; BUF_MEM *subject_mem; char *subject = NULL; int maxlen = 0; /* * Generate the subject string in OpenSSL proprietary format, * when in --compat-names mode */ if (compat_flag (COMPAT_FLAG_QUERY | COMPAT_NAMES)) { subject = gc_malloc (256, false, gc); X509_NAME_oneline (X509_get_subject_name (cert), subject, 256); subject[255] = '\0'; return subject; } subject_bio = BIO_new (BIO_s_mem ()); if (subject_bio == NULL) goto err; X509_NAME_print_ex (subject_bio, X509_get_subject_name (cert), 0, XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN | ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_ESC_CTRL); if (BIO_eof (subject_bio)) goto err; BIO_get_mem_ptr (subject_bio, &subject_mem); maxlen = subject_mem->length + 1; subject = gc_malloc (maxlen, false, gc); memcpy (subject, subject_mem->data, maxlen); subject[maxlen - 1] = '\0'; err: if (subject_bio) BIO_free (subject_bio); return subject; }
char *dn_oneline(X509_NAME *xn) { BIO* bio; int n; char *result; unsigned long flags = XN_FLAG_RFC2253; if ((bio = BIO_new(BIO_s_mem())) == NULL) { return NULL; } X509_NAME_print_ex(bio, xn, 0, flags); n = BIO_pending(bio); result = (char *)malloc(sizeof(char *) * (n+1)); n = BIO_read(bio, result, n); result[n] = '\0'; BIO_free(bio); return result; }
const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl0) { pni_ssl_t *ssl = get_ssl_internal(ssl0); if (!ssl || !ssl->ssl) return NULL; if (!ssl->subject) { X509 *cert = SSL_get_peer_certificate(ssl->ssl); if (!cert) return NULL; X509_NAME *subject = X509_get_subject_name(cert); if (!subject) return NULL; BIO *out = BIO_new(BIO_s_mem()); X509_NAME_print_ex(out, subject, 0, XN_FLAG_RFC2253); int len = BIO_number_written(out); ssl->subject = (char*) malloc(len+1); ssl->subject[len] = 0; BIO_read(out, ssl->subject, len); BIO_free(out); } return ssl->subject; }
static char *_get_rfc2253_formatted (X509_NAME *name) { int len; char *out = NULL; BIO* b; if ((b = BIO_new (BIO_s_mem ()))) { if (X509_NAME_print_ex (b, name, 0, XN_FLAG_RFC2253) >= 0 && (len = BIO_number_written (b)) > 0) { out = xmalloc (len + 1); BIO_read (b, out, len); out[len] = 0; } BIO_free (b); } return out ? out : xstrdup(""); }
/* * Trivial utility function to extract the string * value of the subject name from a cert. */ static void extract_sub_name (X509 *cert, char *name, int len) { X509_NAME *subject_nm; BIO *out; BUF_MEM *bm; subject_nm = X509_get_subject_name(cert); out = BIO_new(BIO_s_mem()); X509_NAME_print_ex(out, subject_nm, 0, XN_FLAG_SEP_SPLUS_SPC); BIO_get_mem_ptr(out, &bm); strncpy(name, bm->data, len); if (bm->length < len) { name[bm->length] = 0; } else { name[len] = 0; } BIO_free(out); }
static bool test_name(const char *name, const char *expected) { char buf[1024]; BIO *bio; const char none[] = {0}; X509_NAME *parsed = parse_name(name); if(parsed == NULL) { return false; } bio = BIO_new(BIO_s_mem()); X509_NAME_print_ex(bio, parsed, 0, XN_FLAG_ONELINE); BIO_write(bio, none, 1); BIO_read(bio, buf, 1024); BIO_free(bio); X509_NAME_free(parsed); if(strcmp(buf, expected) != 0) { fprintf(stderr, "Names not matching: '%s' != '%s'\n", expected, buf); return false; } return true; }
std::string getCertificateSubjectName(X509* cert) { std::string result; BIO* out = BIO_new(BIO_s_mem()); uassert(16884, "unable to allocate BIO memory", NULL != out); ON_BLOCK_EXIT(BIO_free, out); if (X509_NAME_print_ex(out, X509_get_subject_name(cert), 0, XN_FLAG_RFC2253) >= 0) { if (BIO_number_written(out) > 0) { result.resize(BIO_number_written(out)); BIO_read(out, &result[0], result.size()); } } else { log() << "failed to convert subject name to RFC2253 format" << endl; } return result; }
char *X509_NAME2text(X509_NAME *name) { char *text; BIO *bio; int n; bio=BIO_new(BIO_s_mem()); if(!bio) return str_dup("BIO_new() failed"); X509_NAME_print_ex(bio, name, 0, XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB & ~XN_FLAG_SPC_EQ); n=BIO_pending(bio); text=str_alloc((size_t)n+1); n=BIO_read(bio, text, n); if(n<0) { BIO_free(bio); str_free(text); return str_dup("BIO_read() failed"); } text[n]='\0'; BIO_free(bio); return text; }
/* Return the Subject of an X509 Certificate by wrapping the OpenSSL X509_get_subject_name() function. */ SEXP PKI_get_subject(SEXP sCert) { SEXP res; X509 *cert; BIO *mem = BIO_new(BIO_s_mem()); long len; char *txt = 0; PKI_init(); cert = retrieve_cert(sCert, ""); if (X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0, (XN_FLAG_ONELINE | ASN1_STRFLGS_UTF8_CONVERT) & ~ASN1_STRFLGS_ESC_MSB) < 0) { BIO_free(mem); Rf_error("X509_NAME_print_ex failed with %s", ERR_error_string(ERR_get_error(), NULL)); } len = BIO_get_mem_data(mem, &txt); if (len < 0) { BIO_free(mem); Rf_error("cannot get memory buffer, %s", ERR_error_string(ERR_get_error(), NULL)); } res = PROTECT(allocVector(STRSXP, 1)); SET_STRING_ELT(res, 0, mkCharLenCE(txt, len, CE_UTF8)); UNPROTECT(1); BIO_free(mem); return res; }
char * _openssl_get_subject (X509 *cert, char *buf, int size) { BIO *subject_bio = NULL; BUF_MEM *subject_mem; char *subject = buf; int maxlen = size; subject_bio = BIO_new (BIO_s_mem ()); if (subject_bio == NULL) goto err; X509_NAME_print_ex (subject_bio, X509_get_subject_name (cert), 0, XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN | ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_ESC_CTRL); if (BIO_eof (subject_bio)) goto err; BIO_get_mem_ptr (subject_bio, &subject_mem); if (subject == NULL) { maxlen = subject_mem->length + 1; subject = malloc (maxlen); check_malloc_return (subject); } memcpy (subject, subject_mem->data, maxlen); subject[maxlen - 1] = '\0'; err: if (subject_bio) BIO_free (subject_bio); return subject; }