int verify_callback(int ok, X509_STORE_CTX *ctx)
{
char buf[256];
X509 *err_cert;
int err,depth;
err_cert=X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
if (!ok)
{
BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
X509_verify_cert_error_string(err));
if (depth < 6)
{
ok=1;
X509_STORE_CTX_set_error(ctx,X509_V_OK);
}
else
{
ok=0;
X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
}
}
switch (ctx->error)
{
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
BIO_printf(bio_err,"issuer= %s\n",buf);
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
BIO_printf(bio_err,"notBefore=");
ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
BIO_printf(bio_err,"\n");
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
BIO_printf(bio_err,"notAfter=");
ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
BIO_printf(bio_err,"\n");
break;
}
BIO_printf(bio_err,"verify return:%d\n",ok);
return(ok);
}
int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
{
if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
if(tm->type == V_ASN1_GENERALIZEDTIME)
return ASN1_GENERALIZEDTIME_print(bp, tm);
BIO_write(bp,"Bad time value",14);
return(0);
}
/* Print the time from a ASN1_UTCTIME object in standard format i.e.
* Nov 21 23:59:00 1996 GMT and store it in a nmalloc'd buffer.
* The ASN1_UTCTIME structure is what's used for example with
* certificate validity dates.
*
* You need to nfree() the returned pointer.
*/
static char *ssl_printtime(ASN1_UTCTIME *t)
{
int len;
char *data, *buf;
BIO *bio = BIO_new(BIO_s_mem());
ASN1_UTCTIME_print(bio, t);
len = BIO_get_mem_data(bio, &data) + 1;
buf = nmalloc(len);
strncpyz(buf, data, len);
BIO_free(bio);
return buf;
}
static PyObject *
time_to_string (ASN1_UTCTIME *time)
{
BIO *bio = BIO_new (BIO_s_mem ());
ASN1_UTCTIME_print (bio, time);
size_t size = BIO_ctrl_pending (bio);
char *buf = malloc (sizeof (char) * size);
BIO_read (bio, buf, size);
BIO_free (bio);
PyObject *time_str = PyString_FromStringAndSize (buf, size);
free (buf);
return time_str;
}
static char *get_cert_valid(ASN1_UTCTIME *tm)
{
char *result;
BIO* bio;
int n;
if ((bio = BIO_new(BIO_s_mem())) == NULL)
return NULL;
ASN1_UTCTIME_print(bio, tm);
n = BIO_pending(bio);
result = malloc(n+1);
n = BIO_read(bio, result, n);
result[n] = '\0';
BIO_free(bio);
return result;
}
inline void utctime::print(bio::bio_ptr bio) const
{
throw_error_if_not(ASN1_UTCTIME_print(bio.raw(), ptr().get()) != 0);
}
void
output_cert_info(X509 *cert, gf_io_t pc)
{
char buf[256];
STORE_S *left,*right;
gf_io_t spc;
int len;
left = so_get(CharStar, NULL, EDIT_ACCESS);
right = so_get(CharStar, NULL, EDIT_ACCESS);
if(!(left && right))
return;
gf_set_so_writec(&spc, left);
if(!cert->cert_info){
gf_puts("Couldn't find certificate info.", spc);
gf_puts(NEWLINE, spc);
}
else{
gf_puts_uline("Subject (whose certificate it is)", spc);
gf_puts(NEWLINE, spc);
output_X509_NAME(cert->cert_info->subject, spc);
gf_puts(NEWLINE, spc);
gf_puts_uline("Serial Number", spc);
gf_puts(NEWLINE, spc);
snprintf(buf, sizeof(buf), "%ld", ASN1_INTEGER_get(cert->cert_info->serialNumber));
gf_puts(buf, spc);
gf_puts(NEWLINE, spc);
gf_puts(NEWLINE, spc);
gf_puts_uline("Validity", spc);
gf_puts(NEWLINE, spc);
{
BIO *mb = BIO_new(BIO_s_mem());
char iobuf[4096];
gf_puts("Not Before: ", spc);
(void) BIO_reset(mb);
ASN1_UTCTIME_print(mb, cert->cert_info->validity->notBefore);
(void) BIO_flush(mb);
while((len = BIO_read(mb, iobuf, sizeof(iobuf))) > 0)
gf_nputs(iobuf, len, spc);
gf_puts(NEWLINE, spc);
gf_puts("Not After: ", spc);
(void) BIO_reset(mb);
ASN1_UTCTIME_print(mb, cert->cert_info->validity->notAfter);
(void) BIO_flush(mb);
while((len = BIO_read(mb, iobuf, sizeof(iobuf))) > 0)
gf_nputs(iobuf, len, spc);
gf_puts(NEWLINE, spc);
gf_puts(NEWLINE, spc);
BIO_free(mb);
}
}
gf_clear_so_writec(left);
gf_set_so_writec(&spc, right);
if(!cert->cert_info){
gf_puts(_("Couldn't find certificate info."), spc);
gf_puts(NEWLINE, spc);
}
else{
gf_puts_uline("Issuer", spc);
gf_puts(NEWLINE, spc);
output_X509_NAME(cert->cert_info->issuer, spc);
gf_puts(NEWLINE, spc);
}
gf_clear_so_writec(right);
side_by_side(left, right, pc);
gf_puts_uline("SHA1 Fingerprint", pc);
gf_puts(NEWLINE, pc);
get_fingerprint(cert, EVP_sha1(), buf, sizeof(buf));
gf_puts(buf, pc);
gf_puts(NEWLINE, pc);
gf_puts_uline("MD5 Fingerprint", pc);
gf_puts(NEWLINE, pc);
get_fingerprint(cert, EVP_md5(), buf, sizeof(buf));
gf_puts(buf, pc);
gf_puts(NEWLINE, pc);
so_give(&left);
so_give(&right);
}
