int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) { ASN1_OBJECT *obj; obj=OBJ_nid2obj(nid); if (obj == NULL) return(-1); return(X509_NAME_get_text_by_OBJ(name,obj,buf,len)); }
void output_X509_NAME(X509_NAME *name, gf_io_t pc) { int i, c; char buf[256]; c = X509_NAME_entry_count(name); for(i=c-1; i>=0; i--){ X509_NAME_ENTRY *e; e = X509_NAME_get_entry(name,i); if(!e) continue; X509_NAME_get_text_by_OBJ(name, e->object, buf, sizeof(buf)); gf_puts(buf, pc); gf_puts(NEWLINE, pc); } }
/* Helper function to trace the signing cert to a trusted CA root * in the OpenSSL Trust Store. */ static int checkCertOpenSSL(const GTPublicationsFile *publications_file) { int res = GT_UNKNOWN_ERROR; unsigned char *cert_der = NULL; size_t cert_der_len; unsigned char *cert_tmp; X509 *cert = NULL; X509_STORE_CTX *store_ctx = NULL; X509_NAME *subj = NULL; ASN1_OBJECT *oid = NULL; char tmp_name[256]; int rc; res = GTPublicationsFile_getSigningCert(publications_file, &cert_der, &cert_der_len); if (res != GT_OK) { goto cleanup; } /* Note that d2i_X509() spoils the pointer to the buffer, use a temporary copy. */ cert_tmp = cert_der; cert = d2i_X509(NULL, (const unsigned char **) &cert_tmp, cert_der_len); if (cert == NULL) { res = GT_NOT_VALID_PUBLICATION; goto cleanup; } #ifdef MAGIC_EMAIL subj = X509_get_subject_name(cert); if (subj == NULL) { res = GT_CRYPTO_FAILURE; goto cleanup; } oid = OBJ_txt2obj("1.2.840.113549.1.9.1", 1); if (oid == NULL) { res = GT_OUT_OF_MEMORY; goto cleanup; } rc = X509_NAME_get_text_by_OBJ(subj, oid, tmp_name, sizeof(tmp_name)); if (rc < 0) { res = GT_INVALID_SIGNATURE; goto cleanup; } if (strcmp(tmp_name, MAGIC_EMAIL) != 0) { res = GT_INVALID_SIGNATURE; goto cleanup; } #endif store_ctx = X509_STORE_CTX_new(); if (store_ctx == NULL) { res = GT_OUT_OF_MEMORY; goto cleanup; } /* The truststore is not initialized by default. */ if (GT_truststore == NULL) { res = GTTruststore_init(1); if (res != GT_OK) goto cleanup; } if (!X509_STORE_CTX_init(store_ctx, GT_truststore, cert, publications_file->signature->d.sign->cert)) { res = GT_OUT_OF_MEMORY; goto cleanup; } rc = X509_verify_cert(store_ctx); if (rc < 0) { res = GT_CRYPTO_FAILURE; goto cleanup; } if (rc != 1) { res = GT_CERT_NOT_TRUSTED; goto cleanup; } res = GT_OK; cleanup: GT_free(cert_der); /* Do not free subj, it points into cert. */ ASN1_OBJECT_free(oid); if (cert != NULL) { X509_free(cert); } if (store_ctx != NULL) { X509_STORE_CTX_free(store_ctx); } return res; }