static int test_compare(hx509_context context) { int ret; hx509_cert c1, c2, c3; int l0, l1, l2, l3; /* check transative properties of name compare function */ ret = hx509_cert_init_data(context, certdata1, sizeof(certdata1) - 1, &c1); if (ret) return 1; ret = hx509_cert_init_data(context, certdata2, sizeof(certdata2) - 1, &c2); if (ret) return 1; ret = hx509_cert_init_data(context, certdata3, sizeof(certdata3) - 1, &c3); if (ret) return 1; ret = compare_subject(c1, c1, &l0); if (ret) return 1; ret = compare_subject(c1, c2, &l1); if (ret) return 1; ret = compare_subject(c1, c3, &l2); if (ret) return 1; ret = compare_subject(c2, c3, &l3); if (ret) return 1; if (l0 != 0) return 1; if (l2 < l1) return 1; if (l3 < l2) return 1; if (l3 < l1) return 1; hx509_cert_free(c1); hx509_cert_free(c2); hx509_cert_free(c3); return 0; }
/* Open the inner, decrypted PKCS7 and try to write cert. */ void write_local_cert(struct scep *s) { PKCS7 *p7; STACK_OF(X509) *certs; X509 *cert = NULL; FILE *fp; int i; localcert = NULL; /* Get certs */ p7 = s->reply_p7; certs = p7->d.sign->cert; if (v_flag) { printf ("write_local_cert(): found %d cert(s)\n", sk_X509_num(certs)); } /* Find cert */ for (i = 0; i < sk_X509_num(certs); i++) { char buffer[1024]; cert = sk_X509_value(certs, i); if (v_flag) { printf("%s: found certificate with\n" " subject: '%s'\n", pname, X509_NAME_oneline(X509_get_subject_name(cert), buffer, sizeof(buffer))); printf(" issuer: %s\n", X509_NAME_oneline(X509_get_issuer_name(cert), buffer, sizeof(buffer))); printf(" request_subject: '%s'\n", X509_NAME_oneline(X509_REQ_get_subject_name(request), buffer, sizeof(buffer))); } /* The subject has to match that of our request */ if (!compare_subject(cert)) { if (v_flag) printf ("CN's of request and certificate matched!\n"); /* The subject cannot be the issuer (selfsigned) */ if (X509_NAME_cmp(X509_get_subject_name(cert), X509_get_issuer_name(cert))) { localcert = cert; break; } } } if (localcert == NULL) { fprintf(stderr, "%s: cannot find requested certificate\n", pname); exit (SCEP_PKISTATUS_FILE); } /* Write PEM-formatted file: */ if (!(fp = fopen(l_char, "w"))) { fprintf(stderr, "%s: cannot open cert file for writing\n", pname); exit (SCEP_PKISTATUS_FILE); } if (v_flag) printf("%s: writing cert\n", pname); if (d_flag) PEM_write_X509(stdout, localcert); if (PEM_write_X509(fp, localcert) != 1) { fprintf(stderr, "%s: error while writing certificate " "file\n", pname); ERR_print_errors_fp(stderr); exit (SCEP_PKISTATUS_FILE); } printf("%s: certificate written as %s\n", pname, l_char); (void)fclose(fp); }