int x509crl::info(State & state, mbedtls_x509_crl * certificate){ Stack * stack = state.stack; std::string prefix = ""; size_t bufferSize = 4096; if (stack->is<LUA_TNUMBER>(1)){ bufferSize = stack->to<int>(1); } if (stack->is<LUA_TSTRING>(2)){ prefix = stack->to<const std::string>(2); } char * buffer = new char[bufferSize]; int result = mbedtls_x509_crl_info(buffer, bufferSize, prefix.c_str(), certificate); if (result == 0){ stack->push<const std::string &>(buffer); } else{ stack->push<int>(result); } delete[] buffer; return 1; }
int main( void ) { int ret, i; mbedtls_x509_crt cacert; mbedtls_x509_crl crl; char buf[10240]; mbedtls_x509_crt_init( &cacert ); mbedtls_x509_crl_init( &crl ); /* * 1.1. Load the trusted CA */ mbedtls_printf( "\n . Loading the CA root certificate ..." ); fflush( stdout ); /* * Alternatively, you may load the CA certificates from a .pem or * .crt file by calling mbedtls_x509_crt_parse_file( &cacert, "myca.crt" ). */ ret = mbedtls_x509_crt_parse_file( &cacert, "ssl/test-ca/test-ca.crt" ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret ); goto exit; } mbedtls_printf( " ok\n" ); mbedtls_x509_crt_info( buf, 1024, "CRT: ", &cacert ); mbedtls_printf("%s\n", buf ); /* * 1.2. Load the CRL */ mbedtls_printf( " . Loading the CRL ..." ); fflush( stdout ); ret = mbedtls_x509_crl_parse_file( &crl, "ssl/test-ca/crl.pem" ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret ); goto exit; } mbedtls_printf( " ok\n" ); mbedtls_x509_crl_info( buf, 1024, "CRL: ", &crl ); mbedtls_printf("%s\n", buf ); for( i = 0; i < MAX_CLIENT_CERTS; i++ ) { /* * 1.3. Load own certificate */ char name[512]; uint32_t flags; mbedtls_x509_crt clicert; mbedtls_pk_context pk; mbedtls_x509_crt_init( &clicert ); mbedtls_pk_init( &pk ); mbedtls_snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]); mbedtls_printf( " . Loading the client certificate %s...", name ); fflush( stdout ); ret = mbedtls_x509_crt_parse_file( &clicert, name ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret ); goto exit; } mbedtls_printf( " ok\n" ); /* * 1.4. Verify certificate validity with CA certificate */ mbedtls_printf( " . Verify the client certificate with CA certificate..." ); fflush( stdout ); ret = mbedtls_x509_crt_verify( &clicert, &cacert, &crl, NULL, &flags, NULL, NULL ); if( ret != 0 ) { if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) { char vrfy_buf[512]; mbedtls_printf( " failed\n" ); mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); } else { mbedtls_printf( " failed\n ! mbedtls_x509_crt_verify returned %d\n\n", ret ); goto exit; } } mbedtls_printf( " ok\n" ); /* * 1.5. Load own private key */ mbedtls_snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]); mbedtls_printf( " . Loading the client private key %s...", name ); fflush( stdout ); ret = mbedtls_pk_parse_keyfile( &pk, name, NULL ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned %d\n\n", ret ); goto exit; } mbedtls_printf( " ok\n" ); /* * 1.6. Verify certificate validity with private key */ mbedtls_printf( " . Verify the client certificate with private key..." ); fflush( stdout ); /* EC NOT IMPLEMENTED YET */ if( ! mbedtls_pk_can_do( &clicert.pk, MBEDTLS_PK_RSA ) ) { mbedtls_printf( " failed\n ! certificate's key is not RSA\n\n" ); ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; goto exit; } ret = mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa( pk )->N, &mbedtls_pk_rsa( clicert.pk )->N); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_cmp_mpi for N returned %d\n\n", ret ); goto exit; } ret = mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa( pk )->E, &mbedtls_pk_rsa( clicert.pk )->E); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_cmp_mpi for E returned %d\n\n", ret ); goto exit; } ret = mbedtls_rsa_check_privkey( mbedtls_pk_rsa( pk ) ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_check_privkey returned %d\n\n", ret ); goto exit; } mbedtls_printf( " ok\n" ); mbedtls_x509_crt_free( &clicert ); mbedtls_pk_free( &pk ); } exit: mbedtls_x509_crt_free( &cacert ); mbedtls_x509_crl_free( &crl ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif return( ret ); }
int main( int argc, char *argv[] ) { int ret = 0; unsigned char buf[100000]; mbedtls_x509_crl crl; int i; char *p, *q; /* * Set to sane values */ mbedtls_x509_crl_init( &crl ); if( argc == 0 ) { usage: mbedtls_printf( USAGE ); goto exit; } opt.filename = DFL_FILENAME; for( i = 1; i < argc; i++ ) { p = argv[i]; if( ( q = strchr( p, '=' ) ) == NULL ) goto usage; *q++ = '\0'; if( strcmp( p, "filename" ) == 0 ) opt.filename = q; else goto usage; } /* * 1.1. Load the CRL */ mbedtls_printf( "\n . Loading the CRL ..." ); fflush( stdout ); ret = mbedtls_x509_crl_parse_file( &crl, opt.filename ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret ); mbedtls_x509_crl_free( &crl ); goto exit; } mbedtls_printf( " ok\n" ); /* * 1.2 Print the CRL */ mbedtls_printf( " . CRL information ...\n" ); ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl ); if( ret == -1 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crl_info returned %d\n\n", ret ); mbedtls_x509_crl_free( &crl ); goto exit; } mbedtls_printf( "%s\n", buf ); exit: mbedtls_x509_crl_free( &crl ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif return( ret ); }
static int info_lua( lua_State *L ) { mbedtls_x509_crl *crl = lauxh_checkudata( L, 1, LMBEDTLS_X509_CRL_MT ); const char *prefix = lauxh_optstring( L, 2, "" ); // FIXME: should allocate from heap char buf[100000] = { 0 }; int rc = mbedtls_x509_crl_info( buf, 100000, prefix, crl ); if( rc < 0 ){ lmbedtls_errbuf_t errbuf; lmbedtls_strerror( rc, errbuf ); lua_pushnil( L ); lua_pushstring( L, errbuf ); return 2; } lua_pushlstring( L, buf, rc ); return 1; }