int verify_callback(int ok, X509_STORE_CTX *ctx) { char buf[256]; X509 *err_cert; int err,depth; err_cert=X509_STORE_CTX_get_current_cert(ctx); err = X509_STORE_CTX_get_error(ctx); depth = X509_STORE_CTX_get_error_depth(ctx); X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); BIO_printf(bio_err,"depth=%d %s\n",depth,buf); if (!ok) { BIO_printf(bio_err,"verify error:num=%d:%s\n",err, X509_verify_cert_error_string(err)); if (depth < 6) { ok=1; X509_STORE_CTX_set_error(ctx,X509_V_OK); } else { ok=0; X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG); } } switch (ctx->error) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); BIO_printf(bio_err,"issuer= %s\n",buf); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: BIO_printf(bio_err,"notBefore="); ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); BIO_printf(bio_err,"\n"); break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: BIO_printf(bio_err,"notAfter="); ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); BIO_printf(bio_err,"\n"); break; } BIO_printf(bio_err,"verify return:%d\n",ok); return(ok); }
int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) { if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm); if(tm->type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_print(bp, tm); BIO_write(bp,"Bad time value",14); return(0); }
/* Print the time from a ASN1_UTCTIME object in standard format i.e. * Nov 21 23:59:00 1996 GMT and store it in a nmalloc'd buffer. * The ASN1_UTCTIME structure is what's used for example with * certificate validity dates. * * You need to nfree() the returned pointer. */ static char *ssl_printtime(ASN1_UTCTIME *t) { int len; char *data, *buf; BIO *bio = BIO_new(BIO_s_mem()); ASN1_UTCTIME_print(bio, t); len = BIO_get_mem_data(bio, &data) + 1; buf = nmalloc(len); strncpyz(buf, data, len); BIO_free(bio); return buf; }
static PyObject * time_to_string (ASN1_UTCTIME *time) { BIO *bio = BIO_new (BIO_s_mem ()); ASN1_UTCTIME_print (bio, time); size_t size = BIO_ctrl_pending (bio); char *buf = malloc (sizeof (char) * size); BIO_read (bio, buf, size); BIO_free (bio); PyObject *time_str = PyString_FromStringAndSize (buf, size); free (buf); return time_str; }
static char *get_cert_valid(ASN1_UTCTIME *tm) { char *result; BIO* bio; int n; if ((bio = BIO_new(BIO_s_mem())) == NULL) return NULL; ASN1_UTCTIME_print(bio, tm); n = BIO_pending(bio); result = malloc(n+1); n = BIO_read(bio, result, n); result[n] = '\0'; BIO_free(bio); return result; }
inline void utctime::print(bio::bio_ptr bio) const { throw_error_if_not(ASN1_UTCTIME_print(bio.raw(), ptr().get()) != 0); }
void output_cert_info(X509 *cert, gf_io_t pc) { char buf[256]; STORE_S *left,*right; gf_io_t spc; int len; left = so_get(CharStar, NULL, EDIT_ACCESS); right = so_get(CharStar, NULL, EDIT_ACCESS); if(!(left && right)) return; gf_set_so_writec(&spc, left); if(!cert->cert_info){ gf_puts("Couldn't find certificate info.", spc); gf_puts(NEWLINE, spc); } else{ gf_puts_uline("Subject (whose certificate it is)", spc); gf_puts(NEWLINE, spc); output_X509_NAME(cert->cert_info->subject, spc); gf_puts(NEWLINE, spc); gf_puts_uline("Serial Number", spc); gf_puts(NEWLINE, spc); snprintf(buf, sizeof(buf), "%ld", ASN1_INTEGER_get(cert->cert_info->serialNumber)); gf_puts(buf, spc); gf_puts(NEWLINE, spc); gf_puts(NEWLINE, spc); gf_puts_uline("Validity", spc); gf_puts(NEWLINE, spc); { BIO *mb = BIO_new(BIO_s_mem()); char iobuf[4096]; gf_puts("Not Before: ", spc); (void) BIO_reset(mb); ASN1_UTCTIME_print(mb, cert->cert_info->validity->notBefore); (void) BIO_flush(mb); while((len = BIO_read(mb, iobuf, sizeof(iobuf))) > 0) gf_nputs(iobuf, len, spc); gf_puts(NEWLINE, spc); gf_puts("Not After: ", spc); (void) BIO_reset(mb); ASN1_UTCTIME_print(mb, cert->cert_info->validity->notAfter); (void) BIO_flush(mb); while((len = BIO_read(mb, iobuf, sizeof(iobuf))) > 0) gf_nputs(iobuf, len, spc); gf_puts(NEWLINE, spc); gf_puts(NEWLINE, spc); BIO_free(mb); } } gf_clear_so_writec(left); gf_set_so_writec(&spc, right); if(!cert->cert_info){ gf_puts(_("Couldn't find certificate info."), spc); gf_puts(NEWLINE, spc); } else{ gf_puts_uline("Issuer", spc); gf_puts(NEWLINE, spc); output_X509_NAME(cert->cert_info->issuer, spc); gf_puts(NEWLINE, spc); } gf_clear_so_writec(right); side_by_side(left, right, pc); gf_puts_uline("SHA1 Fingerprint", pc); gf_puts(NEWLINE, pc); get_fingerprint(cert, EVP_sha1(), buf, sizeof(buf)); gf_puts(buf, pc); gf_puts(NEWLINE, pc); gf_puts_uline("MD5 Fingerprint", pc); gf_puts(NEWLINE, pc); get_fingerprint(cert, EVP_md5(), buf, sizeof(buf)); gf_puts(buf, pc); gf_puts(NEWLINE, pc); so_give(&left); so_give(&right); }