Пример #1
0
int verify_callback(int ok, X509_STORE_CTX *ctx) 
{ 
char buf[256]; 
X509 *err_cert; 
int err,depth; 

err_cert=X509_STORE_CTX_get_current_cert(ctx); 
err = X509_STORE_CTX_get_error(ctx); 
depth = X509_STORE_CTX_get_error_depth(ctx); 

X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); 
BIO_printf(bio_err,"depth=%d %s\n",depth,buf); 
if (!ok) 
{ 
BIO_printf(bio_err,"verify error:num=%d:%s\n",err, 
X509_verify_cert_error_string(err)); 
if (depth < 6) 
{ 
ok=1; 
X509_STORE_CTX_set_error(ctx,X509_V_OK); 
} 
else 
{ 
ok=0; 
X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG); 
} 
} 
switch (ctx->error) 
{ 
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); 
BIO_printf(bio_err,"issuer= %s\n",buf); 
break; 
case X509_V_ERR_CERT_NOT_YET_VALID: 
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 
BIO_printf(bio_err,"notBefore="); 
ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); 
BIO_printf(bio_err,"\n"); 
break; 
case X509_V_ERR_CERT_HAS_EXPIRED: 
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 
BIO_printf(bio_err,"notAfter="); 
ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); 
BIO_printf(bio_err,"\n"); 
break; 
} 
BIO_printf(bio_err,"verify return:%d\n",ok); 
return(ok); 
} 
Пример #2
0
int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
{
	if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
	if(tm->type == V_ASN1_GENERALIZEDTIME)
				return ASN1_GENERALIZEDTIME_print(bp, tm);
	BIO_write(bp,"Bad time value",14);
	return(0);
}
Пример #3
0
/* Print the time from a ASN1_UTCTIME object in standard format i.e.
 * Nov 21 23:59:00 1996 GMT and store it in a nmalloc'd buffer.
 * The ASN1_UTCTIME structure is what's used for example with
 * certificate validity dates.
 *
 * You need to nfree() the returned pointer.
 */
static char *ssl_printtime(ASN1_UTCTIME *t)
{
  int len;
  char *data, *buf;
  BIO *bio = BIO_new(BIO_s_mem());
  
  ASN1_UTCTIME_print(bio, t);
  len = BIO_get_mem_data(bio, &data) + 1;
  buf = nmalloc(len);
  strncpyz(buf, data, len);
  BIO_free(bio);
  return buf;
}
Пример #4
0
static PyObject *
time_to_string (ASN1_UTCTIME *time)
{
	BIO *bio = BIO_new (BIO_s_mem ());
	ASN1_UTCTIME_print (bio, time);

	size_t size = BIO_ctrl_pending (bio);
	char *buf = malloc (sizeof (char) * size);
	BIO_read (bio, buf, size);
	BIO_free (bio);

	PyObject *time_str = PyString_FromStringAndSize (buf, size);
	free (buf);
	return time_str;
}
Пример #5
0
static char *get_cert_valid(ASN1_UTCTIME *tm)
{
    char *result;
    BIO* bio;
    int n;

    if ((bio = BIO_new(BIO_s_mem())) == NULL)
        return NULL;
    ASN1_UTCTIME_print(bio, tm);
    n = BIO_pending(bio);
    result = malloc(n+1);
    n = BIO_read(bio, result, n);
    result[n] = '\0';
    BIO_free(bio);
    return result;
}
Пример #6
0
		inline void utctime::print(bio::bio_ptr bio) const
		{
			throw_error_if_not(ASN1_UTCTIME_print(bio.raw(), ptr().get()) != 0);
		}
Пример #7
0
void
output_cert_info(X509 *cert, gf_io_t pc)
{
    char    buf[256];
    STORE_S *left,*right;
    gf_io_t spc;
    int len;
        
    left = so_get(CharStar, NULL, EDIT_ACCESS);
    right = so_get(CharStar, NULL, EDIT_ACCESS);
    if(!(left && right))
      return;

    gf_set_so_writec(&spc, left);

    if(!cert->cert_info){
    	gf_puts("Couldn't find certificate info.", spc);
	gf_puts(NEWLINE, spc);
    }
    else{
	gf_puts_uline("Subject (whose certificate it is)", spc);
	gf_puts(NEWLINE, spc);

	output_X509_NAME(cert->cert_info->subject, spc);
	gf_puts(NEWLINE, spc);

	gf_puts_uline("Serial Number", spc);
	gf_puts(NEWLINE, spc);

	snprintf(buf, sizeof(buf), "%ld", ASN1_INTEGER_get(cert->cert_info->serialNumber));
	gf_puts(buf, spc);
	gf_puts(NEWLINE, spc);
	gf_puts(NEWLINE, spc);

	gf_puts_uline("Validity", spc);
	gf_puts(NEWLINE, spc);
    	{
    	    BIO *mb = BIO_new(BIO_s_mem());
	    char iobuf[4096];
	    
	    gf_puts("Not Before: ", spc);

	    (void) BIO_reset(mb);
	    ASN1_UTCTIME_print(mb, cert->cert_info->validity->notBefore);
	    (void) BIO_flush(mb);
	    while((len = BIO_read(mb, iobuf, sizeof(iobuf))) > 0)
	      gf_nputs(iobuf, len, spc);

	    gf_puts(NEWLINE, spc);

	    gf_puts("Not After:  ", spc);

	    (void) BIO_reset(mb);
	    ASN1_UTCTIME_print(mb, cert->cert_info->validity->notAfter);
	    (void) BIO_flush(mb);
	    while((len = BIO_read(mb, iobuf, sizeof(iobuf))) > 0)
	      gf_nputs(iobuf, len, spc);
    	    
	    gf_puts(NEWLINE, spc);
	    gf_puts(NEWLINE, spc);
	    	    
	    BIO_free(mb);
	}
    }

    gf_clear_so_writec(left);

    gf_set_so_writec(&spc, right);

    if(!cert->cert_info){
    	gf_puts(_("Couldn't find certificate info."), spc);
	gf_puts(NEWLINE, spc);
    }
    else{
	gf_puts_uline("Issuer", spc);
	gf_puts(NEWLINE, spc);

	output_X509_NAME(cert->cert_info->issuer, spc);
	gf_puts(NEWLINE, spc);
    }
    
    gf_clear_so_writec(right);
    
    side_by_side(left, right, pc);

    gf_puts_uline("SHA1 Fingerprint", pc);
    gf_puts(NEWLINE, pc);
    get_fingerprint(cert, EVP_sha1(), buf, sizeof(buf));
    gf_puts(buf, pc);
    gf_puts(NEWLINE, pc);

    gf_puts_uline("MD5 Fingerprint", pc);
    gf_puts(NEWLINE, pc);
    get_fingerprint(cert, EVP_md5(), buf, sizeof(buf));
    gf_puts(buf, pc);
    gf_puts(NEWLINE, pc);
    
    so_give(&left);
    so_give(&right);
}