void read_ca_cert(void) { /* Read CA cert file */ if (!c_flag || !(cafile = fopen(c_char, "r"))) { fprintf(stderr, "%s: cannot open CA cert file\n", pname); exit (SCEP_PKISTATUS_FILE); } if (!PEM_read_X509(cafile, &cacert, NULL, NULL)) { fprintf(stderr, "%s: error while reading CA cert\n", pname); ERR_print_errors_fp(stderr); exit (SCEP_PKISTATUS_FILE); } fclose(cafile); /* Read enc CA cert */ if (e_flag) { if (!(cafile = fopen(e_char, "r"))) { fprintf(stderr, "%s: cannot open enc CA cert file\n", pname); exit (SCEP_PKISTATUS_FILE); } if (!PEM_read_X509(cafile, &encert, NULL, NULL)) { fprintf(stderr,"%s: error while reading enc CA cert\n", pname); ERR_print_errors_fp(stderr); exit (SCEP_PKISTATUS_FILE); } fclose(cafile); } }
/* Make sure the certificate exists and extract the public key from it. * * returns: true if it can get the public key, false otherwise */ static bool get_pubkey(void) { fp_pubkey = fopen(CERTNAME, "re"); if (!fp_pubkey) { fprintf(stderr, "Failed fopen %s\n", CERTNAME); goto error; } cert = PEM_read_X509(fp_pubkey, NULL, NULL, NULL); if (!cert) { fprintf(stderr, "Failed PEM_read_X509() for %s\n", CERTNAME); goto error; } pkey = X509_get_pubkey(cert); if (!pkey) { fprintf(stderr, "Failed X509_get_pubkey() for %s\n", CERTNAME); X509_free(cert); goto error; } return true; error: ERR_print_errors_fp(stderr); return false; }
void read_public_key(drown_ctx * dctx, char *filename) { // Read file FILE * fp = fopen(filename, "r"); MY_ASSERT(fp != NULL, "can't open certificate file"); // Read cert X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL); MY_ASSERT(cert != NULL, "file is not a certificate"); // Read public key EVP_PKEY * pkey = X509_get_pubkey(cert); MY_ASSERT(pkey != NULL, "can't get public key from certificate"); // Check RSA key MY_ASSERT(pkey->type == EVP_PKEY_RSA, "public key is not RSA"); MY_ASSERT(EVP_PKEY_bits(pkey) == 2048, "only RSA-2048 is supported for now"); // Read RSA key RSA *rsa = EVP_PKEY_get1_RSA(pkey); // Copy the public key BN_copy(dctx->n, rsa->n); BN_copy(dctx->e, rsa->e); RSA_free(rsa); EVP_PKEY_free(pkey); X509_free(cert); fclose(fp); }
static int certificate_verify_callback(int preverify_ok, X509_STORE_CTX * ctx) { char fnm[FILE_PATH_SIZE]; DIR * dir = NULL; int err = 0; int found = 0; snprintf(fnm, sizeof(fnm), "%s/ssl", tcf_dir); if (!err && (dir = opendir(fnm)) == NULL) err = errno; while (!err && !found) { int l = 0; X509 * cert = NULL; FILE * fp = NULL; struct dirent * ent = readdir(dir); if (ent == NULL) break; l = strlen(ent->d_name); if (l < 5 || strcmp(ent->d_name + l -5 , ".cert") != 0) continue; snprintf(fnm, sizeof(fnm), "%s/ssl/%s", tcf_dir, ent->d_name); if (!err && (fp = fopen(fnm, "r")) == NULL) err = errno; if (!err && (cert = PEM_read_X509(fp, NULL, NULL, NULL)) == NULL) err = set_ssl_errno(); if (!err && fclose(fp) != 0) err = errno; if (!err && X509_cmp(X509_STORE_CTX_get_current_cert(ctx), cert) == 0) found = 1; } if (dir != NULL && closedir(dir) < 0 && !err) err = errno; if (err) trace(LOG_ALWAYS, "Cannot read certificate %s: %s", fnm, errno_to_str(err)); else if (!found) trace(LOG_ALWAYS, "Authentication failure: invalid certificate"); return err == 0 && found; }
void test1() { char * filename = "server/server.crt"; X509 * x509 = NULL; X509 * rc = NULL; FILE * fp = NULL; X509_NAME * name = NULL; char buf[1024]; int nid = NID_undef; size_t name_len = 0; char cnbuf[1024]; assert( (fp = fopen(filename,"rb")) != NULL ); assert( (rc = PEM_read_X509(fp, &x509, (pem_password_cb *)0, NULL)) != NULL ); assert( (name = X509_get_subject_name(x509)) != NULL ); X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf)); assert( strcmp(buf,"/C=HU/ST=Hungary/L=Budapest/O=BeckGround Ltd./[email protected]/[email protected]") == 0 ); printf("%s\n",buf); assert( (nid = OBJ_txt2nid("commonName")) != NID_undef ); assert( (name_len = X509_NAME_get_text_by_NID(name, nid, cnbuf, sizeof(cnbuf))) > 0 ); assert( strcmp(cnbuf,"*****@*****.**") == 0 ); printf("%s\n",cnbuf); X509_free(x509); rc = x509 = NULL; fclose( fp ); }
gchar * CertKey_ComputeCertPemFileHash(const gchar *certPemFile) // IN { FILE *file; gchar *hash = NULL; X509 *cert = NULL; gchar *err = NULL; file = fopen(certPemFile, "r"); if (!file) { Error("Failed to open %s: %s.\n", certPemFile, strerror(errno)); goto exit; } cert = PEM_read_X509(file, NULL, NULL, NULL); if (!cert) { Error("Error reading certificate file %s: %s.\n", certPemFile, GetSSLError(&err)); goto exit; } hash = g_strdup_printf("%08lx", X509_subject_name_hash(cert)); exit: if (file) { fclose(file); } X509_free(cert); g_free(err); return hash; }
int main(int argc, char* args[]) { if(argc == 1) { printf("Usage: %s [OPTIONS] [FILE]\n\n", args[0]); printf("Options:\n\t-u\t Print UNIX timestamp\n\n"); return 1; } FILE *pemFile = fopen(args[argc-1], "r"); if(!pemFile) { fprintf(stderr, "Could not open file \"%s\"\n", args[argc-1]); return 1; } X509 *cert = PEM_read_X509(pemFile, NULL, NULL, NULL); if(!cert) { fprintf(stderr, "Could not read PEM format\n"); return 1; } char notAfterStr[BUFLEN]; ASN1_TIME *notAfter = X509_get_notAfter(cert); if(strcmp(args[1], "-u") == 0) { convertAsn1ToTimestamp(notAfter, notAfterStr); } else { convertAsn1ToString(notAfter, notAfterStr); } printf("%s\n", notAfterStr); return 0; }
int main(int argc, char **argv) { X509 *cert; FILE *inf; int i, count; X509_EXTENSION *ext; X509V3_add_standard_extensions(); ERR_load_crypto_strings(); if(!argv[1]) { fprintf(stderr, "Usage v3prin cert.pem\n"); exit(1); } if(!(inf = fopen(argv[1], "r"))) { fprintf(stderr, "Can't open %s\n", argv[1]); exit(1); } if(!(cert = PEM_read_X509(inf, NULL, NULL))) { fprintf(stderr, "Can't read certificate %s\n", argv[1]); ERR_print_errors_fp(stderr); exit(1); } fclose(inf); count = X509_get_ext_count(cert); printf("%d extensions\n", count); for(i = 0; i < count; i++) { ext = X509_get_ext(cert, i); printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object))); if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr); printf("\n"); } return 0; }
static void load_cacert(X509** cacert, const char* certpem) { FILE* f = fopen(certpem, "r"); assert(f != NULL); PEM_read_X509(f, cacert, NULL, NULL); fclose(f); }
wi_x509_t * wi_x509_init_with_pem_file(wi_x509_t *x509, wi_string_t *path) { FILE *fp; fp = fopen(wi_string_cstring(path), "r"); if(!fp) { wi_error_set_errno(errno); wi_release(x509); return NULL; } x509->x509 = PEM_read_X509(fp, NULL, NULL, NULL); fclose(fp); if(!x509->x509) { wi_error_set_openssl_error(); wi_release(x509); return NULL; } return x509; }
static int SSL_CTX_use_certificate_file_with_check( SSL_CTX *ctx, char *file, int type) { FILE *fp; X509 *x509; X509_STORE_CTX *sctx; int ret; ret = SSL_CTX_use_certificate_file(ctx, file, type); if(!ret) return ret; if(!(fp = fopen(file, "r"))) { return -1; } x509 = PEM_read_X509(fp, NULL, NULL, NULL); if(!x509){ rewind(fp); x509 = d2i_X509_fp(fp, NULL); } fclose(fp); if(!x509) return -1; X509_STORE_add_cert(ctx->cert_store, x509); sctx = X509_STORE_CTX_new(); X509_STORE_CTX_init(sctx, ctx->cert_store, x509, NULL); X509_STORE_CTX_set_verify_cb(sctx, LocalVerifyCallBack); X509_verify_cert(sctx); X509_STORE_CTX_free(sctx); CheckValidPeriod(x509); return ret; }
/* * Load CA certificate and private key from current dir */ static int load_ca(char * ca_name, identity * ca) { FILE * f ; RSA * rsa ; char filename[FIELD_SZ+1] ; sprintf(filename, "%s.crt", ca_name); if ((f=fopen(filename, "r"))==NULL) { fprintf(stderr, "Cannot find: %s\n", filename); return -1 ; } ca->cert = PEM_read_X509(f, NULL, NULL, NULL); fclose(f); sprintf(filename, "%s.key", ca_name); if ((f=fopen(filename, "r"))==NULL) { return -1 ; } rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL); fclose(f); ca->key = EVP_PKEY_new(); EVP_PKEY_assign_RSA(ca->key, rsa); if (!X509_check_private_key(ca->cert, ca->key)) { fprintf(stderr, "CA certificate and private key do not match\n"); return -1 ; } return 0; }
int main(int argc, char *argv[]) { X509 *cert; X509_STORE *store; X509_LOOKUP *lookup; X509_STORE_CTX *verify_ctx; FILE *fp; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* frist read the client certificate */ if (!(fp = fopen(CLIENT_CERT, "r"))) { int_error("Error reading client certificate file"); } if (!(cert = PEM_read_X509(fp, NULL, NULL, NULL))) { int_error("Error reading client certificate in file"); } fclose(fp); /* create the cert store and set the verify callback */ if (!(store = X509_STORE_new())) { int_error("Error creating X509_STORE_CTX object"); } X509_STORE_set_verify_cb_func(store, verify_callback); /* load the CA certificates and CRLs */ if (X509_STORE_load_locations(store, CA_FILE, CA_DIR) != 1) { int_error("Error loading the CA file or directory"); } if (X509_STORE_set_default_paths(store) != 1) { int_error("Error loading the system-wide CA certificates"); } if (!(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()))) { int_error("Error creating X509_LOOKUP object"); } if (X509_load_crl_file(lookup, CRL_FILE, X509_FILETYPE_PEM) != 1) { int_error("Error reading the CRL file"); } /* set the flags of the store so that the CRLs are consulted */ X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); /* create a verification context and initialize it */ if (!(verify_ctx = X509_STORE_CTX_new())) { int_error("Error creating X509_STORE_CTX object"); } if (X509_STORE_CTX_init(verify_ctx, store, cert, NULL) != 1) { int_error("Error initializing verification context"); } /* verify the certificate */ if (X509_verify_cert(verify_ctx) != 1) { int_error("Error verifying the certificate"); } else { printf("Certificate verified correctly!\n"); } return 0; }
int main(int argc, char **argv) { LHASH *conf; X509 *cert; FILE *inf; char *conf_file; int i; int count; X509_EXTENSION *ext; X509V3_add_standard_extensions(); ERR_load_crypto_strings(); if(!argv[1]) { fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n"); exit(1); } conf_file = argv[2]; if(!conf_file) conf_file = "test.cnf"; conf = CONF_load(NULL, "test.cnf", NULL); if(!conf) { fprintf(stderr, "Error opening Config file %s\n", conf_file); ERR_print_errors_fp(stderr); exit(1); } inf = fopen(argv[1], "r"); if(!inf) { fprintf(stderr, "Can't open certificate file %s\n", argv[1]); exit(1); } cert = PEM_read_X509(inf, NULL, NULL); if(!cert) { fprintf(stderr, "Error reading certificate file %s\n", argv[1]); exit(1); } fclose(inf); sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free); cert->cert_info->extensions = NULL; if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) { fprintf(stderr, "Error adding extensions\n"); ERR_print_errors_fp(stderr); exit(1); } count = X509_get_ext_count(cert); printf("%d extensions\n", count); for(i = 0; i < count; i++) { ext = X509_get_ext(cert, i); printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object))); if(ext->critical) printf(",critical:\n"); else printf(":\n"); X509V3_EXT_print_fp(stdout, ext, 0, 0); printf("\n"); } return 0; }
static X509 *get_cert_from_file(char *filename) { X509 *c; FILE *f = fopen(filename, "r"); if (! f ) return NULL; c = PEM_read_X509(f, NULL, NULL, NULL); fclose(f); return c; }
/* * Check if the SSL/TLS certificate exists in the certificates file. */ int check_cert(X509 *pcert, unsigned char *pmd, unsigned int *pmdlen) { int n, r; FILE *fd; char b; char *certf; X509 *cert; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; r = 0; cert = NULL; n = snprintf(&b, 1, "%s/%s", env.home, PATHNAME_CERTS); if (env.pathmax != -1 && n > env.pathmax) fatal(ERROR_PATHNAME, "pathname limit %ld exceeded: %d\n", env.pathmax, n); certf = (char *)xmalloc((n + 1) * sizeof(char)); snprintf(certf, n + 1, "%s/%s", env.home, PATHNAME_CERTS); if (!exists_file(certf)) { xfree(certf); return 0; } fd = fopen(certf, "r"); xfree(certf); if (fd == NULL) return -1; while ((cert = PEM_read_X509(fd, &cert, NULL, NULL)) != NULL) { if (X509_subject_name_cmp(cert, pcert) != 0 || X509_issuer_name_cmp(cert, pcert) != 0) continue; if (!X509_digest(cert, EVP_md5(), md, &mdlen) || *pmdlen != mdlen) continue; if (memcmp(pmd, md, mdlen) != 0) { r = -1; break; } r = 1; break; } fclose(fd); X509_free(cert); return r; }
/** * rsa_get_pub_key() - read a public key from a .crt file * * @keydir: Directory containins the key * @name Name of key file (will have a .crt extension) * @rsap Returns RSA object, or NULL on failure * @return 0 if ok, -ve on error (in which case *rsap will be set to NULL) */ static int rsa_get_pub_key(const char *keydir, const char *name, RSA **rsap) { char path[1024]; EVP_PKEY *key; X509 *cert; RSA *rsa; FILE *f; int ret; *rsap = NULL; snprintf(path, sizeof(path), "%s/%s.crt", keydir, name); f = fopen(path, "r"); if (!f) { fprintf(stderr, "Couldn't open RSA certificate: '%s': %s\n", path, strerror(errno)); return -EACCES; } /* Read the certificate */ cert = NULL; if (!PEM_read_X509(f, &cert, NULL, NULL)) { rsa_err("Couldn't read certificate"); ret = -EINVAL; goto err_cert; } /* Get the public key from the certificate. */ key = X509_get_pubkey(cert); if (!key) { rsa_err("Couldn't read public key\n"); ret = -EINVAL; goto err_pubkey; } /* Convert to a RSA_style key. */ rsa = EVP_PKEY_get1_RSA(key); if (!rsa) { rsa_err("Couldn't convert to a RSA style key"); ret = -EINVAL; goto err_rsa; } fclose(f); EVP_PKEY_free(key); X509_free(cert); *rsap = rsa; return 0; err_rsa: EVP_PKEY_free(key); err_pubkey: X509_free(cert); err_cert: fclose(f); return ret; }
X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char *, int, int, void*)) #endif { X509 *rc; BIO *bioS; BIO *bioF; /* 1. try PEM (= DER+Base64+headers) */ #if SSL_LIBRARY_VERSION < 0x00904000 rc = PEM_read_X509(fp, x509, cb); #else rc = PEM_read_X509(fp, x509, cb, NULL); #endif if (rc == NULL) { /* 2. try DER+Base64 */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); if ((bioF = BIO_new(BIO_f_base64())) == NULL) { BIO_free(bioS); return NULL; } bioS = BIO_push(bioF, bioS); rc = d2i_X509_bio(bioS, NULL); BIO_free_all(bioS); if (rc == NULL) { /* 3. try plain DER */ fseek(fp, 0L, SEEK_SET); if ((bioS = BIO_new(BIO_s_fd())) == NULL) return NULL; BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE); rc = d2i_X509_bio(bioS, NULL); BIO_free(bioS); } } if (rc != NULL && x509 != NULL) { if (*x509 != NULL) X509_free(*x509); *x509 = rc; } return rc; }
X509 getX509(const char* file) { ::X509* ret = nullptr; FILE* f = dcpp_fopen(file, "r"); if (f) { PEM_read_X509(f, &ret, nullptr, nullptr); fclose(f); } return X509(ret); }
static int load_cert(const char* keyDirectory) { char certificateFilePath[4096]; sprintf(certificateFilePath, "%s/%s", keyDirectory, CERTIFICATE_FILE_NAME); char keyFilePath[4096]; sprintf(&keyFilePath[0], "%s/%s", keyDirectory, KEY_FILE_NAME); FILE *fd = fopen(certificateFilePath, "r"); if (fd == NULL) { printf("Generating certificate..."); CERT_KEY_PAIR cert = mkcert_generate(); printf("done\n"); char p12FilePath[4096]; sprintf(p12FilePath, "%s/%s", keyDirectory, P12_FILE_NAME); mkcert_save(certificateFilePath, p12FilePath, keyFilePath, cert); mkcert_free(cert); fd = fopen(certificateFilePath, "r"); } if (fd == NULL) { gs_error = "Can't open certificate file"; return GS_FAILED; } if (!(cert = PEM_read_X509(fd, NULL, NULL, NULL))) { gs_error = "Error loading cert into memory"; return GS_FAILED; } rewind(fd); int c; int length = 0; while ((c = fgetc(fd)) != EOF) { sprintf(cert_hex + length, "%02x", c); length += 2; } cert_hex[length] = 0; fclose(fd); fd = fopen(keyFilePath, "r"); if (fd == NULL) { gs_error = "Error loading key into memory"; return GS_FAILED; } PEM_read_PrivateKey(fd, &privateKey, NULL, NULL); fclose(fd); return GS_OK; }
struct soap* init_soap(void) { FILE *fd = NULL; struct soap* soap = NULL; char passwd[10] = {'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0'}; soap = soap_new1(SOAP_XML_CANONICAL | SOAP_XML_INDENT); soap_ssl_init(); // soap_register_plugin(soap, plugin); // register plugin soap_register_plugin(soap, soap_wsse); fd = fopen("secrets", "r"); if (fd) { fgets(passwd, 10, fd); fclose(fd); if (passwd == NULL) { perror("Unable to read password for X509 certificate."); return NULL; } } else { perror("Unable to open secrets file"); return NULL; } fd = fopen("DMOPEN_100014_PRIVATE.pem", "r"); if (fd) { rsa_private_key = PEM_read_PrivateKey(fd, NULL, NULL, passwd); fclose(fd); if (rsa_private_key == NULL) { perror("Error reading private key"); return NULL; } } else { perror("Unable to open Private X509 .pem file"); return NULL; } fd = fopen("DMOPEN_100014.pem", "r"); if (fd) { cert = PEM_read_X509(fd, NULL, NULL, NULL); fclose(fd); if (cert == NULL) { perror("Error reading certificate file"); return NULL; } } else { perror("Unable to open publix X509 .pem file"); return NULL; } return soap; }
// ***************************************************************************** // * * // * Function: ReadPublicCertificate * // * * // * Reads and stores the contents of the Public certificate and extracts * // * the expiry date * // ***************************************************************************** // * * // * Parameters: * // * None * // * * // * Returns: * // * * // * True if Success, else false * // * * // * Updates Global variables * // ***************************************************************************** static bool ReadPublicCertificate() { int ret = 0; struct stat file_stats; // Get the Certificate directory and the filename if (!setup_already_done) SetupCertFilename(); if (0 != stat(pubkey_file, &file_stats)) return false; // failed to read file info FILE *pFile = fopen(pubkey_file, "r"); if (pFile == NULL) return false; cert_data_len = file_stats.st_size; if (cert_data) delete [] cert_data; cert_data = new char[cert_data_len + 1]; cert_data_len = (long) fread(cert_data, 1, cert_data_len, pFile); cert_data[cert_data_len] = 0; if ( cert_data_len != file_stats.st_size ) { fclose(pFile); return false; } cert_timestamp = file_stats.st_mtime; // Extract the Expiry Date fclose(pFile); pFile = fopen(pubkey_file, "r"); X509 *certificate = PEM_read_X509(pFile, NULL, 0, NULL); strncpy((char*) cert_expdate, (char*) (X509_get_notAfter(certificate)->data), EXPDATESIZE); cert_expdate[EXPDATESIZE] = 0; X509_free(certificate); fclose(pFile); return true; }
void read_cert(X509** cert, char* filename) { FILE *file; if (!(file = fopen(filename, "r"))) { fprintf(stderr, "%s: cannot open cert file %s\n", pname, filename); exit (SCEP_PKISTATUS_FILE); } if (!PEM_read_X509(file, cert, NULL, NULL)) { fprintf(stderr, "%s: error while reading cert %s\n", pname, filename); ERR_print_errors_fp(stderr); exit (SCEP_PKISTATUS_FILE); } fclose(file); }
void openssl_pkcs12_cert() { FILE *tmpfile; PKCS12 *pkcs12s; EVP_PKEY *certprk; X509 *cscert, *cacert; STACK_OF(X509) * cacerts; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); certprk = EVP_PKEY_new(); tmpfile = fopen(PKEYF, "r"); certprk = PEM_read_PrivateKey(tmpfile, NULL, NULL, NULL); fclose(tmpfile); tmpfile = fopen(PCERTF, "r"); cscert = PEM_read_X509(tmpfile, NULL, NULL, NULL); fclose(tmpfile); tmpfile = fopen(RCERTF, "r"); cacert = PEM_read_X509(tmpfile, NULL, NULL, NULL); fclose(tmpfile); pkcs12s = PKCS12_new(); cacerts = sk_X509_new_null(); sk_X509_push(cacerts, cacert); pkcs12s = PKCS12_create("beike2012", "mypkcs12", certprk, cscert, cacerts, 0, 0, 0, 0, 0); tmpfile = fopen(PKCS12F, "w"); if (i2d_PKCS12_fp(tmpfile, pkcs12s) <= 0) openssl_error_show("i2d_PKCS12_fp", 1); fclose(tmpfile); sk_X509_free(cacerts); PKCS12_free(pkcs12s); }
static X509 * load_X509_from_file(const char *filepath) { FILE *certfile = NULL; X509 *cert = NULL; certfile = fopen(filepath, "r"); if (certfile == NULL) { return NULL; } cert = PEM_read_X509(certfile, NULL, NULL, NULL); fclose(certfile); return cert; }
static int check_certificate_by_digest (X509 *peercert) { unsigned char peermd[EVP_MAX_MD_SIZE]; unsigned int peermdlen; X509 *cert = NULL; int pass = 0; FILE *fp; /* expiration check */ if (option (OPTSSLVERIFYDATES) != MUTT_NO) { if (X509_cmp_current_time (X509_get_notBefore (peercert)) >= 0) { dprint (2, (debugfile, "Server certificate is not yet valid\n")); mutt_error (_("Server certificate is not yet valid")); mutt_sleep (2); return 0; } if (X509_cmp_current_time (X509_get_notAfter (peercert)) <= 0) { dprint (2, (debugfile, "Server certificate has expired")); mutt_error (_("Server certificate has expired")); mutt_sleep (2); return 0; } } if ((fp = fopen (SslCertFile, "rt")) == NULL) return 0; if (!X509_digest (peercert, EVP_sha1(), peermd, &peermdlen)) { safe_fclose (&fp); return 0; } while ((cert = PEM_read_X509 (fp, &cert, NULL, NULL)) != NULL) { pass = compare_certificates (cert, peercert, peermd, peermdlen) ? 0 : 1; if (pass) break; } X509_free (cert); safe_fclose (&fp); return pass; }
void test_wiener(void) { X509 *crt; RSA *rsa; FILE *fp = fopen("wiener_test.crt", "r"); if (!fp) exit(EXIT_FAILURE); crt = PEM_read_X509(fp, NULL, 0, NULL); if (!crt) { exit(EXIT_FAILURE); } rsa = X509_get_pubkey(crt)->pkey.rsa; /* assert(WienerQuestion.test(crt)); */ assert(WienerQuestion.ask_rsa(rsa)); }
CertificatePtr RevocationCheckerBase::loadPEMFile(const char* fileName) { DPL::ScopedFClose fd(fopen(fileName, "rb")); // no such file, return NULL if (!fd.Get()) { return CertificatePtr(); } // create a new X509 certificate basing on file CertificatePtr cert(new Certificate(PEM_read_X509(fd.Get(), NULL, NULL, NULL))); return cert; }
char* getSerial() { char* id = malloc(20); char *str, *ptr; FILE* fp; X509* x509; char deviceid[11]; ERR_load_crypto_strings(); fp = fopen(ODI_CERT_FILE, "r"); if (NULL == fp) { printf("Error opening file: %s\n", ODI_CERT_FILE); } x509 = PEM_read_X509(fp, NULL, NULL, NULL); fclose(fp); if (x509 == NULL) { printf("error reading certificate\n"); return 0; } str = X509_NAME_oneline(X509_get_subject_name(x509), 0, 0); if (str) { ptr = strstr(str, "/CN="); if (ptr) { if (strlen(ptr) == 14) { strcpy(deviceid, ptr + 4); sprintf(id, "%s", deviceid); } else { printf("error parsing unit certificate - invalid device id\n"); } } else { printf("error parsing unit certificate - can't find CN\n"); } } OPENSSL_free(str); X509_free(x509); return id; }
int main(int argc, char *argv[]) { int error_code = 0; if(2 > argc) { printf("args is error\n"); error_code = 2; goto end; } char *certfile = argv[1]; FILE *fpem = NULL; X509 *cert = NULL; if( !( fpem = fopen( certfile, "r" ))) { printf("Couldn't open the PEM file: %s\n", certfile); error_code = 3; goto end; } if( !( cert = PEM_read_X509( fpem, NULL, NULL, NULL ))) { printf( "Failed to read the PEM file: %s\n",certfile ); error_code = 4; goto end; } if(fpem) { fclose(fpem); } error_code = get_subject(cert); error_code = get_subjectAltName(cert); end: if(cert) { X509_free(cert); } return error_code; }