Пример #1
0
int crypto_verify_chain(crypto_ctx *ctx,
                        const char *ca_file,
                        const char *ca_dir,
                        crypto_error **error)
{
    int err, i, ret = 1, start = 0;
    gnutls_x509_crt_t *ca_list = NULL;
    size_t ca_list_size = 0;

    if (!ctx)
        return 1;

    if (ctx->num == 0)
        return 0;

    if (ca_file) {
        ca_list = load_ca_list_file(ca_file, &ca_list_size, error);
        if (!ca_list)
            return 1;
    } else if (ca_dir) {
        /* FIXME: Try to load all files in the directory I guess... */
        crypto_error_set(error, 1, 0, "ca_dir not yet supported");
        return 1;
    }

    /* If the server cert is self-signed, ignore it in the issuers check */
    err = gnutls_x509_crt_check_issuer(ctx->stack[0], ctx->stack[0]);
    if (err > 0)
        start++;

    /* Check each certificate against its issuer */
    for (i = start; i < ctx->num - 1; i++) {
        if (verify_issuer(ctx->stack[i], ctx->stack[i + 1], error))
            goto out;
    }

    /* Verify the last certificate */
    if (verify_last(ctx->stack[ctx->num - 1], ca_list, ca_list_size, error))
        goto out;

    ret = 0;

out:
    if (ca_list) {
        for (i = 0; i < (int) ca_list_size; i++)
            gnutls_x509_crt_deinit(ca_list[i]);
        gnutls_free(ca_list);
    }
    return ret;
}
Пример #2
0
int
stbbr_last_received(char *stanza)
{
    return verify_last(stanza);
}