int crypto_verify_chain(crypto_ctx *ctx,
const char *ca_file,
const char *ca_dir,
crypto_error **error)
{
int err, i, ret = 1, start = 0;
gnutls_x509_crt_t *ca_list = NULL;
size_t ca_list_size = 0;
if (!ctx)
return 1;
if (ctx->num == 0)
return 0;
if (ca_file) {
ca_list = load_ca_list_file(ca_file, &ca_list_size, error);
if (!ca_list)
return 1;
} else if (ca_dir) {
/* FIXME: Try to load all files in the directory I guess... */
crypto_error_set(error, 1, 0, "ca_dir not yet supported");
return 1;
}
/* If the server cert is self-signed, ignore it in the issuers check */
err = gnutls_x509_crt_check_issuer(ctx->stack[0], ctx->stack[0]);
if (err > 0)
start++;
/* Check each certificate against its issuer */
for (i = start; i < ctx->num - 1; i++) {
if (verify_issuer(ctx->stack[i], ctx->stack[i + 1], error))
goto out;
}
/* Verify the last certificate */
if (verify_last(ctx->stack[ctx->num - 1], ca_list, ca_list_size, error))
goto out;
ret = 0;
out:
if (ca_list) {
for (i = 0; i < (int) ca_list_size; i++)
gnutls_x509_crt_deinit(ca_list[i]);
gnutls_free(ca_list);
}
return ret;
}
int
stbbr_last_received(char *stanza)
{
return verify_last(stanza);
}