int main( int argc, char *argv[] )
{
int ret = 0;
unsigned char buf[100000];
x509_crl crl;
int i;
char *p, *q;
/*
* Set to sane values
*/
x509_crl_init( &crl );
if( argc == 0 )
{
usage:
polarssl_printf( USAGE );
goto exit;
}
opt.filename = DFL_FILENAME;
for( i = 1; i < argc; i++ )
{
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
goto usage;
*q++ = '\0';
if( strcmp( p, "filename" ) == 0 )
opt.filename = q;
else
goto usage;
}
/*
* 1.1. Load the CRL
*/
polarssl_printf( "\n . Loading the CRL ..." );
fflush( stdout );
ret = x509_crl_parse_file( &crl, opt.filename );
if( ret != 0 )
{
polarssl_printf( " failed\n ! x509_crl_parse_file returned %d\n\n", ret );
x509_crl_free( &crl );
goto exit;
}
polarssl_printf( " ok\n" );
/*
* 1.2 Print the CRL
*/
polarssl_printf( " . CRL information ...\n" );
ret = x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
if( ret == -1 )
{
polarssl_printf( " failed\n ! x509_crl_info returned %d\n\n", ret );
x509_crl_free( &crl );
goto exit;
}
polarssl_printf( "%s\n", buf );
exit:
x509_crl_free( &crl );
#if defined(_WIN32)
polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout );
getchar();
#endif
return( ret );
}
int main( int argc, char *argv[] )
{
int ret, i;
x509_crt cacert;
x509_crl crl;
char buf[10240];
((void) argc);
((void) argv);
x509_crt_init( &cacert );
x509_crl_init( &crl );
/*
* 1.1. Load the trusted CA
*/
printf( "\n . Loading the CA root certificate ..." );
fflush( stdout );
/*
* Alternatively, you may load the CA certificates from a .pem or
* .crt file by calling x509_crt_parse_file( &cacert, "myca.crt" ).
*/
ret = x509_crt_parse_file( &cacert, "ssl/test-ca/test-ca.crt" );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse_file returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
x509_crt_info( buf, 1024, "CRT: ", &cacert );
printf("%s\n", buf );
/*
* 1.2. Load the CRL
*/
printf( " . Loading the CRL ..." );
fflush( stdout );
ret = x509_crl_parse_file( &crl, "ssl/test-ca/crl.pem" );
if( ret != 0 )
{
printf( " failed\n ! x509_crl_parse_file returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
x509_crl_info( buf, 1024, "CRL: ", &crl );
printf("%s\n", buf );
for( i = 0; i < MAX_CLIENT_CERTS; i++ )
{
/*
* 1.3. Load own certificate
*/
char name[512];
int flags;
x509_crt clicert;
pk_context pk;
x509_crt_init( &clicert );
pk_init( &pk );
snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]);
printf( " . Loading the client certificate %s...", name );
fflush( stdout );
ret = x509_crt_parse_file( &clicert, name );
if( ret != 0 )
{
printf( " failed\n ! x509_crt_parse_file returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 1.4. Verify certificate validity with CA certificate
*/
printf( " . Verify the client certificate with CA certificate..." );
fflush( stdout );
ret = x509_crt_verify( &clicert, &cacert, &crl, NULL, &flags, NULL,
NULL );
if( ret != 0 )
{
if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED )
{
if( flags & BADCERT_CN_MISMATCH )
printf( " CN_MISMATCH " );
if( flags & BADCERT_EXPIRED )
printf( " EXPIRED " );
if( flags & BADCERT_REVOKED )
printf( " REVOKED " );
if( flags & BADCERT_NOT_TRUSTED )
printf( " NOT_TRUSTED " );
if( flags & BADCRL_NOT_TRUSTED )
printf( " CRL_NOT_TRUSTED " );
if( flags & BADCRL_EXPIRED )
printf( " CRL_EXPIRED " );
} else {
printf( " failed\n ! x509_crt_verify returned %d\n\n", ret );
goto exit;
}
}
printf( " ok\n" );
/*
* 1.5. Load own private key
*/
snprintf(name, 512, "ssl/test-ca/%s", client_private_keys[i]);
printf( " . Loading the client private key %s...", name );
fflush( stdout );
ret = pk_parse_keyfile( &pk, name, NULL );
if( ret != 0 )
{
printf( " failed\n ! pk_parse_keyfile returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 1.6. Verify certificate validity with private key
*/
printf( " . Verify the client certificate with private key..." );
fflush( stdout );
/* EC NOT IMPLEMENTED YET */
if( ! pk_can_do( &clicert.pk, POLARSSL_PK_RSA ) )
{
printf( " failed\n ! certificate's key is not RSA\n\n" );
ret = POLARSSL_ERR_X509_FEATURE_UNAVAILABLE;
goto exit;
}
ret = mpi_cmp_mpi(&pk_rsa( pk )->N, &pk_rsa( clicert.pk )->N);
if( ret != 0 )
{
printf( " failed\n ! mpi_cmp_mpi for N returned %d\n\n", ret );
goto exit;
}
ret = mpi_cmp_mpi(&pk_rsa( pk )->E, &pk_rsa( clicert.pk )->E);
if( ret != 0 )
{
printf( " failed\n ! mpi_cmp_mpi for E returned %d\n\n", ret );
goto exit;
}
ret = rsa_check_privkey( pk_rsa( pk ) );
if( ret != 0 )
{
printf( " failed\n ! rsa_check_privkey returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" );
x509_crt_free( &clicert );
pk_free( &pk );
}
exit:
x509_crt_free( &cacert );
x509_crl_free( &crl );
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
