|
OpenSSL VPN Serveurs de messagerie |
OpenSSL/Check-self-signedTest si un certificat est autosigné #include <stdio.h> #include <tchar.h> #include <string.h> #include <openssl/bio.h> #include <openssl/asn1.h> #include <openssl/err.h> #include <openssl/bn.h> #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/objects.h> #include <openssl/pem.h> #include <openssl/rsa.h> BIO *bio_out; static int vflags = 0; static STACK_OF(X509) *load_stack(char *certfile) { STACK_OF(X509_INFO) *sk=NULL; STACK_OF(X509) *stack=NULL, *ret=NULL; BIO *in=NULL; X509_INFO *xi; if(!(stack = sk_X509_new_null())) { BIO_printf(bio_out,"memory allocation failure\n"); goto end; } if(!(in=BIO_new_file(certfile, "r"))) { BIO_printf(bio_out,"error opening the file, %s\n",certfile); goto end; } /* This loads from a file, a stack of x509/crl/pkey sets */ if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) { BIO_printf(bio_out,"error reading the file, %s\n",certfile); goto end; } /* scan over it and pull out the certs */ while (sk_X509_INFO_num(sk)) { xi=sk_X509_INFO_shift(sk); if (xi->x509 != NULL) { sk_X509_push(stack,xi->x509); xi->x509=NULL; } X509_INFO_free(xi); } if(!sk_X509_num(stack)) { BIO_printf(bio_out,"no certificates in file, %s\n",certfile); sk_X509_free(stack); goto end; } ret=stack; end: BIO_free(in); sk_X509_INFO_free(sk); return(ret); } static int verify_cb(int ok, X509_STORE_CTX *ctx) { char buf[256]; if (!ok){ if (ctx->error_depth >0) return(1); if (ctx->current_cert){ X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,sizeof buf); BIO_printf(bio_out,"%s\n",buf); } BIO_printf(bio_out,"error %d at %d depth lookup:%s\n",ctx->error,ctx->error_depth,X509_verify_cert_error_string(ctx->error)); } return(ok); } X509* load_cert_file(char *cert) { X509 *x=NULL; int ret=1; BIO *in=NULL; in=BIO_new(BIO_s_file()); if(BIO_read_filename(in,cert)<=0){ printf("%s@%i Error opening %s\n",__FILE__,__LINE__,cert); goto end; } x=PEM_read_bio_X509(in,NULL,0,NULL); if (x == NULL){ printf("%s@%i unable to open certificate\n",__FILE__,__LINE__); goto end; } end: BIO_free(in); return(x); } int main(int argc, char* argv[]) { BIO *bio_crt=NULL,*bio_key=NULL; //char crtfile[]="cert1.crt"; //char crtfile[]="cert2.crt"; char crtfile[]="cert3.crt"; X509_STORE *ctx=NULL; X509_STORE_CTX *csc; X509 *x=NULL; STACK_OF(X509) *trusted=NULL; int i; OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); x=load_cert_file(crtfile); if(x==NULL){ goto end; } ctx=X509_STORE_new(); if (ctx == NULL){ goto end; } //X509_STORE_set_verify_cb_func(ctx,verify_cb); csc = X509_STORE_CTX_new(); if (csc == NULL){ ERR_print_errors(bio_out); goto end; } X509_STORE_set_flags(ctx, 0); if(!X509_STORE_CTX_init(csc,ctx,x,NULL)){ ERR_print_errors(bio_out); goto end; } trusted = load_stack(crtfile); X509_STORE_CTX_trusted_stack(csc, trusted); i=X509_verify_cert(csc); if(i<0){ ERR_print_errors(bio_out); }else if (i){ BIO_printf(bio_out,"%s is self signed\n",crtfile); }else{ BIO_printf(bio_out,"%s is not self signed\n",crtfile); } X509_STORE_CTX_free(csc); end: sk_X509_pop_free(trusted, X509_free); if (ctx != NULL) X509_STORE_free(ctx); X509_free(x); return 0; } |