本文整理汇总了C++中STACK_OF函数的典型用法代码示例。如果您正苦于以下问题:C++ STACK_OF函数的具体用法?C++ STACK_OF怎么用?C++ STACK_OF使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了STACK_OF函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ocsp_main
int ocsp_main(int argc, char **argv)
{
BIO *acbio = NULL, *cbio = NULL, *derbio = NULL, *out = NULL;
const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
CA_DB *rdb = NULL;
EVP_PKEY *key = NULL, *rkey = NULL;
OCSP_BASICRESP *bs = NULL;
OCSP_REQUEST *req = NULL;
OCSP_RESPONSE *resp = NULL;
STACK_OF(CONF_VALUE) *headers = NULL;
STACK_OF(OCSP_CERTID) *ids = NULL;
STACK_OF(OPENSSL_STRING) *reqnames = NULL;
STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
STACK_OF(X509) *issuers = NULL;
X509 *issuer = NULL, *cert = NULL, *rca_cert = NULL;
X509 *signer = NULL, *rsigner = NULL;
X509_STORE *store = NULL;
X509_VERIFY_PARAM *vpm = NULL;
char *CAfile = NULL, *CApath = NULL, *header, *value;
char *host = NULL, *port = NULL, *path = "/", *outfile = NULL;
char *rca_filename = NULL, *reqin = NULL, *respin = NULL;
char *reqout = NULL, *respout = NULL, *ridx_filename = NULL;
char *rsignfile = NULL, *rkeyfile = NULL;
char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
char *signfile = NULL, *keyfile = NULL;
char *thost = NULL, *tport = NULL, *tpath = NULL;
int noCAfile = 0, noCApath = 0;
int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1;
int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1;
int req_text = 0, resp_text = 0, req_timeout = -1, ret = 1;
long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
OPTION_CHOICE o;
char *prog;
reqnames = sk_OPENSSL_STRING_new_null();
if (!reqnames)
goto end;
ids = sk_OCSP_CERTID_new_null();
if (!ids)
goto end;
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
prog = opt_init(argc, argv, ocsp_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
ret = 0;
opt_help(ocsp_options);
goto end;
case OPT_OUTFILE:
outfile = opt_arg();
break;
case OPT_TIMEOUT:
req_timeout = atoi(opt_arg());
break;
case OPT_URL:
OPENSSL_free(thost);
OPENSSL_free(tport);
OPENSSL_free(tpath);
thost = tport = tpath = NULL;
if (!OCSP_parse_url(opt_arg(), &host, &port, &path, &use_ssl)) {
BIO_printf(bio_err, "%s Error parsing URL\n", prog);
goto end;
}
thost = host;
tport = port;
tpath = path;
break;
case OPT_HOST:
host = opt_arg();
break;
case OPT_PORT:
port = opt_arg();
break;
case OPT_IGNORE_ERR:
ignore_err = 1;
break;
case OPT_NOVERIFY:
noverify = 1;
break;
case OPT_NONCE:
add_nonce = 2;
break;
case OPT_NO_NONCE:
add_nonce = 0;
break;
case OPT_RESP_NO_CERTS:
rflags |= OCSP_NOCERTS;
break;
case OPT_RESP_KEY_ID:
rflags |= OCSP_RESPID_KEY;
break;
case OPT_NO_CERTS:
//.........这里部分代码省略.........
示例2: MAIN
int MAIN(int argc, char **argv)
{
int ret=1,i;
int verbose=0;
char **pp;
const char *p;
int badops=0;
SSL_CTX *ctx=NULL;
SSL *ssl=NULL;
char *ciphers=NULL;
SSL_METHOD *meth=NULL;
STACK_OF(SSL_CIPHER) *sk;
char buf[512];
BIO *STDout=NULL;
#if !defined(NO_SSL2) && !defined(NO_SSL3)
meth=SSLv23_server_method();
#elif !defined(NO_SSL3)
meth=SSLv3_server_method();
#elif !defined(NO_SSL2)
meth=SSLv2_server_method();
#endif
apps_startup();
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
}
#endif
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-v") == 0)
verbose=1;
#ifndef NO_SSL2
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
#ifndef NO_SSL3
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
#ifndef NO_TLS1
else if (strcmp(*argv,"-tls1") == 0)
meth=TLSv1_client_method();
#endif
else if ((strncmp(*argv,"-h",2) == 0) ||
(strcmp(*argv,"-?") == 0))
{
badops=1;
break;
}
else
{
ciphers= *argv;
}
argc--;
argv++;
}
if (badops)
{
for (pp=ciphers_usage; (*pp != NULL); pp++)
BIO_printf(bio_err,*pp);
goto end;
}
OpenSSL_add_ssl_algorithms();
ctx=SSL_CTX_new(meth);
if (ctx == NULL) goto err;
if (ciphers != NULL) {
if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
BIO_printf(bio_err, "Error in cipher list\n");
goto err;
}
}
ssl=SSL_new(ctx);
if (ssl == NULL) goto err;
if (!verbose)
{
for (i=0; ; i++)
{
p=SSL_get_cipher_list(ssl,i);
if (p == NULL) break;
if (i != 0) BIO_printf(STDout,":");
BIO_printf(STDout,"%s",p);
}
BIO_printf(STDout,"\n");
}
else
//.........这里部分代码省略.........
示例3: PKCS12err
if (pbe_ciph)
pbe_nid = -1;
if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass,
passlen, salt, saltlen, iter, p8))) {
PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
return NULL;
}
return bag;
}
/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *
PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
{
PKCS7 *p7;
if (!(p7 = PKCS7_new())) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
return NULL;
}
p7->type = OBJ_nid2obj(NID_pkcs7_data);
if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA,示例4: int_engine_configure
static int
int_engine_configure(char *name, char *value, const CONF *cnf)
{
int i;
int ret = 0;
long do_init = -1;
STACK_OF(CONF_VALUE) *ecmds;
CONF_VALUE *ecmd = NULL;
char *ctrlname, *ctrlvalue;
ENGINE *e = NULL;
int soft = 0;
name = skip_dot(name);
#ifdef ENGINE_CONF_DEBUG
fprintf(stderr, "Configuring engine %s\n", name);
#endif
/* Value is a section containing ENGINE commands */
ecmds = NCONF_get_section(cnf, value);
if (!ecmds) {
ENGINEerror(ENGINE_R_ENGINE_SECTION_ERROR);
return 0;
}
for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
ecmd = sk_CONF_VALUE_value(ecmds, i);
ctrlname = skip_dot(ecmd->name);
ctrlvalue = ecmd->value;
#ifdef ENGINE_CONF_DEBUG
fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n",
ctrlname, ctrlvalue);
#endif
/* First handle some special pseudo ctrls */
/* Override engine name to use */
if (!strcmp(ctrlname, "engine_id"))
name = ctrlvalue;
else if (!strcmp(ctrlname, "soft_load"))
soft = 1;
/* Load a dynamic ENGINE */
else if (!strcmp(ctrlname, "dynamic_path")) {
e = ENGINE_by_id("dynamic");
if (!e)
goto err;
if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
goto err;
if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
goto err;
if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
goto err;
}
/* ... add other pseudos here ... */
else {
/* At this point we need an ENGINE structural reference
* if we don't already have one.
*/
if (!e) {
e = ENGINE_by_id(name);
if (!e && soft) {
ERR_clear_error();
return 1;
}
if (!e)
goto err;
}
/* Allow "EMPTY" to mean no value: this allows a valid
* "value" to be passed to ctrls of type NO_INPUT
*/
if (!strcmp(ctrlvalue, "EMPTY"))
ctrlvalue = NULL;
if (!strcmp(ctrlname, "init")) {
if (!NCONF_get_number_e(cnf, value, "init",
&do_init))
goto err;
if (do_init == 1) {
if (!int_engine_init(e))
goto err;
} else if (do_init != 0) {
ENGINEerror(ENGINE_R_INVALID_INIT_VALUE);
goto err;
}
}
else if (!strcmp(ctrlname, "default_algorithms")) {
if (!ENGINE_set_default_string(e, ctrlvalue))
goto err;
} else if (!ENGINE_ctrl_cmd_string(e,
ctrlname, ctrlvalue, 0))
goto err;
}
}
if (e && (do_init == -1) && !int_engine_init(e)) {
ecmd = NULL;
goto err;
}
ret = 1;
err:
if (ret != 1) {
ENGINEerror(ENGINE_R_ENGINE_CONFIGURATION_ERROR);
//.........这里部分代码省略.........
示例5: pkcs12_add_bag
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* ([email protected]). This product includes software written by Tim
* Hudson ([email protected]).
*
*/
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/pkcs12.h>
static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
int keytype)
{
PKCS12 *p12 = NULL;
STACK_OF(PKCS7) *safes = NULL;
STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
PKCS12_SAFEBAG *bag = NULL;
int i;
unsigned char keyid[EVP_MAX_MD_SIZE];
unsigned int keyidlen = 0;
/* Set defaults */
if (!nid_cert)示例6: pkcs7_copy_existing_digest
* ([email protected]). This product includes software written by Tim
* Hudson ([email protected]).
*
*/
/* Simple PKCS#7 processing functions */
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/x509.h>
#include <openssl/x509v3.h>
static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
PKCS7 *
PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
int flags)
{
PKCS7 *p7;
int i;
if (!(p7 = PKCS7_new())) {
PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!PKCS7_set_type(p7, NID_pkcs7_signed))
goto err;
if (!PKCS7_content_new(p7, NID_pkcs7_data))
goto err;示例7: main
int main(int argc, char **argv)
{
char *opt_input = NULL,
*opt_output = NULL,
*opt_key = NULL,
*opt_engine = NULL,
*opt_password = NULL;
int long_optind = 0, ret = 1;
int encrypt = 0, decrypt = 0, verbose = 0, quiet = 0;
STACK_OF(X509) *crts = sk_X509_new_null();
X509 *x509 = NULL;
EVP_PKEY *key = NULL;
BIO *in = NULL, *out = NULL, *err = NULL;
ENGINE *engine = NULL;
init_crypto();
while (1) {
char c = getopt_long(argc, argv, "deE:hi:k:o:p:qr:v",
options, &long_optind);
if (c == -1)
break;
switch (c) {
case 'd':
decrypt = 1;
break;
case 'E':
opt_engine = optarg;
break;
case 'e':
encrypt = 1;
break;
case 'i':
opt_input = optarg;
break;
case 'k':
opt_key = optarg;
break;
case 'o':
opt_output = optarg;
break;
case 'p':
opt_password = optarg;
break;
case 'q':
quiet = 1;
break;
case 'r':
x509 = load_x509(NULL, optarg);
if(x509) {
sk_X509_push(crts, x509);
} else {
fprintf(stderr, "Error loading certificate '%s'\n", optarg);
goto end;
}
break;
case 'v':
verbose += 1;
break;
case 'h':
default:
print_usage_and_die(app_name, options, option_help);
}
}
if(encrypt == 0 && decrypt == 0) {
fprintf(stderr, "You must specify either --encrypt/-e or --decrypt/-d\n");
goto end;
}
err = BIO_new_fp(stderr, BIO_NOCLOSE);
if(err == NULL) {
fprintf(stderr, "Error allocating error stream\n");
}
if(opt_engine) {
engine = load_engine(err, opt_engine, verbose);
}
if(opt_key) {
if((key = load_key(NULL, opt_key, engine)) == NULL) {
fprintf(stderr, "Error loading key '%s'\n", opt_key);
goto end;
}
}
if(opt_input) {
in = BIO_new_file(opt_input, "rb");
} else {
in = BIO_new_fp(stdin, BIO_NOCLOSE);
}
if(opt_output) {
out = BIO_new_file(opt_output, "wb");
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
if(encrypt) {
if(opt_password == NULL && sk_X509_num(crts) == 0) {
//.........这里部分代码省略.........
示例8: MAIN
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
X509_REQ *req=NULL;
X509 *x=NULL,*xca=NULL;
ASN1_OBJECT *objtmp;
EVP_PKEY *Upkey=NULL,*CApkey=NULL;
ASN1_INTEGER *sno = NULL;
int i,num,badops=0;
BIO *out=NULL;
BIO *STDout=NULL;
STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
int informat,outformat,keyformat,CAformat,CAkeyformat;
char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
char *CAkeyfile=NULL,*CAserial=NULL;
char *alias=NULL;
int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
int next_serial=0;
int subject_hash=0,issuer_hash=0,ocspid=0;
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
int ocsp_uri=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
int C=0;
int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
int pprint = 0;
const char **pp;
X509_STORE *ctx=NULL;
X509_REQ *rq=NULL;
int fingerprint=0;
char buf[256];
const EVP_MD *md_alg,*digest=EVP_sha1();
CONF *extconf = NULL;
char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
int need_rand = 0;
int checkend=0,checkoffset=0;
unsigned long nmflag = 0, certflag = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
reqfile=0;
apps_startup();
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
STDout = BIO_push(tmpbio, STDout);
}
#endif
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
keyformat=FORMAT_PEM;
CAformat=FORMAT_PEM;
CAkeyformat=FORMAT_PEM;
ctx=X509_STORE_new();
if (ctx == NULL) goto end;
X509_STORE_set_verify_cb_func(ctx,callb);
argc--;
argv++;
num=0;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-keyform") == 0)
{
if (--argc < 1) goto bad;
keyformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-req") == 0)
{
reqfile=1;
need_rand = 1;
}
else if (strcmp(*argv,"-CAform") == 0)
{
if (--argc < 1) goto bad;
CAformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-CAkeyform") == 0)
{
//.........这里部分代码省略.........
示例9: MAIN
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char *infile = NULL, *outfile = NULL, *keyname = NULL;
char *certfile = NULL;
BIO *in = NULL, *out = NULL;
char **args;
char *name = NULL;
char *csp_name = NULL;
int add_lmk = 0;
PKCS12 *p12 = NULL;
char pass[50], macpass[50];
int export_cert = 0;
int options = 0;
int chain = 0;
int badarg = 0;
int iter = PKCS12_DEFAULT_ITER;
int maciter = PKCS12_DEFAULT_ITER;
int twopass = 0;
int keytype = 0;
int cert_pbe;
int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
int ret = 1;
int macver = 1;
int noprompt = 0;
STACK_OF(OPENSSL_STRING) *canames = NULL;
char *cpass = NULL, *mpass = NULL;
char *passargin = NULL, *passargout = NULL, *passarg = NULL;
char *passin = NULL, *passout = NULL;
char *inrand = NULL;
char *macalg = NULL;
char *CApath = NULL, *CAfile = NULL;
char *engine = NULL;
apps_startup();
enc = EVP_des_ede3_cbc();
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
# ifdef OPENSSL_FIPS
if (FIPS_mode())
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else
# endif
cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
args = argv + 1;
while (*args) {
if (*args[0] == '-') {
if (!strcmp(*args, "-nokeys"))
options |= NOKEYS;
else if (!strcmp(*args, "-keyex"))
keytype = KEY_EX;
else if (!strcmp(*args, "-keysig"))
keytype = KEY_SIG;
else if (!strcmp(*args, "-nocerts"))
options |= NOCERTS;
else if (!strcmp(*args, "-clcerts"))
options |= CLCERTS;
else if (!strcmp(*args, "-cacerts"))
options |= CACERTS;
else if (!strcmp(*args, "-noout"))
options |= (NOKEYS | NOCERTS);
else if (!strcmp(*args, "-info"))
options |= INFO;
else if (!strcmp(*args, "-chain"))
chain = 1;
else if (!strcmp(*args, "-twopass"))
twopass = 1;
else if (!strcmp(*args, "-nomacver"))
macver = 0;
else if (!strcmp(*args, "-descert"))
cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
else if (!strcmp(*args, "-export"))
export_cert = 1;
else if (!strcmp(*args, "-des"))
enc = EVP_des_cbc();
else if (!strcmp(*args, "-des3"))
enc = EVP_des_ede3_cbc();
# ifndef OPENSSL_NO_IDEA
else if (!strcmp(*args, "-idea"))
enc = EVP_idea_cbc();
# endif
# ifndef OPENSSL_NO_SEED
else if (!strcmp(*args, "-seed"))
enc = EVP_seed_cbc();
# endif
# ifndef OPENSSL_NO_AES
else if (!strcmp(*args, "-aes128"))
enc = EVP_aes_128_cbc();
else if (!strcmp(*args, "-aes192"))
enc = EVP_aes_192_cbc();
else if (!strcmp(*args, "-aes256"))
enc = EVP_aes_256_cbc();
# endif
//.........这里部分代码省略.........
示例10: ts_verify_cert
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/ts.h>
#include <openssl/pkcs7.h>
#include "ts_lcl.h"
static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
X509 *signer, STACK_OF(X509) **chain);
static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
STACK_OF(X509) *chain);
static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si);
static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert);
static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
PKCS7 *token, TS_TST_INFO *tst_info);
static int ts_check_status_info(TS_RESP *response);
static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
static int ts_check_policy(const ASN1_OBJECT *req_oid,
const TS_TST_INFO *tst_info);
static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
X509_ALGOR **md_alg,
unsigned char **imprint, unsigned *imprint_len);示例11: get_cert_chain
# include <openssl/err.h>
# include <openssl/pem.h>
# include <openssl/pkcs12.h>
# define PROG pkcs12_main
const EVP_CIPHER *enc;
# define NOKEYS 0x1
# define NOCERTS 0x2
# define INFO 0x4
# define CLCERTS 0x8
# define CACERTS 0x10
static int get_cert_chain(X509 *cert, X509_STORE *store,
STACK_OF(X509) **chain);
int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
int options, char *pempass);
int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
char *pass, int passlen, int options,
char *pempass);
int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
int passlen, int options, char *pempass);
int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name);
void hex_prin(BIO *out, unsigned char *buf, int len);
int alg_print(BIO *x, X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
static int set_pbe(BIO *err, int *ppbe, const char *str);
int MAIN(int, char **);示例12: main
int main(int argc, char **argv)
{
FILE *fp;
EVP_PKEY *pkey = NULL;
X509 *cert = NULL;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12 = NULL;
char *name = NULL;
int i, ret = EXIT_FAILURE;
if (argc != 4) {
fprintf(stderr, "Usage: pkread p12file password opfile\n");
exit(EXIT_FAILURE);
}
if ((fp = fopen(argv[1], "rb")) == NULL) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
exit(EXIT_FAILURE);
}
p12 = d2i_PKCS12_fp(fp, NULL);
fclose(fp);
if (p12 == NULL) {
fprintf(stderr, "Error reading PKCS#12 file\n");
ERR_print_errors_fp(stderr);
goto err;
}
if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
fprintf(stderr, "Error parsing PKCS#12 file\n");
ERR_print_errors_fp(stderr);
goto err;
}
name = find_friendly_name(p12);
PKCS12_free(p12);
if ((fp = fopen(argv[3], "w")) == NULL) {
fprintf(stderr, "Error opening file %s\n", argv[1]);
goto err;
}
if (name != NULL)
fprintf(fp, "***Friendly Name***\n%s\n", name);
if (pkey != NULL) {
fprintf(fp, "***Private Key***\n");
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
}
if (cert != NULL) {
fprintf(fp, "***User Certificate***\n");
PEM_write_X509_AUX(fp, cert);
}
if (ca != NULL && sk_X509_num(ca) > 0) {
fprintf(fp, "***Other Certificates***\n");
for (i = 0; i < sk_X509_num(ca); i++)
PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
}
fclose(fp);
ret = EXIT_SUCCESS;
err:
OPENSSL_free(name);
X509_free(cert);
EVP_PKEY_free(pkey);
sk_X509_pop_free(ca, X509_free);
return ret;
}示例13: ocsp_find_signer
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* ([email protected]). This product includes software written by Tim
* Hudson ([email protected]).
*
*/
#include <openssl/ocsp.h>
#include <openssl/err.h>
#include <string.h>
static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags);
static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp);
static int ocsp_check_delegated(X509 *x, int flags);
static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags);
/* Verify a basic response message */
int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
X509_STORE *st, unsigned long flags)
{
X509 *signer, *x;示例14: ssl_check_subject_altname
int
ssl_check_subject_altname(X509 *cert, char *host)
{
STACK_OF(GENERAL_NAME) *altname_stack = NULL;
union { struct in_addr ip4; struct in6_addr ip6; } addrbuf;
int addrlen, type;
int count, i;
int rv = -1;
altname_stack =
X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (altname_stack == NULL)
return -1;
if (inet_pton(AF_INET, host, &addrbuf) == 1) {
type = GEN_IPADD;
addrlen = 4;
} else if (inet_pton(AF_INET6, host, &addrbuf) == 1) {
type = GEN_IPADD;
addrlen = 16;
} else
type = GEN_DNS;
count = sk_GENERAL_NAME_num(altname_stack);
for (i = 0; i < count; i++) {
GENERAL_NAME *altname;
altname = sk_GENERAL_NAME_value(altname_stack, i);
if (altname->type != type)
continue;
if (type == GEN_DNS) {
unsigned char *data;
int format;
format = ASN1_STRING_type(altname->d.dNSName);
if (format == V_ASN1_IA5STRING) {
data = ASN1_STRING_data(altname->d.dNSName);
if (ASN1_STRING_length(altname->d.dNSName) !=
(int)strlen(data)) {
fprintf(ttyout, "%s: NUL byte in "
"subjectAltName, probably a "
"malicious certificate.\n",
getprogname());
rv = -2;
break;
}
if (ssl_match_hostname(data, host) == 0) {
rv = 0;
break;
}
} else
fprintf(ttyout, "%s: unhandled subjectAltName "
"dNSName encoding (%d)\n", getprogname(),
format);
} else if (type == GEN_IPADD) {
unsigned char *data;
int datalen;
datalen = ASN1_STRING_length(altname->d.iPAddress);
data = ASN1_STRING_data(altname->d.iPAddress);
if (datalen == addrlen &&
memcmp(data, &addrbuf, addrlen) == 0) {
rv = 0;
break;
}
}
}
sk_GENERAL_NAME_free(altname_stack);
return rv;
}示例15: STACK_OF
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/conf.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include "ext_dat.h"
static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
AUTHORITY_KEYID *akeyid,
STACK_OF(CONF_VALUE)
*extlist);
static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *values);
const X509V3_EXT_METHOD v3_akey_id = {
NID_authority_key_identifier,
X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
0, 0, 0, 0,
0, 0,
(X509V3_EXT_I2V) i2v_AUTHORITY_KEYID,
(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
0, 0,
NULL
};