本文整理汇总了C++中sk_X509_push函数的典型用法代码示例。如果您正苦于以下问题:C++ sk_X509_push函数的具体用法?C++ sk_X509_push怎么用?C++ sk_X509_push使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sk_X509_push函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: ssl_cache_trusted_cert
/**
* ssl_cache_trusted_cert - Cache a trusted certificate
* @param c Certificate
* @retval >0 Number of elements in the cache
* @retval 0 Error
*/
static int ssl_cache_trusted_cert(X509 *c)
{
mutt_debug(LL_DEBUG1, "trusted\n");
if (!SslSessionCerts)
SslSessionCerts = sk_X509_new_null();
return sk_X509_push(SslSessionCerts, X509_dup(c));
}
示例2: STACK_OF
void pki_pkcs7::signBio(pki_x509 *crt, BIO *bio)
{
pki_key *privkey;
EVP_PKEY *pk;
STACK_OF(X509) *certstack;
if (!crt)
return;
privkey = crt->getRefKey();
if (!privkey)
throw errorEx("No private key for signing found", getClassName());
certstack = sk_X509_new_null();
pki_x509 *signer = crt->getSigner();
if (signer == crt)
signer = NULL;
while (signer != NULL ) {
sk_X509_push(certstack, signer->getCert());
openssl_error();
if (signer == signer->getSigner() )
signer = NULL;
else
signer = signer->getSigner();
}
if (p7)
PKCS7_free(p7);
pk = privkey->decryptKey();
p7 = PKCS7_sign(crt->getCert(), pk, certstack, bio, PKCS7_BINARY);
EVP_PKEY_free(pk);
openssl_error();
sk_X509_free(certstack);
}
示例3: xmlSecOpenSSLX509StoreAdoptCert
/**
* xmlSecOpenSSLX509StoreAdoptCert:
* @store: the pointer to X509 key data store klass.
* @cert: the pointer to OpenSSL X509 certificate.
* @type: the certificate type (trusted/untrusted).
*
* Adds trusted (root) or untrusted certificate to the store.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecOpenSSLX509StoreAdoptCert(xmlSecKeyDataStorePtr store, X509* cert, xmlSecKeyDataType type) {
xmlSecOpenSSLX509StoreCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
xmlSecAssert2(cert != NULL, -1);
ctx = xmlSecOpenSSLX509StoreGetCtx(store);
xmlSecAssert2(ctx != NULL, -1);
if((type & xmlSecKeyDataTypeTrusted) != 0) {
xmlSecAssert2(ctx->xst != NULL, -1);
ret = X509_STORE_add_cert(ctx->xst, cert);
if(ret != 1) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"X509_STORE_add_cert");
return(-1);
}
/* add cert increments the reference */
X509_free(cert);
} else {
xmlSecAssert2(ctx->untrusted != NULL, -1);
ret = sk_X509_push(ctx->untrusted, cert);
if(ret < 1) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"sk_X509_push");
return(-1);
}
}
return(0);
}
示例4: EVP_PKEY_new
TrustedObject::TrustedObject() {
// add keys
pub = EVP_PKEY_new();
priv = EVP_PKEY_new();
untrustPub = EVP_PKEY_new();
cryptsuite::loadRSAPublicKey(TRUSTED_PUB, &pub);
cryptsuite::loadRSAPrivateKey(TRUSTED_PRIV, &priv);
cryptsuite::loadRSAPublicKey(UNTRUSTED_PUB, &untrustPub);
// load trusted certificate
if ( ! cryptsuite::loadX509Cert(TRUSTED_CERT, &CA) ) {
fprintf(fpErr, "Error: Could not load CA cert\n");
}
// create X509 context
ctx = X509_STORE_CTX_new();
if (ctx == NULL) {
fprintf(fpErr, "Error: Failed to create certificate store\n");
}
// add trusted certificate to stack
STACK_OF(X509) *sk = sk_X509_new_null();
sk_X509_push(sk, CA);
if ( X509_STORE_CTX_init(ctx, NULL, NULL, NULL) != 1) {
fprintf(fpErr, "Error: Failed to init cert store\n");
}
X509_STORE_CTX_trusted_stack(ctx, sk);
}
示例5: PKCS7_add_certificate
int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
{
int i;
STACK_OF(X509) **sk;
i=OBJ_obj2nid(p7->type);
switch (i)
{
case NID_pkcs7_signed:
sk= &(p7->d.sign->cert);
break;
case NID_pkcs7_signedAndEnveloped:
sk= &(p7->d.signed_and_enveloped->cert);
break;
default:
PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
return(0);
}
if (*sk == NULL)
*sk=sk_X509_new_null();
CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
sk_X509_push(*sk,x509);
return(1);
}
示例6: ssl_cache_trusted_cert
static int ssl_cache_trusted_cert (X509 *c)
{
dprint (1, (debugfile, "trusted: %s\n", c->name));
if (!SslSessionCerts)
SslSessionCerts = sk_X509_new_null();
return (sk_X509_push (SslSessionCerts, X509_dup(c)));
}
示例7: STACK_OF
STACK_OF(X509) *TS_CONF_load_certs(const char *file)
{
BIO *certs = NULL;
STACK_OF(X509) *othercerts = NULL;
STACK_OF(X509_INFO) *allcerts = NULL;
int i;
if ((certs = BIO_new_file(file, "r")) == NULL)
goto end;
if ((othercerts = sk_X509_new_null()) == NULL)
goto end;
allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
for (i = 0; i < sk_X509_INFO_num(allcerts); i++) {
X509_INFO *xi = sk_X509_INFO_value(allcerts, i);
if (xi->x509) {
sk_X509_push(othercerts, xi->x509);
xi->x509 = NULL;
}
}
end:
if (othercerts == NULL)
TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);
sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
BIO_free(certs);
return othercerts;
}
示例8: openssl_pkcs7_sign
void openssl_pkcs7_sign()
{
int len;
BIO *in;
X509 *x;
FILE *fp;
PKCS7 *p7;
X509_ALGOR *md;
PKCS7_SIGNER_INFO *si;
char name[MAX1_LEN], tmp[MAX1_LEN];
unsigned char *der, *p, buf[SHA_DIGEST_LENGTH] = "pkcs7 sign";
p7 = PKCS7_new();
PKCS7_set_type(p7, NID_pkcs7_data);
ASN1_OCTET_STRING_set(p7->d.data, buf, SHA_DIGEST_LENGTH);
len = i2d_PKCS7(p7, NULL);
der = (unsigned char *)malloc(len);
p = der;
len = i2d_PKCS7(p7, &p);
fp = fopen("/tmp/test.cer", "wb");
fwrite(der, 1, len, fp);
fclose(fp);
free(der);
PKCS7_free(p7);
p7 = PKCS7_new();
PKCS7_set_type(p7, NID_pkcs7_signed);
p7->d.sign->cert = sk_X509_new_null();
in = BIO_new_file("/tmp/test.cer", "r");
x = PEM_read_bio_X509(in, NULL, NULL, NULL);
sk_X509_push(p7->d.sign->cert, x);
BIO_free(in);
md = X509_ALGOR_new();
md->algorithm = OBJ_nid2obj(NID_md5);
sk_X509_ALGOR_push(p7->d.sign->md_algs, md);
si = PKCS7_SIGNER_INFO_new();
ASN1_INTEGER_set(si->version, 2);
ASN1_INTEGER_set(si->issuer_and_serial->serial, 333);
sk_PKCS7_SIGNER_INFO_push(p7->d.sign->signer_info, si);
len = i2d_PKCS7(p7, NULL);
der = (unsigned char *)malloc(len);
p = der;
len = i2d_PKCS7(p7, &p);
fp = fopen("/tmp/test.cer", "wb");
fwrite(der, 1, len, fp);
fclose(fp);
free(der);
fp = fopen("/tmp/test.cer", "rb");
len = fread(tmp, 1, MAX1_LEN, fp);
fclose(fp);
p = (unsigned char *)&tmp;
d2i_PKCS7(&p7, (const unsigned char **)&p, len);
OBJ_obj2txt(name, MAX1_LEN, p7->type, 0);
PKCS7_free(p7);
}
示例9: STACK_OF
STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
{
STACK_OF(X509) *certs = NULL;
CMS_CertificateChoices *cch;
STACK_OF(CMS_CertificateChoices) **pcerts;
int i;
pcerts = cms_get0_certificate_choices(cms);
if (!pcerts)
return NULL;
for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
cch = sk_CMS_CertificateChoices_value(*pcerts, i);
if (cch->type == 0) {
if (!certs) {
certs = sk_X509_new_null();
if (!certs)
return NULL;
}
if (!sk_X509_push(certs, cch->d.certificate)) {
sk_X509_pop_free(certs, X509_free);
return NULL;
}
CRYPTO_add(&cch->d.certificate->references, 1, CRYPTO_LOCK_X509);
}
}
return certs;
}
示例10: PKCS7_add_certificate
int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
{
int i;
STACK_OF(X509) **sk;
i = OBJ_obj2nid(p7->type);
switch (i) {
case NID_pkcs7_signed:
sk = &(p7->d.sign->cert);
break;
case NID_pkcs7_signedAndEnveloped:
sk = &(p7->d.signed_and_enveloped->cert);
break;
default:
PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE);
return (0);
}
if (*sk == NULL)
*sk = sk_X509_new_null();
if (*sk == NULL) {
PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
return 0;
}
X509_up_ref(x509);
if (!sk_X509_push(*sk, x509)) {
X509_free(x509);
return 0;
}
return (1);
}
示例11: STACK_OF
STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
{
STACK_OF(X509) *signers = NULL;
STACK_OF(CMS_SignerInfo) *sinfos;
CMS_SignerInfo *si;
int i;
sinfos = CMS_get0_SignerInfos(cms);
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
{
si = sk_CMS_SignerInfo_value(sinfos, i);
if (si->signer)
{
if (!signers)
{
signers = sk_X509_new_null();
if (!signers)
return NULL;
}
if (!sk_X509_push(signers, si->signer))
{
sk_X509_free(signers);
return NULL;
}
}
}
return signers;
}
示例12: STACK_OF
STACK_OF(X509) *get_cert_store(int *ids){
STACK_OF(X509) *store = sk_X509_new(NULL);
while(ids && ((*ids) != -1)){
sk_X509_push(store, get_cert(*ids));
ids++;
}
return store;
}
示例13: OCSP_basic_add1_cert
int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
{
if (resp->certs == NULL
&& (resp->certs = sk_X509_new_null()) == NULL)
return 0;
if (!sk_X509_push(resp->certs, cert))
return 0;
X509_up_ref(cert);
return 1;
}
示例14: X509_STORE_CTX_new
// VerifyChain verifies the certificate chain in chain
// according to the verification options given as opts.
bool X509VerifierPrivate::VerifyChain(std::vector<X509Certificate> chain, const X509VerifierOptions &opts) {
bool status = false;
X509_STORE_CTX *ctx = X509_STORE_CTX_new();
STACK_OF(X509) *untrusted = sk_X509_new_null();
// Ensure that we have a chain to check on.
if (chain.empty()) {
goto out;
}
// If we've been passed a DNS name in opts,
// we should check whether the leaf certificate
// matches that before doing the more expensive
// checks.
if (!opts.dns_name.empty()) {
if (!X509HostnameVerifier::VerifyHostname(chain.at(0), opts.dns_name)) {
std::cerr << "X509VerifierPrivate - hostname verification failed" << std::endl;
goto out;
}
}
// Extract our chain into the format that OpenSSL
// expects for verification.
for (X509Certificate &cert : chain) {
X509 *cur = cert.dptr_->AsOpenSSLX509();
sk_X509_push(untrusted, cur);
}
// Set up the X509_STORE_CTX to verify according to opts.
X509_STORE_CTX_init(ctx, store_, sk_X509_value(untrusted, 0), untrusted);
// If a time is not specified in opts, use the current system time.
if (opts.time == 0) {
X509_STORE_CTX_set_time(ctx, 0, std::time(nullptr));
} else {
X509_STORE_CTX_set_time(ctx, 0, opts.time);
}
// If a dns_name is specified in opts, use the SSL server policy.
if (!opts.dns_name.empty()) {
X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SSL_SERVER);
X509_STORE_CTX_set_trust(ctx, X509_TRUST_SSL_SERVER);
}
if (X509_verify_cert(ctx) == 1) {
status = true;
} else {
std::cerr << "X509VerifierPrivate - verification error: " << X509_verify_cert_error_string(ctx->error) << std::endl;
}
out:
sk_X509_pop_free(untrusted, X509_free);
X509_STORE_CTX_free(ctx);
return status;
}
示例15: RTDECL
RTDECL(int) RTCrStoreConvertToOpenSslCertStack(RTCRSTORE hStore, uint32_t fFlags, void **ppvOpenSslStack)
{
PRTCRSTOREINT pThis = (PRTCRSTOREINT)hStore;
AssertPtrReturn(pThis, VERR_INVALID_HANDLE);
AssertReturn(pThis->u32Magic == RTCRSTOREINT_MAGIC, VERR_INVALID_HANDLE);
/*
* Use the pfnCertFindAll method to add all certificates to the store we're returning.
*/
int rc;
STACK_OF(X509) *pOsslStack = sk_X509_new_null();
if (pOsslStack)
{
RTCRSTORECERTSEARCH Search;
rc = pThis->pProvider->pfnCertFindAll(pThis->pvProvider, &Search);
if (RT_SUCCESS(rc))
{
do
{
PCRTCRCERTCTX pCertCtx = pThis->pProvider->pfnCertSearchNext(pThis->pvProvider, &Search);
if (!pCertCtx)
break;
if (pCertCtx->fFlags & RTCRCERTCTX_F_ENC_X509_DER)
{
X509 *pOsslCert = NULL;
const unsigned char *pabEncoded = (const unsigned char *)pCertCtx->pabEncoded;
if (d2i_X509(&pOsslCert, &pabEncoded, pCertCtx->cbEncoded) == pOsslCert)
{
if (!sk_X509_push(pOsslStack, pOsslCert))
{
rc = VERR_NO_MEMORY;
X509_free(pOsslCert);
}
}
}
RTCrCertCtxRelease(pCertCtx);
} while (RT_SUCCESS(rc));
pThis->pProvider->pfnCertSearchDestroy(pThis->pvProvider, &Search);
if (RT_SUCCESS(rc))
{
*ppvOpenSslStack = pOsslStack;
return VINF_SUCCESS;
}
}
sk_X509_pop_free(pOsslStack, X509_free);
}
else
rc = VERR_NO_MEMORY;
return rc;
}