本文整理汇总了C++中sk_X509_value函数的典型用法代码示例。如果您正苦于以下问题:C++ sk_X509_value函数的具体用法?C++ sk_X509_value怎么用?C++ sk_X509_value使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sk_X509_value函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: describeCertificates
void describeCertificates(SSL* ssl, bool isServer)
{
// Resumed sessions don't necessarily have chains (not included in session ticket)
X509 *cert = SSL_get_peer_certificate(ssl);
if (cert == NULL) {
fprintf(stderr,"No peer certificates.\n");
} else {
fprintf(stderr,"Peer certificates:\n");
describeCertificate(0, cert);
X509_free(cert);
STACK_OF(X509) *certs = SSL_get_peer_cert_chain(ssl); // We don't have to free this apparently
// Cached sessions may not have a chain
if (certs != NULL) {
// On server, chain doesn't include client certificate
if (isServer) {
for (int i = 0; i < sk_X509_num(certs); i++) {
describeCertificate(i+1, sk_X509_value(certs,i));
}
} else {
for (int i = 1; i < sk_X509_num(certs); i++) {
describeCertificate(i, sk_X509_value(certs,i));
}
}
}
long verify_result = SSL_get_verify_result(ssl);
if (verify_result == X509_V_OK) {
fprintf(stderr,"Certificate OK\n");
} else {
// See 'man verify(1SSL)' for meanings of the codes
fprintf(stderr,"Verification error %ld\n", verify_result);
ERR_print_errors_fp(stderr);
}
}
}示例2: openssl_ocsp_request_parse
static int openssl_ocsp_request_parse(lua_State*L)
{
OCSP_REQUEST *req = CHECK_OBJECT(1, OCSP_REQUEST, "openssl.ocsp_request");
int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2);
OCSP_REQINFO *inf = req->tbsRequest;
OCSP_SIGNATURE *sig = req->optionalSignature;
BIO* bio = BIO_new(BIO_s_mem());
int i, num;
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(inf->version), integer);
if (inf->requestorName)
{
opensl_push_general_name(L, inf->requestorName, utf8);
lua_setfield(L, -2, "requestorName");
}
num = sk_OCSP_ONEREQ_num(inf->requestList);
lua_newtable(L);
for (i = 0; i < num; i++)
{
OCSP_ONEREQ *one = sk_OCSP_ONEREQ_value(inf->requestList, i);
OCSP_CERTID *a = one->reqCert;
lua_newtable(L);
{
openssl_push_x509_algor(L, a->hashAlgorithm);
lua_setfield(L, -2, "hashAlgorithm");
PUSH_ASN1_OCTET_STRING(L, a->issuerNameHash);
lua_setfield(L, -2, "issuerNameHash");
PUSH_ASN1_OCTET_STRING(L, a->issuerKeyHash);
lua_setfield(L, -2, "issuerKeyHash");
PUSH_ASN1_INTEGER(L, a->serialNumber);
lua_setfield(L, -2, "serialNumber");
}
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "requestList");
if (inf->requestExtensions){
STACK_OF(X509_EXTENSION) *extensions = sk_X509_EXTENSION_dup(inf->requestExtensions);
PUSH_OBJECT(extensions,"openssl.stack_of_x509_extension");
lua_setfield(L,-2, "extensions");
}
if (sig)
{
BIO_reset(bio);
X509_signature_print(bio, sig->signatureAlgorithm, sig->signature);
for (i = 0; i < sk_X509_num(sig->certs); i++)
{
X509_print(bio, sk_X509_value(sig->certs, i));
PEM_write_bio_X509(bio, sk_X509_value(sig->certs, i));
}
}
BIO_free(bio);
return 1;
}示例3: dtls1_output_cert_chain
unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
{
unsigned char *p;
int i;
unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
BUF_MEM *buf;
/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf=s->init_buf;
if (!BUF_MEM_grow_clean(buf,10))
{
SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
if (x != NULL)
{
X509_STORE_CTX xs_ctx;
if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
{
SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
return(0);
}
X509_verify_cert(&xs_ctx);
/* Don't leave errors in the queue */
ERR_clear_error();
for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
{
x = sk_X509_value(xs_ctx.chain, i);
if (!dtls1_add_cert_to_buf(buf, &l, x))
{
X509_STORE_CTX_cleanup(&xs_ctx);
return 0;
}
}
X509_STORE_CTX_cleanup(&xs_ctx);
}
/* Thawte special :-) */
for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
{
x=sk_X509_value(s->ctx->extra_certs,i);
if (!dtls1_add_cert_to_buf(buf, &l, x))
return 0;
}
l-= (3 + DTLS1_HM_HEADER_LENGTH);
p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
l2n3(l,p);
l+=3;
p=(unsigned char *)&(buf->data[0]);
p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
l+=DTLS1_HM_HEADER_LENGTH;
return(l);
}示例4: cert_check_local
NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
X509_OBJECT obj;
#if OPENSSL_VERSION_NUMBER>=0x10000000L
STACK_OF(X509) *sk;
int i;
sk=X509_STORE_get1_certs(callback_ctx, X509_get_subject_name(cert));
if(sk) {
for(i=0; i<sk_X509_num(sk); i++)
if(compare_pubkeys(cert, sk_X509_value(sk, i))) {
sk_X509_pop_free(sk, X509_free);
return 1; /* accept */
}
sk_X509_pop_free(sk, X509_free);
}
#endif
/* pre-1.0.0 API only returns a single matching certificate */
if(X509_STORE_get_by_subject(callback_ctx, X509_LU_X509,
X509_get_subject_name(cert), &obj)==1 &&
compare_pubkeys(cert, obj.data.x509))
return 1; /* accept */
s_log(LOG_WARNING,
"CERT: Certificate not found in local repository");
X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CERT_REJECTED);
return 0; /* reject */
}示例5: verify_cred
int verify_cred(
gss_cred_id_t credential)
{
gss_cred_id_desc * cred_handle;
X509 * cert;
X509 * previous_cert;
int cert_count;
cert_count = 1;
cred_handle = (gss_cred_id_desc *) credential;
if(cred_handle->pcd->cert_chain)
{
cert_count += sk_X509_num(cred_handle->pcd->cert_chain);
}
cert = cred_handle->pcd->ucert;
previous_cert=NULL;
cert_count--;
do
{
if(previous_cert != NULL)
{
if(!X509_verify(previous_cert,X509_get_pubkey(cert)))
{
return 0;
}
}
previous_cert = cert;
} while(cert_count-- &&
(cert = sk_X509_value(cred_handle->pcd->cert_chain,cert_count)));
return 1;
}示例6: meth_getpeerchain
/**
* Return the chain of certificate of the peer.
*/
static int meth_getpeerchain(lua_State *L)
{
int i;
int idx = 1;
int n_certs;
X509 *cert;
STACK_OF(X509) *certs;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 2;
}
lua_newtable(L);
if (ssl->ssl->server) {
lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
lua_rawseti(L, -2, idx++);
}
certs = SSL_get_peer_cert_chain(ssl->ssl);
n_certs = sk_X509_num(certs);
for (i = 0; i < n_certs; i++) {
cert = sk_X509_value(certs, i);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
lsec_pushx509(L, cert);
lua_rawseti(L, -2, idx++);
}
return 1;
}示例7: sslctxfun
static CURLcode sslctxfun( CURL * curl, void * sslctx, void * parm ) {
sslctxparm * p = (sslctxparm *) parm;
SSL_CTX * ctx = (SSL_CTX *) sslctx ;
if ( !SSL_CTX_use_certificate( ctx,p->usercert ) ) {
BIO_printf( p->errorbio, "SSL_CTX_use_certificate problem\n" ); goto err;
}
if ( !SSL_CTX_use_PrivateKey( ctx,p->pkey ) ) {
BIO_printf( p->errorbio, "SSL_CTX_use_PrivateKey\n" ); goto err;
}
if ( !SSL_CTX_check_private_key( ctx ) ) {
BIO_printf( p->errorbio, "SSL_CTX_check_private_key\n" ); goto err;
}
SSL_CTX_set_quiet_shutdown( ctx,1 );
SSL_CTX_set_cipher_list( ctx,"RC4-MD5" );
SSL_CTX_set_mode( ctx, SSL_MODE_AUTO_RETRY );
X509_STORE_add_cert( ctx->cert_store,sk_X509_value( p->ca,sk_X509_num( p->ca ) - 1 ) );
SSL_CTX_set_verify_depth( ctx,2 );
SSL_CTX_set_verify( ctx,SSL_VERIFY_PEER,NULL );
SSL_CTX_set_cert_verify_callback( ctx, ssl_app_verify_callback, parm );
return CURLE_OK ;
err:
ERR_print_errors( p->errorbio );
return CURLE_SSL_CERTPROBLEM;
}示例8: get_cert_chain_information
json::value get_cert_chain_information(boost::asio::ssl::verify_context &verifyCtx)
{
X509_STORE_CTX *storeContext = verifyCtx.native_handle();
STACK_OF(X509) *certStack = X509_STORE_CTX_get_chain(storeContext);
const int numCerts = sk_X509_num(certStack);
if (numCerts < 0)
{
return {};
}
json::value certChainInformation;
for (int index = 0; index < numCerts; ++index)
{
X509 *cert = sk_X509_value(certStack, index);
json::value certInformation;
certInformation[U("Issuer")] = json::value::string(get_issuer_from_cert(cert));
certInformation[U("Subject")] = json::value::string(get_subject_from_cert(cert));
certInformation[U("FingerPrint")] = json::value::string(get_fingerprint_from_cert(cert));
utility::stringstream_t countInfo;
countInfo << "Certificate: " << index;
certChainInformation[countInfo.str()] = certInformation;
}
return certChainInformation;
}示例9: MERROR
bool ssl_options_t::has_fingerprint(boost::asio::ssl::verify_context &ctx) const
{
// can we check the certificate against a list of fingerprints?
if (!fingerprints_.empty()) {
X509_STORE_CTX *sctx = ctx.native_handle();
if (!sctx)
{
MERROR("Error getting verify_context handle");
return false;
}
X509* cert = nullptr;
const STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(sctx);
if (!chain || sk_X509_num(chain) < 1 || !(cert = sk_X509_value(chain, 0)))
{
MERROR("No certificate found in verify_context");
return false;
}
// buffer for the certificate digest and the size of the result
std::vector<uint8_t> digest(EVP_MAX_MD_SIZE);
unsigned int size{ 0 };
// create the digest from the certificate
if (!X509_digest(cert, EVP_sha256(), digest.data(), &size)) {
MERROR("Failed to create certificate fingerprint");
return false;
}
// strip unnecessary bytes from the digest
digest.resize(size);
return std::binary_search(fingerprints_.begin(), fingerprints_.end(), digest);
}示例10: util_verify
// Verify the signed block, the first 32 bytes of the data must be the certificate hash to work.
int __fastcall util_verify(char* signature, int signlen, struct util_cert* cert, char** data)
{
unsigned int size, r;
BIO *out = NULL;
PKCS7 *message = NULL;
char* data2 = NULL;
char hash[UTIL_HASHSIZE];
STACK_OF(X509) *st = NULL;
cert->x509 = NULL;
cert->pkey = NULL;
*data = NULL;
message = d2i_PKCS7(NULL, (const unsigned char**)&signature, signlen);
if (message == NULL) goto error;
out = BIO_new(BIO_s_mem());
// Lets rebuild the original message and check the size
size = i2d_PKCS7(message, NULL);
if (size < (unsigned int)signlen) goto error;
// Check the PKCS7 signature, but not the certificate chain.
r = PKCS7_verify(message, NULL, NULL, NULL, out, PKCS7_NOVERIFY);
if (r == 0) goto error;
// If data block contains less than 32 bytes, fail.
size = BIO_get_mem_data(out, &data2);
if (size <= UTIL_HASHSIZE) goto error;
// Copy the data block
*data = (char*)malloc(size + 1);
if (*data == NULL) goto error;
memcpy(*data, data2, size);
(*data)[size] = 0;
// Get the certificate signer
st = PKCS7_get0_signers(message, NULL, PKCS7_NOVERIFY);
cert->x509 = X509_dup(sk_X509_value(st, 0));
sk_X509_free(st);
// Get a full certificate hash of the signer
r = UTIL_HASHSIZE;
X509_digest(cert->x509, EVP_sha256(), (unsigned char*)hash, &r);
// Check certificate hash with first 32 bytes of data.
if (memcmp(hash, *data, UTIL_HASHSIZE) != 0) goto error;
// Approved, cleanup and return.
BIO_free(out);
PKCS7_free(message);
return size;
error:
if (out != NULL) BIO_free(out);
if (message != NULL) PKCS7_free(message);
if (*data != NULL) free(*data);
if (cert->x509 != NULL) { X509_free(cert->x509); cert->x509 = NULL; }
return 0;
}示例11: check_signer_name
static int check_signer_name(CMS_ContentInfo *cms, const char *name)
{
STACK_OF(CMS_SignerInfo) *infos = CMS_get0_SignerInfos(cms);
STACK_OF(X509) *crts;
int i, ret = 1;
if ((name == NULL) || (name[0] == '\0'))
return 0;
crts = CMS_get1_certs(cms);
for (i = 0; i < sk_CMS_SignerInfo_num(infos); ++i) {
CMS_SignerInfo *si = sk_CMS_SignerInfo_value(infos, i);
int j;
for (j = 0; j < sk_X509_num(crts); ++j) {
X509 *crt = sk_X509_value(crts, j);
if (CMS_SignerInfo_cert_cmp(si, crt) == 0) {
ret = check_common_name(
X509_get_subject_name(crt), name);
}
}
}
sk_X509_pop_free(crts, X509_free);
return ret;
}示例12: ossl_x509stctx_get_chain
static VALUE
ossl_x509stctx_get_chain(VALUE self)
{
X509_STORE_CTX *ctx;
STACK_OF(X509) *chain;
X509 *x509;
int i, num;
VALUE ary;
GetX509StCtx(self, ctx);
if((chain = X509_STORE_CTX_get_chain(ctx)) == NULL){
return Qnil;
}
if((num = sk_X509_num(chain)) < 0){
OSSL_Debug("certs in chain < 0???");
return rb_ary_new();
}
ary = rb_ary_new2(num);
for(i = 0; i < num; i++) {
x509 = sk_X509_value(chain, i);
rb_ary_push(ary, ossl_x509_new(x509));
}
return ary;
}示例13: ssl_check_certificate
static int ssl_check_certificate (CONNECTION *conn, sslsockdata *data)
{
int i, preauthrc, chain_len;
STACK_OF(X509) *chain;
X509 *cert;
if ((preauthrc = ssl_check_preauth (data->cert, conn->account.host)) > 0)
return preauthrc;
chain = SSL_get_peer_cert_chain (data->ssl);
chain_len = sk_X509_num (chain);
/* negative preauthrc means the certificate won't be accepted without
* manual override. */
if (preauthrc < 0 || !chain || (chain_len <= 1))
return interactive_check_cert (data->cert, 0, 0);
/* check the chain from root to peer. */
for (i = chain_len-1; i >= 0; i--) {
cert = sk_X509_value (chain, i);
/* if the certificate validates or is manually accepted, then add it to
* the trusted set and recheck the peer certificate */
if (ssl_check_preauth (cert, NULL)
|| interactive_check_cert (cert, i, chain_len)) {
ssl_cache_trusted_cert (cert);
if (ssl_check_preauth (data->cert, conn->account.host))
return 1;
}
}
return 0;
}示例14: ssl_Connection_get_peer_cert_chain
static PyObject *
ssl_Connection_get_peer_cert_chain(ssl_ConnectionObj *self, PyObject *args) {
STACK_OF(X509) *sk;
PyObject *chain;
crypto_X509Obj *cert;
Py_ssize_t i;
if (!PyArg_ParseTuple(args, ":get_peer_cert_chain")) {
return NULL;
}
sk = SSL_get_peer_cert_chain(self->ssl);
if (sk != NULL) {
chain = PyList_New(sk_X509_num(sk));
for (i = 0; i < sk_X509_num(sk); i++) {
cert = new_x509(sk_X509_value(sk, i), 1);
if (!cert) {
/* XXX Untested */
Py_DECREF(chain);
return NULL;
}
CRYPTO_add(&cert->x509->references, 1, CRYPTO_LOCK_X509);
PyList_SET_ITEM(chain, i, (PyObject *)cert);
}
return chain;
} else {
Py_INCREF(Py_None);
return Py_None;
}
}示例15: verify_callback
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
int i, j;
/*
* Preverify checks the platform's certificate store; don't
* allow any chain that doesn't already validate according to
* that.
*/
if (!preverify_ok)
return 0;
/* check each certificate in the chain against our built-in pinlist. */
STACK_OF(X509) *chain = X509_STORE_CTX_get_chain(ctx);
if (!chain)
die("No certificate chain available");
bool found = false;
for (i=0; i < sk_X509_num(chain); i++) {
_cleanup_free_ char *spki_hash = NULL;
spki_hash = hash_subject_pubkey_info(sk_X509_value(chain, i));
if (!spki_hash)
continue;
for (j=0; j < (int) ARRAY_SIZE(PK_PINS); j++) {
if (strcmp(PK_PINS[j], spki_hash) == 0) {
found = true;
break;
}
}
}
return found;
}