OPENSSL X509证书验证
来源:互联网 发布:js定义一个json数组 编辑:程序博客网 时间:2024/05/21 08:59
步骤:
1)初始化环境
a.新建证书存储区X509_STORE_new()
b.新建证书校验上下文X509_STORE_CTX_new()
2)导入根证书
a.读取CA证书,从DER编码格式化为X509结构d2i_X509()
b.将CA证书导入证书存储区X509_STORE_add_cert()
3)导入要校验的证书test
a.读取证书test,从DER编码格式化为X509结构d2i_X509()
b.在证书校验上下文初始化证书test,X509_STORE_CTX_init()
c.校验X509_verify_cert
1)初始化环境
a.新建证书存储区X509_STORE_new()
b.新建证书校验上下文X509_STORE_CTX_new()
2)导入根证书
a.读取CA证书,从DER编码格式化为X509结构d2i_X509()
b.将CA证书导入证书存储区X509_STORE_add_cert()
3)导入要校验的证书test
a.读取证书test,从DER编码格式化为X509结构d2i_X509()
b.在证书校验上下文初始化证书test,X509_STORE_CTX_init()
c.校验X509_verify_cert
- include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
- #include <openssl/evp.h>
- #include <openssl/x509.h>
- #define CERT_PATH "/home/ckelsel/work/rc4/cert"
- #define ROOT_CERT "ca.cer"
- #define WIN71H "win71h.cer"
- #define WIN71Y "win71y.cer"
- #define GET_DEFAULT_CA_CERT(str) sprintf(str, "%s/%s", CERT_PATH, ROOT_CERT)
- #define GET_CUSTOM_CERT(str, path, name) sprintf(str, "%s/%s", path, name)
- #define MAX_LEGTH 4096
- int my_load_cert(unsigned char *str, unsigned long *str_len,
- const char *verify_cert, const unsigned int cert_len)
- {
- FILE *fp;
- fp = fopen(verify_cert, "rb");
- if ( NULL == fp)
- {
- fprintf(stderr, "fopen fail\n");
- return -1;
- }
- *str_len = fread(str, 1, cert_len, fp);
- fclose(fp);
- return 0;
- }
- X509 *der_to_x509(const unsigned char *der_str, unsigned int der_str_len)
- {
- X509 *x509;
- x509 = d2i_X509(NULL, &der_str, der_str_len);
- if ( NULL == x509 )
- {
- fprintf(stderr, "d2i_X509 fail\n");
- return NULL;
- }
- return x509;
- }
- int x509_verify()
- {
- int ret;
- char cert[MAX_LEGTH];
- unsigned char user_der[MAX_LEGTH];
- unsigned long user_der_len;
- X509 *user = NULL;
- unsigned char ca_der[MAX_LEGTH];
- unsigned long ca_der_len;
- X509 *ca = NULL;
- X509_STORE *ca_store = NULL;
- X509_STORE_CTX *ctx = NULL;
- STACK_OF(X509) *ca_stack = NULL;
- /* x509初始化 */
- ca_store = X509_STORE_new();
- ctx = X509_STORE_CTX_new();
- /* root ca*/
- GET_DEFAULT_CA_CERT(cert);
- /* 从文件中读取 */
- my_load_cert(ca_der, &ca_der_len, cert, MAX_LEGTH);
- /* DER编码转X509结构 */
- ca = der_to_x509(ca_der, ca_der_len);
- /* 加入证书存储区 */
- ret = X509_STORE_add_cert(ca_store, ca);
- if ( ret != 1 )
- {
- fprintf(stderr, "X509_STORE_add_cert fail, ret = %d\n", ret);
- goto EXIT;
- }
- /* 需要校验的证书 */
- GET_CUSTOM_CERT(cert, CERT_PATH, WIN71H);
- my_load_cert(user_der, &user_der_len, cert, MAX_LEGTH);
- user = der_to_x509(user_der, user_der_len);
- ret = X509_STORE_CTX_init(ctx, ca_store, user, ca_stack);
- if ( ret != 1 )
- {
- fprintf(stderr, "X509_STORE_CTX_init fail, ret = %d\n", ret);
- goto EXIT;
- }
- //openssl-1.0.1c/crypto/x509/x509_vfy.h
- ret = X509_verify_cert(ctx);
- if ( ret != 1 )
- {
- fprintf(stderr, "X509_verify_cert fail, ret = %d, error id = %d, %s\n",
- ret, ctx->error, X509_verify_cert_error_string(ctx->error));
- goto EXIT;
- }
- EXIT:
- X509_free(user);
- X509_free(ca);
- X509_STORE_CTX_cleanup(ctx);
- X509_STORE_CTX_free(ctx);
- X509_STORE_free(ca_store);
- return ret == 1 ? 0 : -1;
- }
- int main()
- {
- OpenSSL_add_all_algorithms();
- x509_verify();
- return 0;
- }
0 0
- OPENSSL X509证书验证
- OPENSSL X509证书验证
- Openssl 对x509证书有效性进行验证
- openssl gmssl x509 证书
- x509证书验证示例
- Openssl生成导入X509证书
- 获取 X509 证书的 Version 信息 (openssl)
- 获取 X509 证书 serial (openssl)
- iOS 使用Openssl解析X509证书
- openssl 获取x509.pem 证书信息
- 通过OpenSSL解码X509证书文件
- 通过OpenSSL解析X509证书基本项
- Openssl编程获取X509证书的DNS
- openssl verify 验证证书
- openssl证书验证
- 通过OpenSSL获取X509证书的HASH(指纹)值
- 使用OpenSSL转换X509 PEM与PFX证书
- 一个shell脚本,实现利用OpenSSL生成X509证书
- Binary Tree Level Order Traversal
- jQuery .tmpl(), .template()学习
- React Native第一个Demo(1)
- Java中的隐藏和覆盖
- Python 字典详解
- OPENSSL X509证书验证
- Java中 String、StringBuffer 、StringBuilder 总结
- Java基础泛型篇一
- JQuery中ajax处理跨域的三大方式
- Hibernate与Ibatis比较
- 以Yii 2.0风格加载自定义类或命名空间 [配置使用Yii autoloader] [ 2.0 版本 ]
- Python数据类型转换
- iOS笔记—NSURLConnection怎么把http改为https
- 腾正科技“护驾”来袭