新闻  |   论坛  |   博客  |   在线研讨会
X509_STORE 与 X509_STORE_CTX的用法区别
电子禅石 | 2021-04-02 14:11:29    阅读:2376   发布文章

static int  verify_cb(int ok, X509_STORE_CTX *ctx)

{

    if (!ok)

    {

        /* check the error code and current cert*/

        X509 *currentCert = X509_STORE_CTX_get_current_cert(ctx);

        int certError = X509_STORE_CTX_get_error(ctx);

        int depth = X509_STORE_CTX_get_error_depth(ctx);

        printCert(currentCert);

        printf("Error depth %d, certError %d", depth, certError)

    }

 

    return(ok);

}

 

int verify_cert(X509 *cert, X509 *cacert)// 使用右侧的CA证书cacert校验左侧的普通证书cert

{

     int ret;

     X509_STORE *store;

     X509_STORE_CTX *ctx;

 

     store = X509_STORE_new();

     X509_STORE_set_verify_cb(store, verify_cb);

     X590_STORE_add_cert(store, cacert);

 

     ctx = X509_STORE_CTX_new();

     X509_STORE_CTX_init(ctx, store, cert, NULL);

 

     ret = X590_verify_cert(ctx);

 

     /* check for errors and clean up */

}


18

I am here just to post my answer as I found it with the above comments.

I had no certificate chain, so in the work I'm doing I only have a certificate generated by me programatically. I wanted to check the validity of it, so I created the following function, which checks the certificate against itself in other to verify the validity of it.

void check_certificate_validaty(X509* certificate)
{
    int status;
    X509_STORE_CTX *ctx;
    ctx = X509_STORE_CTX_new();
    X509_STORE *store = X509_STORE_new();

    X509_STORE_add_cert(store, certificate);

    X509_STORE_CTX_init(ctx, store, certificate, NULL);

    status = X509_verify_cert(ctx);
    if(status == 1)
    {
        printf("Certificate verified ok\n");
    }else
    {
        printf("%s\n", X509_verify_cert_error_string(ctx->error));
    }
}


*博客内容为网友个人发布,仅代表博主个人观点,如有侵权请联系工作人员删除。

参与讨论
登录后参与讨论
电子禅石  2021-04-02 14:28:05 

18 I am here just to post my answer as I found it with the above comments. I had no certificate chain, so in the work I'm doing I only have a certificate generated by me programatically. I wanted to check the validity of it, so I created the following function, which checks the certificate against itself in other to verify the validity of it. void check_certificate_validaty(X509* certificate) { int status; X509_STORE_CTX *ctx; ctx = X509_STORE_CTX_new(); X509_STORE *store = X509_STORE_new(); X509_STORE_add_cert(store, certificate); X509_STORE_CTX_init(ctx, store, certificate, NULL); status = X509_verify_cert(ctx); if(status == 1) { printf("Certificate verified ok\n"); }else { printf("%s\n", X509_verify_cert_error_string(ctx-error)); } }

电子禅石  2021-04-02 14:27:16 

You need to create a certificate store using X509_STORE_CTX_new. Then add certificate chain using X509_STORE_CTX_set_chain. Add trusted root certificate using X509_STORE_CTX_trusted_stack. Finally add certificate to be verified using X509_STORE_CTX_set_cert. After that call X509_verify_cert.

属于自己的技术积累分享,成为嵌入式系统研发高手。
推荐文章
最近访客