X509_STORE 与 X509_STORE_CTX的用法区别

新闻 | 论坛 | 博客 | 在线研讨会

电子禅石 | 2021-04-02 14:11:29 阅读：3692

发布文章

static int verify_cb(int ok, X509_STORE_CTX *ctx)

{

if (!ok)

{

/* check the error code and current cert*/

X509 *currentCert = X509_STORE_CTX_get_current_cert(ctx);

int certError = X509_STORE_CTX_get_error(ctx);

int depth = X509_STORE_CTX_get_error_depth(ctx);

printCert(currentCert);

printf("Error depth %d, certError %d", depth, certError)

}

return(ok);

}

int verify_cert(X509 *cert, X509 *cacert)// 使用右侧的CA证书cacert校验左侧的普通证书cert

{

int ret;

X509_STORE *store;

X509_STORE_CTX *ctx;

store = X509_STORE_new();

X509_STORE_set_verify_cb(store, verify_cb);

X590_STORE_add_cert(store, cacert);

ctx = X509_STORE_CTX_new();

X509_STORE_CTX_init(ctx, store, cert, NULL);

ret = X590_verify_cert(ctx);

/* check for errors and clean up */

}

I am here just to post my answer as I found it with the above comments.

I had no certificate chain, so in the work I'm doing I only have a certificate generated by me programatically. I wanted to check the validity of it, so I created the following function, which checks the certificate against itself in other to verify the validity of it.

void check_certificate_validaty(X509* certificate)
{
    int status;
    X509_STORE_CTX *ctx;
    ctx = X509_STORE_CTX_new();
    X509_STORE *store = X509_STORE_new();

    X509_STORE_add_cert(store, certificate);

    X509_STORE_CTX_init(ctx, store, certificate, NULL);

    status = X509_verify_cert(ctx);
    if(status == 1)
    {
        printf("Certificate verified ok\n");
    }else
    {
        printf("%s\n", X509_verify_cert_error_string(ctx->error));
    }
}

*博客内容为网友个人发布，仅代表博主个人观点，如有侵权请联系工作人员删除。

参与讨论

登录后参与讨论

电子禅石　2021-04-02 14:28:05　

18 I am here just to post my answer as I found it with the above comments. I had no certificate chain, so in the work I'm doing I only have a certificate generated by me programatically. I wanted to check the validity of it, so I created the following function, which checks the certificate against itself in other to verify the validity of it. void check_certificate_validaty(X509* certificate) { int status; X509_STORE_CTX *ctx; ctx = X509_STORE_CTX_new(); X509_STORE *store = X509_STORE_new(); X509_STORE_add_cert(store, certificate); X509_STORE_CTX_init(ctx, store, certificate, NULL); status = X509_verify_cert(ctx); if(status == 1) { printf("Certificate verified ok\n"); }else { printf("%s\n", X509_verify_cert_error_string(ctx-error)); } }

电子禅石　2021-04-02 14:27:16　

You need to create a certificate store using X509_STORE_CTX_new. Then add certificate chain using X509_STORE_CTX_set_chain. Add trusted root certificate using X509_STORE_CTX_trusted_stack. Finally add certificate to be verified using X509_STORE_CTX_set_cert. After that call X509_verify_cert.

电子禅石的空间

属于自己的技术积累分享,成为嵌入式系统研发高手。