version 1.9, 2020/10/26 11:48:39 |
version 1.10, 2020/11/03 18:39:18 |
|
|
} |
} |
|
|
static int |
static int |
check(X509_STORE * ctx, char *file, STACK_OF(X509) * uchain, |
check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, |
STACK_OF(X509) * tchain, STACK_OF(X509_CRL) * crls) |
STACK_OF(X509) *tchain, STACK_OF(X509_CRL) *crls) |
{ |
{ |
X509 *x = NULL; |
X509 *x = NULL; |
|
X509_STORE_CTX *csc = NULL; |
|
const char *certfile = (file == NULL) ? "stdin" : file; |
|
int verify_err; |
int i = 0, ret = 0; |
int i = 0, ret = 0; |
X509_STORE_CTX *csc; |
|
|
|
x = load_cert(bio_err, file, FORMAT_PEM, NULL, "certificate file"); |
x = load_cert(bio_err, file, FORMAT_PEM, NULL, "certificate file"); |
if (x == NULL) |
if (x == NULL) |
goto end; |
goto end; |
fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file); |
|
|
|
csc = X509_STORE_CTX_new(); |
fprintf(stdout, "%s: ", certfile); |
if (csc == NULL) { |
|
ERR_print_errors(bio_err); |
if ((csc = X509_STORE_CTX_new()) == NULL) |
goto end; |
goto end; |
} |
|
X509_STORE_set_flags(ctx, vflags); |
X509_STORE_set_flags(ctx, vflags); |
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { |
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) |
ERR_print_errors(bio_err); |
|
goto end; |
goto end; |
} |
|
if (tchain) |
if (tchain) |
X509_STORE_CTX_trusted_stack(csc, tchain); |
X509_STORE_CTX_trusted_stack(csc, tchain); |
if (crls) |
if (crls) |
X509_STORE_CTX_set0_crls(csc, crls); |
X509_STORE_CTX_set0_crls(csc, crls); |
|
|
i = X509_verify_cert(csc); |
i = X509_verify_cert(csc); |
X509_STORE_CTX_free(csc); |
verify_err = X509_STORE_CTX_get_error(csc); |
|
|
ret = 0; |
if (i > 0 && verify_err == X509_V_OK) { |
|
|
end: |
|
if (i > 0) { |
|
fprintf(stdout, "OK\n"); |
fprintf(stdout, "OK\n"); |
ret = 1; |
ret = 1; |
} else |
} else { |
|
fprintf(stdout, "%s: verification failed: %d (%s)\n", certfile, |
|
verify_err, X509_verify_cert_error_string(verify_err)); |
|
} |
|
|
|
end: |
|
if (i <= 0) |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
if (x != NULL) |
X509_free(x); |
X509_free(x); |
X509_STORE_CTX_free(csc); |
|
|
return (ret); |
return (ret); |
} |
} |