本文整理汇总了C++中sk_X509_value函数的典型用法代码示例。如果您正苦于以下问题:C++ sk_X509_value函数的具体用法?C++ sk_X509_value怎么用?C++ sk_X509_value使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sk_X509_value函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: describeCertificates
void describeCertificates(SSL* ssl, bool isServer)
{
// Resumed sessions don't necessarily have chains (not included in session ticket)
X509 *cert = SSL_get_peer_certificate(ssl);
if (cert == NULL) {
fprintf(stderr,"No peer certificates.\n");
} else {
fprintf(stderr,"Peer certificates:\n");
describeCertificate(0, cert);
X509_free(cert);
STACK_OF(X509) *certs = SSL_get_peer_cert_chain(ssl); // We don't have to free this apparently
// Cached sessions may not have a chain
if (certs != NULL) {
// On server, chain doesn't include client certificate
if (isServer) {
for (int i = 0; i < sk_X509_num(certs); i++) {
describeCertificate(i+1, sk_X509_value(certs,i));
}
} else {
for (int i = 1; i < sk_X509_num(certs); i++) {
describeCertificate(i, sk_X509_value(certs,i));
}
}
}
long verify_result = SSL_get_verify_result(ssl);
if (verify_result == X509_V_OK) {
fprintf(stderr,"Certificate OK\n");
} else {
// See 'man verify(1SSL)' for meanings of the codes
fprintf(stderr,"Verification error %ld\n", verify_result);
ERR_print_errors_fp(stderr);
}
}
}
开发者ID:matthewarcus,项目名称:ssl-demo,代码行数:34,代码来源:ssl_lib.cpp
示例2: openssl_ocsp_request_parse
static int openssl_ocsp_request_parse(lua_State*L)
{
OCSP_REQUEST *req = CHECK_OBJECT(1, OCSP_REQUEST, "openssl.ocsp_request");
int utf8 = lua_isnoneornil(L, 2) ? 1 : lua_toboolean(L, 2);
OCSP_REQINFO *inf = req->tbsRequest;
OCSP_SIGNATURE *sig = req->optionalSignature;
BIO* bio = BIO_new(BIO_s_mem());
int i, num;
lua_newtable(L);
AUXILIAR_SET(L, -1, "version", ASN1_INTEGER_get(inf->version), integer);
if (inf->requestorName)
{
opensl_push_general_name(L, inf->requestorName, utf8);
lua_setfield(L, -2, "requestorName");
}
num = sk_OCSP_ONEREQ_num(inf->requestList);
lua_newtable(L);
for (i = 0; i < num; i++)
{
OCSP_ONEREQ *one = sk_OCSP_ONEREQ_value(inf->requestList, i);
OCSP_CERTID *a = one->reqCert;
lua_newtable(L);
{
openssl_push_x509_algor(L, a->hashAlgorithm);
lua_setfield(L, -2, "hashAlgorithm");
PUSH_ASN1_OCTET_STRING(L, a->issuerNameHash);
lua_setfield(L, -2, "issuerNameHash");
PUSH_ASN1_OCTET_STRING(L, a->issuerKeyHash);
lua_setfield(L, -2, "issuerKeyHash");
PUSH_ASN1_INTEGER(L, a->serialNumber);
lua_setfield(L, -2, "serialNumber");
}
lua_rawseti(L, -2, i + 1);
}
lua_setfield(L, -2, "requestList");
if (inf->requestExtensions){
STACK_OF(X509_EXTENSION) *extensions = sk_X509_EXTENSION_dup(inf->requestExtensions);
PUSH_OBJECT(extensions,"openssl.stack_of_x509_extension");
lua_setfield(L,-2, "extensions");
}
if (sig)
{
BIO_reset(bio);
X509_signature_print(bio, sig->signatureAlgorithm, sig->signature);
for (i = 0; i < sk_X509_num(sig->certs); i++)
{
X509_print(bio, sk_X509_value(sig->certs, i));
PEM_write_bio_X509(bio, sk_X509_value(sig->certs, i));
}
}
BIO_free(bio);
return 1;
}
开发者ID:comcast-jonm,项目名称:lua-openssl,代码行数:60,代码来源:ocsp.c
示例3: dtls1_output_cert_chain
unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
{
unsigned char *p;
int i;
unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
BUF_MEM *buf;
/* TLSv1 sends a chain with nothing in it, instead of an alert */
buf=s->init_buf;
if (!BUF_MEM_grow_clean(buf,10))
{
SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
return(0);
}
if (x != NULL)
{
X509_STORE_CTX xs_ctx;
if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
{
SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
return(0);
}
X509_verify_cert(&xs_ctx);
/* Don't leave errors in the queue */
ERR_clear_error();
for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
{
x = sk_X509_value(xs_ctx.chain, i);
if (!dtls1_add_cert_to_buf(buf, &l, x))
{
X509_STORE_CTX_cleanup(&xs_ctx);
return 0;
}
}
X509_STORE_CTX_cleanup(&xs_ctx);
}
/* Thawte special :-) */
for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
{
x=sk_X509_value(s->ctx->extra_certs,i);
if (!dtls1_add_cert_to_buf(buf, &l, x))
return 0;
}
l-= (3 + DTLS1_HM_HEADER_LENGTH);
p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
l2n3(l,p);
l+=3;
p=(unsigned char *)&(buf->data[0]);
p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
l+=DTLS1_HM_HEADER_LENGTH;
return(l);
}
开发者ID:aosm,项目名称:OpenSSL098,代码行数:58,代码来源:d1_both.c
示例4: cert_check_local
NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
X509_OBJECT obj;
#if OPENSSL_VERSION_NUMBER>=0x10000000L
STACK_OF(X509) *sk;
int i;
sk=X509_STORE_get1_certs(callback_ctx, X509_get_subject_name(cert));
if(sk) {
for(i=0; i<sk_X509_num(sk); i++)
if(compare_pubkeys(cert, sk_X509_value(sk, i))) {
sk_X509_pop_free(sk, X509_free);
return 1; /* accept */
}
sk_X509_pop_free(sk, X509_free);
}
#endif
/* pre-1.0.0 API only returns a single matching certificate */
if(X509_STORE_get_by_subject(callback_ctx, X509_LU_X509,
X509_get_subject_name(cert), &obj)==1 &&
compare_pubkeys(cert, obj.data.x509))
return 1; /* accept */
s_log(LOG_WARNING,
"CERT: Certificate not found in local repository");
X509_STORE_CTX_set_error(callback_ctx, X509_V_ERR_CERT_REJECTED);
return 0; /* reject */
}
开发者ID:rchuppala,项目名称:usc_agent,代码行数:27,代码来源:verify.c
示例5: verify_cred
int verify_cred(
gss_cred_id_t credential)
{
gss_cred_id_desc * cred_handle;
X509 * cert;
X509 * previous_cert;
int cert_count;
cert_count = 1;
cred_handle = (gss_cred_id_desc *) credential;
if(cred_handle->pcd->cert_chain)
{
cert_count += sk_X509_num(cred_handle->pcd->cert_chain);
}
cert = cred_handle->pcd->ucert;
previous_cert=NULL;
cert_count--;
do
{
if(previous_cert != NULL)
{
if(!X509_verify(previous_cert,X509_get_pubkey(cert)))
{
return 0;
}
}
previous_cert = cert;
} while(cert_count-- &&
(cert = sk_X509_value(cred_handle->pcd->cert_chain,cert_count)));
return 1;
}
开发者ID:bbockelm,项目名称:globus-toolkit,代码行数:35,代码来源:delegation_test.c
示例6: meth_getpeerchain
/**
* Return the chain of certificate of the peer.
*/
static int meth_getpeerchain(lua_State *L)
{
int i;
int idx = 1;
int n_certs;
X509 *cert;
STACK_OF(X509) *certs;
p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
if (ssl->state != LSEC_STATE_CONNECTED) {
lua_pushnil(L);
lua_pushstring(L, "closed");
return 2;
}
lua_newtable(L);
if (ssl->ssl->server) {
lsec_pushx509(L, SSL_get_peer_certificate(ssl->ssl));
lua_rawseti(L, -2, idx++);
}
certs = SSL_get_peer_cert_chain(ssl->ssl);
n_certs = sk_X509_num(certs);
for (i = 0; i < n_certs; i++) {
cert = sk_X509_value(certs, i);
/* Increment the reference counting of the object. */
/* See SSL_get_peer_certificate() source code. */
CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
lsec_pushx509(L, cert);
lua_rawseti(L, -2, idx++);
}
return 1;
}
开发者ID:horazont,项目名称:luasec,代码行数:33,代码来源:ssl.c
示例7: sslctxfun
static CURLcode sslctxfun( CURL * curl, void * sslctx, void * parm ) {
sslctxparm * p = (sslctxparm *) parm;
SSL_CTX * ctx = (SSL_CTX *) sslctx ;
if ( !SSL_CTX_use_certificate( ctx,p->usercert ) ) {
BIO_printf( p->errorbio, "SSL_CTX_use_certificate problem\n" ); goto err;
}
if ( !SSL_CTX_use_PrivateKey( ctx,p->pkey ) ) {
BIO_printf( p->errorbio, "SSL_CTX_use_PrivateKey\n" ); goto err;
}
if ( !SSL_CTX_check_private_key( ctx ) ) {
BIO_printf( p->errorbio, "SSL_CTX_check_private_key\n" ); goto err;
}
SSL_CTX_set_quiet_shutdown( ctx,1 );
SSL_CTX_set_cipher_list( ctx,"RC4-MD5" );
SSL_CTX_set_mode( ctx, SSL_MODE_AUTO_RETRY );
X509_STORE_add_cert( ctx->cert_store,sk_X509_value( p->ca,sk_X509_num( p->ca ) - 1 ) );
SSL_CTX_set_verify_depth( ctx,2 );
SSL_CTX_set_verify( ctx,SSL_VERIFY_PEER,NULL );
SSL_CTX_set_cert_verify_callback( ctx, ssl_app_verify_callback, parm );
return CURLE_OK ;
err:
ERR_print_errors( p->errorbio );
return CURLE_SSL_CERTPROBLEM;
}
开发者ID:AdrienJaguenet,项目名称:Enemy-Territory,代码行数:35,代码来源:curlx.c
示例8: get_cert_chain_information
json::value get_cert_chain_information(boost::asio::ssl::verify_context &verifyCtx)
{
X509_STORE_CTX *storeContext = verifyCtx.native_handle();
STACK_OF(X509) *certStack = X509_STORE_CTX_get_chain(storeContext);
const int numCerts = sk_X509_num(certStack);
if (numCerts < 0)
{
return {};
}
json::value certChainInformation;
for (int index = 0; index < numCerts; ++index)
{
X509 *cert = sk_X509_value(certStack, index);
json::value certInformation;
certInformation[U("Issuer")] = json::value::string(get_issuer_from_cert(cert));
certInformation[U("Subject")] = json::value::string(get_subject_from_cert(cert));
certInformation[U("FingerPrint")] = json::value::string(get_fingerprint_from_cert(cert));
utility::stringstream_t countInfo;
countInfo << "Certificate: " << index;
certChainInformation[countInfo.str()] = certInformation;
}
return certChainInformation;
}
开发者ID:glukacsy,项目名称:cpprestsdk,代码行数:29,代码来源:x509_cert_utilities.cpp
示例9: MERROR
bool ssl_options_t::has_fingerprint(boost::asio::ssl::verify_context &ctx) const
{
// can we check the certificate against a list of fingerprints?
if (!fingerprints_.empty()) {
X509_STORE_CTX *sctx = ctx.native_handle();
if (!sctx)
{
MERROR("Error getting verify_context handle");
return false;
}
X509* cert = nullptr;
const STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(sctx);
if (!chain || sk_X509_num(chain) < 1 || !(cert = sk_X509_value(chain, 0)))
{
MERROR("No certificate found in verify_context");
return false;
}
// buffer for the certificate digest and the size of the result
std::vector<uint8_t> digest(EVP_MAX_MD_SIZE);
unsigned int size{ 0 };
// create the digest from the certificate
if (!X509_digest(cert, EVP_sha256(), digest.data(), &size)) {
MERROR("Failed to create certificate fingerprint");
return false;
}
// strip unnecessary bytes from the digest
digest.resize(size);
return std::binary_search(fingerprints_.begin(), fingerprints_.end(), digest);
}
开发者ID:monero-project,项目名称:bitmonero,代码行数:34,代码来源:net_ssl.cpp
示例10: util_verify
// Verify the signed block, the first 32 bytes of the data must be the certificate hash to work.
int __fastcall util_verify(char* signature, int signlen, struct util_cert* cert, char** data)
{
unsigned int size, r;
BIO *out = NULL;
PKCS7 *message = NULL;
char* data2 = NULL;
char hash[UTIL_HASHSIZE];
STACK_OF(X509) *st = NULL;
cert->x509 = NULL;
cert->pkey = NULL;
*data = NULL;
message = d2i_PKCS7(NULL, (const unsigned char**)&signature, signlen);
if (message == NULL) goto error;
out = BIO_new(BIO_s_mem());
// Lets rebuild the original message and check the size
size = i2d_PKCS7(message, NULL);
if (size < (unsigned int)signlen) goto error;
// Check the PKCS7 signature, but not the certificate chain.
r = PKCS7_verify(message, NULL, NULL, NULL, out, PKCS7_NOVERIFY);
if (r == 0) goto error;
// If data block contains less than 32 bytes, fail.
size = BIO_get_mem_data(out, &data2);
if (size <= UTIL_HASHSIZE) goto error;
// Copy the data block
*data = (char*)malloc(size + 1);
if (*data == NULL) goto error;
memcpy(*data, data2, size);
(*data)[size] = 0;
// Get the certificate signer
st = PKCS7_get0_signers(message, NULL, PKCS7_NOVERIFY);
cert->x509 = X509_dup(sk_X509_value(st, 0));
sk_X509_free(st);
// Get a full certificate hash of the signer
r = UTIL_HASHSIZE;
X509_digest(cert->x509, EVP_sha256(), (unsigned char*)hash, &r);
// Check certificate hash with first 32 bytes of data.
if (memcmp(hash, *data, UTIL_HASHSIZE) != 0) goto error;
// Approved, cleanup and return.
BIO_free(out);
PKCS7_free(message);
return size;
error:
if (out != NULL) BIO_free(out);
if (message != NULL) PKCS7_free(message);
if (*data != NULL) free(*data);
if (cert->x509 != NULL) { X509_free(cert->x509); cert->x509 = NULL; }
return 0;
}
开发者ID:Globik,项目名称:meshcentwebrtc,代码行数:61,代码来源:utils.c
示例11: check_signer_name
static int check_signer_name(CMS_ContentInfo *cms, const char *name)
{
STACK_OF(CMS_SignerInfo) *infos = CMS_get0_SignerInfos(cms);
STACK_OF(X509) *crts;
int i, ret = 1;
if ((name == NULL) || (name[0] == '\0'))
return 0;
crts = CMS_get1_certs(cms);
for (i = 0; i < sk_CMS_SignerInfo_num(infos); ++i) {
CMS_SignerInfo *si = sk_CMS_SignerInfo_value(infos, i);
int j;
for (j = 0; j < sk_X509_num(crts); ++j) {
X509 *crt = sk_X509_value(crts, j);
if (CMS_SignerInfo_cert_cmp(si, crt) == 0) {
ret = check_common_name(
X509_get_subject_name(crt), name);
}
}
}
sk_X509_pop_free(crts, X509_free);
return ret;
}
开发者ID:3mdeb,项目名称:swupdate,代码行数:27,代码来源:verify_signature.c
示例12: ossl_x509stctx_get_chain
static VALUE
ossl_x509stctx_get_chain(VALUE self)
{
X509_STORE_CTX *ctx;
STACK_OF(X509) *chain;
X509 *x509;
int i, num;
VALUE ary;
GetX509StCtx(self, ctx);
if((chain = X509_STORE_CTX_get_chain(ctx)) == NULL){
return Qnil;
}
if((num = sk_X509_num(chain)) < 0){
OSSL_Debug("certs in chain < 0???");
return rb_ary_new();
}
ary = rb_ary_new2(num);
for(i = 0; i < num; i++) {
x509 = sk_X509_value(chain, i);
rb_ary_push(ary, ossl_x509_new(x509));
}
return ary;
}
开发者ID:DCarper,项目名称:rubinius,代码行数:25,代码来源:ossl_x509store.c
示例13: ssl_check_certificate
static int ssl_check_certificate (CONNECTION *conn, sslsockdata *data)
{
int i, preauthrc, chain_len;
STACK_OF(X509) *chain;
X509 *cert;
if ((preauthrc = ssl_check_preauth (data->cert, conn->account.host)) > 0)
return preauthrc;
chain = SSL_get_peer_cert_chain (data->ssl);
chain_len = sk_X509_num (chain);
/* negative preauthrc means the certificate won't be accepted without
* manual override. */
if (preauthrc < 0 || !chain || (chain_len <= 1))
return interactive_check_cert (data->cert, 0, 0);
/* check the chain from root to peer. */
for (i = chain_len-1; i >= 0; i--) {
cert = sk_X509_value (chain, i);
/* if the certificate validates or is manually accepted, then add it to
* the trusted set and recheck the peer certificate */
if (ssl_check_preauth (cert, NULL)
|| interactive_check_cert (cert, i, chain_len)) {
ssl_cache_trusted_cert (cert);
if (ssl_check_preauth (data->cert, conn->account.host))
return 1;
}
}
return 0;
}
开发者ID:tejux,项目名称:mutt-hacks,代码行数:32,代码来源:mutt_ssl.c
示例14: ssl_Connection_get_peer_cert_chain
static PyObject *
ssl_Connection_get_peer_cert_chain(ssl_ConnectionObj *self, PyObject *args) {
STACK_OF(X509) *sk;
PyObject *chain;
crypto_X509Obj *cert;
Py_ssize_t i;
if (!PyArg_ParseTuple(args, ":get_peer_cert_chain")) {
return NULL;
}
sk = SSL_get_peer_cert_chain(self->ssl);
if (sk != NULL) {
chain = PyList_New(sk_X509_num(sk));
for (i = 0; i < sk_X509_num(sk); i++) {
cert = new_x509(sk_X509_value(sk, i), 1);
if (!cert) {
/* XXX Untested */
Py_DECREF(chain);
return NULL;
}
CRYPTO_add(&cert->x509->references, 1, CRYPTO_LOCK_X509);
PyList_SET_ITEM(chain, i, (PyObject *)cert);
}
return chain;
} else {
Py_INCREF(Py_None);
return Py_None;
}
}
开发者ID:svpcom,项目名称:pyopenssl-pypy,代码行数:31,代码来源:connection.c
示例15: verify_callback
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
int i, j;
/*
* Preverify checks the platform's certificate store; don't
* allow any chain that doesn't already validate according to
* that.
*/
if (!preverify_ok)
return 0;
/* check each certificate in the chain against our built-in pinlist. */
STACK_OF(X509) *chain = X509_STORE_CTX_get_chain(ctx);
if (!chain)
die("No certificate chain available");
bool found = false;
for (i=0; i < sk_X509_num(chain); i++) {
_cleanup_free_ char *spki_hash = NULL;
spki_hash = hash_subject_pubkey_info(sk_X509_value(chain, i));
if (!spki_hash)
continue;
for (j=0; j < (int) ARRAY_SIZE(PK_PINS); j++) {
if (strcmp(PK_PINS[j], spki_hash) == 0) {
found = true;
break;
}
}
}
return found;
}
开发者ID:lastpass,项目名称:lastpass-cli,代码行数:34,代码来源:http.c
示例16: pemData
// success of certificates extraction
bool pemData(X509_STORE_CTX* ctx, ListHashSet<String>& certificates)
{
bool ok = true;
STACK_OF(X509)* certs = X509_STORE_CTX_get1_chain(ctx);
for (int i = 0; i < sk_X509_num(certs); i++) {
X509* uCert = sk_X509_value(certs, i);
BIO* bio = BIO_new(BIO_s_mem());
int res = PEM_write_bio_X509(bio, uCert);
if (!res) {
ok = false;
BIO_free(bio);
break;
}
unsigned char* certificateData;
long length = BIO_get_mem_data(bio, &certificateData);
if (length < 0) {
ok = false;
BIO_free(bio);
break;
}
certificateData[length] = '\0';
String certificate = certificateData;
certificates.add(certificate);
BIO_free(bio);
}
sk_X509_pop_free(certs, X509_free);
return ok;
}
开发者ID:AndriyKalashnykov,项目名称:webkit,代码行数:31,代码来源:SSLHandle.cpp
示例17: verify_certificate_chain
static int verify_certificate_chain(X509_STORE_CTX * x509_ctx, void * ignored) {
qeo_platform_custom_certificate_validator custom_cert_validator_cb = qeo_platform_get_custom_certificate_validator();
qeo_der_certificate certificate_chain[10];
BIO* bios[10];
int rc = 0;
/** We need access to unchecked chain of certificates
* No obvious API is found to get a hold of it. The API's available to get certificates
* expect to do the verification first and only then you can get the chain.
* As we want to do the validation ourselves, we just pull them out the struct to get
* the untrusted chain.
*/
STACK_OF(X509) *sk = x509_ctx->untrusted;
if (sk) {
//Lets check the stack.
qeo_util_retcode_t retcode = QEO_UTIL_EFAIL;
int certs = sk_X509_num(sk);
int i;
if (certs > 10) { //to many certificates;
//there is also a limit of 10 in openssl for the maximum certificate chain length. We should not hit this; Still better safe then sorry.
return 0;
}
memset(bios, 0, sizeof(BIO*) * 10);
for (i = 0; i < certs ; i++) {
int result;
X509* cert = sk_X509_value(sk, i);
//create a memory BIO
BIO *mem = BIO_new(BIO_s_mem());
if (NULL == mem) {
goto out; //failed to create BIO
}
bios[i] = mem;
//write to bio int i2d_X509_bio(BIO *bp, X509 *x);
result = i2d_X509_bio(mem, cert);
if (result < 0) {
qeo_log_e("Failed to write certificate data to mem bio %d\n", result);
goto out;
}
// add to array
certificate_chain[i].size = BIO_get_mem_data(mem, &certificate_chain[i].cert_data);
}
//call the callback
retcode = custom_cert_validator_cb(certificate_chain, certs);
if (retcode == QEO_UTIL_OK) {
rc = 1;
} else {
qeo_log_e("Custom certificate verification callback returned %d - Treating this as a verification error\n", retcode);
}
out:
//free memory
for (i = 0; i < certs ; i++) {
if (bios[i])
BIO_vfree(bios[i]); //we take the void version; not much we can do if the free fails
}
}
return rc;
}
开发者ID:FlavioFalcao,项目名称:tinq-core,代码行数:60,代码来源:security_util.c
示例18: _backend_addFile
/**
* Adds all subjects in a PKCS12 files and notifies the frontend of them.
*/
static TokenError _backend_addFile(Backend *backend,
const char *data, size_t length,
void *tag) {
SharedPKCS12 *p12 = pkcs12_parse(data, length);
if (!p12) return TokenError_BadFile;
STACK_OF(X509) *certList = pkcs12_listCerts(p12->data);
if (!certList) return TokenError_Unknown;
int certCount = sk_X509_num(certList);
for (int i = 0; i < certCount; i++) {
X509 *x = sk_X509_value(certList, i);
if (!certutil_hasKeyUsage(x, backend->notifier->keyUsage)) goto dontAddCert;
X509_NAME *id = X509_get_subject_name(x);
if (!certutil_matchSubjectFilter(backend->notifier->subjectFilter, id))
goto dontAddCert;
PKCS12Token *token = createToken(backend, p12, id, tag);
if (token) {
backend->notifier->notifyFunction((Token*)token, TokenChange_Added);
continue;
}
dontAddCert:
X509_free(x);
}
pkcs12_release(p12);
return TokenError_Success;
}
开发者ID:xranby,项目名称:fribid,代码行数:35,代码来源:pkcs12.c
示例19: ossl_ssl_get_peer_cert_chain
/*
* call-seq:
* ssl.peer_cert_chain => [cert, ...] or nil
*/
static VALUE
ossl_ssl_get_peer_cert_chain(VALUE self)
{
SSL *ssl;
STACK_OF(X509) *chain;
X509 *cert;
VALUE ary;
int i, num;
Data_Get_Struct(self, SSL, ssl);
if(!ssl){
rb_warning("SSL session is not started yet.");
return Qnil;
}
chain = SSL_get_peer_cert_chain(ssl);
if(!chain) return Qnil;
num = sk_X509_num(chain);
ary = rb_ary_new2(num);
for (i = 0; i < num; i++){
cert = sk_X509_value(chain, i);
rb_ary_push(ary, ossl_x509_new(cert));
}
return ary;
}
开发者ID:2220142,项目名称:ruby,代码行数:29,代码来源:ossl_ssl.c
示例20: STACK_OF
Settings::KeyPair CertWizard::importCert(QByteArray data, const QString &pw) {
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
PKCS12 *pkcs = NULL;
BIO *mem = NULL;
STACK_OF(X509) *certs = NULL;
Settings::KeyPair kp;
int ret = 0;
mem = BIO_new_mem_buf(data.data(), data.size());
Q_UNUSED(BIO_set_close(mem, BIO_NOCLOSE));
pkcs = d2i_PKCS12_bio(mem, NULL);
if (pkcs) {
ret = PKCS12_parse(pkcs, NULL, &pkey, &x509, &certs);
if (pkcs && !pkey && !x509 && ! pw.isEmpty()) {
if (certs) {
if (ret)
sk_X509_free(certs);
certs = NULL;
}
ret = PKCS12_parse(pkcs, pw.toUtf8().constData(), &pkey, &x509, &certs);
}
if (pkey && x509 && X509_check_private_key(x509, pkey)) {
unsigned char *dptr;
QByteArray key, crt;
key.resize(i2d_PrivateKey(pkey, NULL));
dptr=reinterpret_cast<unsigned char *>(key.data());
i2d_PrivateKey(pkey, &dptr);
crt.resize(i2d_X509(x509, NULL));
dptr=reinterpret_cast<unsigned char *>(crt.data());
i2d_X509(x509, &dptr);
QSslCertificate qscCert = QSslCertificate(crt, QSsl::Der);
QSslKey qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
QList<QSslCertificate> qlCerts;
qlCerts << qscCert;
if (certs) {
for (int i=0;i<sk_X509_num(certs);++i) {
X509 *c = sk_X509_value(certs, i);
crt.resize(i2d_X509(c, NULL));
dptr=reinterpret_cast<unsigned char *>(crt.data());
i2d_X509(c, &dptr);
QSslCertificate cert = QSslCertificate(crt, QSsl::Der);
qlCerts << cert;
}
}
bool valid = ! qskKey.isNull();
foreach(const QSslCertificate &cert, qlCerts)
valid = valid && ! cert.isNull();
if (valid)
kp = Settings::KeyPair(qlCerts, qskKey);
}
}
开发者ID:CarlsonER,项目名称:mumble,代码行数:59,代码来源:Cert.cpp
注:本文中的sk_X509_value函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论