本文整理汇总了C++中sk_X509_free函数的典型用法代码示例。如果您正苦于以下问题:C++ sk_X509_free函数的具体用法?C++ sk_X509_free怎么用?C++ sk_X509_free使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sk_X509_free函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: g_tls_database_openssl_verify_chain
static GTlsCertificateFlags
g_tls_database_openssl_verify_chain (GTlsDatabase *database,
GTlsCertificate *chain,
const gchar *purpose,
GSocketConnectable *identity,
GTlsInteraction *interaction,
GTlsDatabaseVerifyFlags flags,
GCancellable *cancellable,
GError **error)
{
GTlsDatabaseOpenssl *self = G_TLS_DATABASE_OPENSSL (database);
GTlsDatabaseOpensslPrivate *priv;
STACK_OF(X509) *certs;
X509_STORE_CTX *csc;
X509 *x;
GTlsCertificateFlags result = 0;
g_return_val_if_fail (G_IS_TLS_CERTIFICATE_OPENSSL (chain),
G_TLS_CERTIFICATE_GENERIC_ERROR);
priv = g_tls_database_openssl_get_instance_private (self);
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return G_TLS_CERTIFICATE_GENERIC_ERROR;
certs = convert_certificate_chain_to_openssl (G_TLS_CERTIFICATE_OPENSSL (chain));
csc = X509_STORE_CTX_new ();
x = g_tls_certificate_openssl_get_cert (G_TLS_CERTIFICATE_OPENSSL (chain));
if (!X509_STORE_CTX_init (csc, priv->store, x, certs))
{
X509_STORE_CTX_free (csc);
sk_X509_free (certs);
return G_TLS_CERTIFICATE_GENERIC_ERROR;
}
if (X509_verify_cert (csc) <= 0)
result = g_tls_certificate_openssl_convert_error (X509_STORE_CTX_get_error (csc));
X509_STORE_CTX_free (csc);
sk_X509_free (certs);
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return G_TLS_CERTIFICATE_GENERIC_ERROR;
/* We have to check these ourselves since openssl
* does not give us flags and UNKNOWN_CA will take priority.
*/
result |= double_check_before_after_dates (G_TLS_CERTIFICATE_OPENSSL (chain));
if (identity)
result |= g_tls_certificate_openssl_verify_identity (G_TLS_CERTIFICATE_OPENSSL (chain),
identity);
return result;
}
开发者ID:GNOME,项目名称:glib-networking,代码行数:57,代码来源:gtlsdatabase-openssl.c
示例2: STACK_OF
void pki_pkcs7::signBio(pki_x509 *crt, BIO *bio)
{
pki_key *privkey;
EVP_PKEY *pk;
STACK_OF(X509) *certstack;
if (!crt)
return;
privkey = crt->getRefKey();
if (!privkey)
throw errorEx("No private key for signing found", getClassName());
certstack = sk_X509_new_null();
pki_x509 *signer = crt->getSigner();
if (signer == crt)
signer = NULL;
while (signer != NULL ) {
sk_X509_push(certstack, signer->getCert());
openssl_error();
if (signer == signer->getSigner() )
signer = NULL;
else
signer = signer->getSigner();
}
if (p7)
PKCS7_free(p7);
pk = privkey->decryptKey();
p7 = PKCS7_sign(crt->getCert(), pk, certstack, bio, PKCS7_BINARY);
EVP_PKEY_free(pk);
openssl_error();
sk_X509_free(certstack);
}
开发者ID:chris2511,项目名称:xca,代码行数:31,代码来源:pki_pkcs7.cpp
示例3: CA_passive_authentication
int
CA_passive_authentication(const EAC_CTX *ctx, PKCS7 *ef_cardsecurity)
{
X509 *ds_cert;
X509_STORE *store;
STACK_OF(X509) *ds_certs = NULL;
unsigned long issuer_name_hash;
int ret = 0;
check(ef_cardsecurity && ctx && ctx->ca_ctx && ctx->ca_ctx->lookup_csca_cert, "Invalid arguments");
/* Extract the DS certificates from the EF.CardSecurity */
ds_certs = PKCS7_get0_signers(ef_cardsecurity, NULL, 0);
check(ds_certs, "Failed to retrieve certificates from EF.CardSecurity");
/* NOTE: The following code assumes that there is only one certificate in
* PKCS7 structure. ds_cert is implicitly freed together with ds_certs. */
ds_cert = sk_X509_pop(ds_certs);
check(ds_cert, "Failed to retrieve DS certificate from EF.CardSecurity");
/* Get the trust store with at least the csca certificate */
issuer_name_hash = X509_issuer_name_hash(ds_cert);
store = ctx->ca_ctx->lookup_csca_cert(issuer_name_hash);
check (store, "Failed to retrieve CSCA truststore");
/* Verify the signature and the certificate chain */
ret = PKCS7_verify(ef_cardsecurity, ds_certs, store, NULL, NULL, 0);
err:
if (ds_certs)
sk_X509_free(ds_certs);
return ret;
}
开发者ID:RushOnline,项目名称:openpace,代码行数:34,代码来源:eac_ca.c
示例4: STACK_OF
STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
{
STACK_OF(X509) *signers = NULL;
STACK_OF(CMS_SignerInfo) *sinfos;
CMS_SignerInfo *si;
int i;
sinfos = CMS_get0_SignerInfos(cms);
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
{
si = sk_CMS_SignerInfo_value(sinfos, i);
if (si->signer)
{
if (!signers)
{
signers = sk_X509_new_null();
if (!signers)
return NULL;
}
if (!sk_X509_push(signers, si->signer))
{
sk_X509_free(signers);
return NULL;
}
}
}
return signers;
}
开发者ID:LucidOne,项目名称:Rovio,代码行数:27,代码来源:cms_sd.c
示例5: util_verify
// Verify the signed block, the first 32 bytes of the data must be the certificate hash to work.
int __fastcall util_verify(char* signature, int signlen, struct util_cert* cert, char** data)
{
unsigned int size, r;
BIO *out = NULL;
PKCS7 *message = NULL;
char* data2 = NULL;
char hash[UTIL_HASHSIZE];
STACK_OF(X509) *st = NULL;
cert->x509 = NULL;
cert->pkey = NULL;
*data = NULL;
message = d2i_PKCS7(NULL, (const unsigned char**)&signature, signlen);
if (message == NULL) goto error;
out = BIO_new(BIO_s_mem());
// Lets rebuild the original message and check the size
size = i2d_PKCS7(message, NULL);
if (size < (unsigned int)signlen) goto error;
// Check the PKCS7 signature, but not the certificate chain.
r = PKCS7_verify(message, NULL, NULL, NULL, out, PKCS7_NOVERIFY);
if (r == 0) goto error;
// If data block contains less than 32 bytes, fail.
size = BIO_get_mem_data(out, &data2);
if (size <= UTIL_HASHSIZE) goto error;
// Copy the data block
*data = (char*)malloc(size + 1);
if (*data == NULL) goto error;
memcpy(*data, data2, size);
(*data)[size] = 0;
// Get the certificate signer
st = PKCS7_get0_signers(message, NULL, PKCS7_NOVERIFY);
cert->x509 = X509_dup(sk_X509_value(st, 0));
sk_X509_free(st);
// Get a full certificate hash of the signer
r = UTIL_HASHSIZE;
X509_digest(cert->x509, EVP_sha256(), (unsigned char*)hash, &r);
// Check certificate hash with first 32 bytes of data.
if (memcmp(hash, *data, UTIL_HASHSIZE) != 0) goto error;
// Approved, cleanup and return.
BIO_free(out);
PKCS7_free(message);
return size;
error:
if (out != NULL) BIO_free(out);
if (message != NULL) PKCS7_free(message);
if (*data != NULL) free(*data);
if (cert->x509 != NULL) { X509_free(cert->x509); cert->x509 = NULL; }
return 0;
}
开发者ID:Globik,项目名称:meshcentwebrtc,代码行数:61,代码来源:utils.c
示例6: STACK_OF
Settings::KeyPair CertWizard::importCert(QByteArray data, const QString &pw) {
X509 *x509 = NULL;
EVP_PKEY *pkey = NULL;
PKCS12 *pkcs = NULL;
BIO *mem = NULL;
STACK_OF(X509) *certs = NULL;
Settings::KeyPair kp;
int ret = 0;
mem = BIO_new_mem_buf(data.data(), data.size());
Q_UNUSED(BIO_set_close(mem, BIO_NOCLOSE));
pkcs = d2i_PKCS12_bio(mem, NULL);
if (pkcs) {
ret = PKCS12_parse(pkcs, NULL, &pkey, &x509, &certs);
if (pkcs && !pkey && !x509 && ! pw.isEmpty()) {
if (certs) {
if (ret)
sk_X509_free(certs);
certs = NULL;
}
ret = PKCS12_parse(pkcs, pw.toUtf8().constData(), &pkey, &x509, &certs);
}
if (pkey && x509 && X509_check_private_key(x509, pkey)) {
unsigned char *dptr;
QByteArray key, crt;
key.resize(i2d_PrivateKey(pkey, NULL));
dptr=reinterpret_cast<unsigned char *>(key.data());
i2d_PrivateKey(pkey, &dptr);
crt.resize(i2d_X509(x509, NULL));
dptr=reinterpret_cast<unsigned char *>(crt.data());
i2d_X509(x509, &dptr);
QSslCertificate qscCert = QSslCertificate(crt, QSsl::Der);
QSslKey qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
QList<QSslCertificate> qlCerts;
qlCerts << qscCert;
if (certs) {
for (int i=0;i<sk_X509_num(certs);++i) {
X509 *c = sk_X509_value(certs, i);
crt.resize(i2d_X509(c, NULL));
dptr=reinterpret_cast<unsigned char *>(crt.data());
i2d_X509(c, &dptr);
QSslCertificate cert = QSslCertificate(crt, QSsl::Der);
qlCerts << cert;
}
}
bool valid = ! qskKey.isNull();
foreach(const QSslCertificate &cert, qlCerts)
valid = valid && ! cert.isNull();
if (valid)
kp = Settings::KeyPair(qlCerts, qskKey);
}
}
开发者ID:CarlsonER,项目名称:mumble,代码行数:59,代码来源:Cert.cpp
示例7: GTPublicationsFile_getSigningCert
int GTPublicationsFile_getSigningCert(
const GTPublicationsFile *publications_file,
unsigned char **cert_der, size_t *cert_der_length)
{
int res = GT_UNKNOWN_ERROR;
unsigned char *i2dp;
unsigned char *tmp_der = NULL;
int tmp_der_len;
X509 *signing_cert = NULL;
STACK_OF(X509) *certs = NULL;
if (publications_file == NULL || publications_file->signature == NULL ||
cert_der == NULL || cert_der_length == NULL) {
res = GT_INVALID_ARGUMENT;
goto cleanup;
}
certs = PKCS7_get0_signers(publications_file->signature, NULL, 0);
if (certs == NULL) {
res = GT_INVALID_FORMAT;
goto cleanup;
}
if (sk_X509_num(certs) != 1) {
res = GT_INVALID_FORMAT;
goto cleanup;
}
signing_cert = sk_X509_value(certs, 0);
tmp_der_len = i2d_X509(signing_cert, NULL);
if (tmp_der_len < 0) {
res = GT_CRYPTO_FAILURE;
goto cleanup;
}
tmp_der = GT_malloc(tmp_der_len);
if (tmp_der == NULL) {
res = GT_OUT_OF_MEMORY;
goto cleanup;
}
i2dp = tmp_der;
i2d_X509(signing_cert, &i2dp);
*cert_der = tmp_der;
tmp_der = NULL;
*cert_der_length = tmp_der_len;
res = GT_OK;
cleanup:
GT_free(tmp_der);
sk_X509_free(certs);
return res;
}
开发者ID:nilpoint,项目名称:node-guardtime,代码行数:57,代码来源:gt_publicationsfile.c
示例8: START_TEST
END_TEST
START_TEST(test_sscep_handling_perform_sunny)
{
qeo_mgmt_client_ctx_t *ctx = NULL;
STACK_OF(X509) *racerts = get_cert_store(raids);
STACK_OF(X509) *devicecerts = get_cert_store(deviceids);
sscep_mock_ignore_and_return(true, SCEP_PKISTATUS_SUCCESS, racerts, SCEP_PKISTATUS_SUCCESS, devicecerts);
ctx = qeo_mgmt_client_init();
fail_if(ctx == NULL);
fail_unless(qeo_mgmt_client_enroll_device(ctx, s_url, s_rsakey, s_otp, &s_info, my_ssl_cb, (void*) COOKIE_MAGIC_NUMBER, s_certs) == QMGMTCLIENT_OK);
qeo_mgmt_client_clean(ctx);
sscep_mock_expect_called(1, 2, 1);
sk_X509_free(racerts);
sk_X509_free(devicecerts);
}
开发者ID:FlavioFalcao,项目名称:tinq-core,代码行数:19,代码来源:sscepclient.c
示例9: GetSignerCertificate
/**
This function will return the leaf signer certificate in a chain. This is
required because certificate chains are not guaranteed to have the
certificates in the order that they were issued.
A typical certificate chain looks like this:
----------------------------
| Root |
----------------------------
^
|
----------------------------
| Policy CA | <-- Typical Trust Anchor.
----------------------------
^
|
----------------------------
| Issuing CA |
----------------------------
^
|
-----------------------------
/ End-Entity (leaf) signer / <-- Bottom certificate.
----------------------------- EKU: "1.3.6.1.4.1.311.76.9.21.1"
(Firmware Signing)
@param[in] CertChain Certificate chain.
@param[out] SignerCert Last certificate in the chain. For PKCS7 signatures,
this will be the end-entity (leaf) signer cert.
@retval EFI_SUCCESS The required EKUs were found in the signature.
@retval EFI_INVALID_PARAMETER A parameter was invalid.
@retval EFI_NOT_FOUND The number of signers found was not 1.
**/
EFI_STATUS
GetSignerCertificate (
IN CONST PKCS7 *CertChain,
OUT X509 **SignerCert
)
{
EFI_STATUS Status;
STACK_OF(X509) *Signers;
INT32 NumberSigners;
Status = EFI_SUCCESS;
Signers = NULL;
NumberSigners = 0;
if (CertChain == NULL || SignerCert == NULL) {
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
//
// Get the signers from the chain.
//
Signers = PKCS7_get0_signers ((PKCS7*) CertChain, NULL, PKCS7_BINARY);
if (Signers == NULL) {
//
// Fail to get signers form PKCS7
//
Status = EFI_INVALID_PARAMETER;
goto Exit;
}
//
// There should only be one signer in the PKCS7 stack.
//
NumberSigners = sk_X509_num (Signers);
if (NumberSigners != 1) {
//
// The number of singers should have been 1
//
Status = EFI_NOT_FOUND;
goto Exit;
}
*SignerCert = sk_X509_value (Signers, 0);
Exit:
//
// Release Resources
//
if (Signers) {
sk_X509_free (Signers);
}
return Status;
}
开发者ID:lersek,项目名称:edk2,代码行数:94,代码来源:CryptPkcs7VerifyEku.c
示例10: STACK_OF
static STACK_OF(X509) *
file_to_certs(const char *file)
{
unsigned long ret;
STACK_OF(X509) *certs;
FILE *f;
if ((f = fopen(file, "r")) == NULL) {
warn("open failed %s", file);
return NULL;
}
certs = sk_X509_new_null();
for (;;) {
X509 *cert;
cert = PEM_read_X509(f, NULL, NULL, NULL);
if (cert == NULL) {
ret = ERR_GET_REASON(ERR_peek_error());
if (ret == PEM_R_NO_START_LINE) {
/* End of file reached. no error */
ERR_clear_error();
break;
}
sk_X509_free(certs);
warnx("Can't read certificate in file: %s", file);
fclose(f);
return NULL;
}
sk_X509_insert(certs, cert, sk_X509_num(certs));
}
fclose(f);
if (sk_X509_num(certs) == 0) {
sk_X509_free(certs);
certs = NULL;
warnx("No certificate found in file %s", file);
}
return certs;
}
开发者ID:Stichting-MINIX-Research-Foundation,项目名称:minix,代码行数:42,代码来源:pkcs7.c
示例11: START_TEST
END_TEST
START_TEST(test_cert_ordening_rainy)
{
qeo_mgmt_cert_contents qmcc;
int ids1[]={CERTSTORE_MASTER , CERTSTORE_RANDOM, CERTSTORE_DEVICE, -1};
int ids2[]={CERTSTORE_REALM , CERTSTORE_MASTER, CERTSTORE_RANDOM, -1};
int ids3[]={CERTSTORE_DEVICE , CERTSTORE_REALM, -1};
int ids4[]={CERTSTORE_DEVICE, CERTSTORE_MASTER, -1};
int ids5[]={CERTSTORE_MASTER, -1};
int ids6[]={CERTSTORE_REALM, CERTSTORE_MASTER, -1};
STACK_OF(X509) *chain1 = get_cert_store(ids1);
STACK_OF(X509) *chain2 = get_cert_store(ids2);
STACK_OF(X509) *chain3 = get_cert_store(ids3);
STACK_OF(X509) *chain4 = get_cert_store(ids4);
STACK_OF(X509) *chain5 = get_cert_store(ids5);
STACK_OF(X509) *chain6 = get_cert_store(ids6);
fail_if(qeo_mgmt_cert_parse(chain1, &qmcc) == QCERT_OK);
fail_if(qeo_mgmt_cert_parse(chain2, &qmcc) == QCERT_OK);
fail_if(qeo_mgmt_cert_parse(chain3, &qmcc) == QCERT_OK);
fail_if(qeo_mgmt_cert_parse(chain4, &qmcc) == QCERT_OK);
fail_if(qeo_mgmt_cert_parse(chain5, &qmcc) == QCERT_OK);
fail_if(qeo_mgmt_cert_parse(chain6, &qmcc) == QCERT_OK);
sk_X509_free(chain1);
sk_X509_free(chain2);
sk_X509_free(chain3);
sk_X509_free(chain4);
sk_X509_free(chain5);
sk_X509_free(chain6);
}
开发者ID:bq,项目名称:qeo-core,代码行数:32,代码来源:cert_parser.c
示例12: PKI_X509_PKCS7_clear_certs
int PKI_X509_PKCS7_clear_certs ( PKI_X509_PKCS7 *p7 ) {
STACK_OF(X509) *x_sk = NULL;
if ((x_sk = __get_chain ( p7 )) == NULL ) {
return PKI_ERR;
}
if ( !x_sk ) return ( PKI_OK );
sk_X509_free ( x_sk );
return ( PKI_OK );
}
开发者ID:Brenhilt,项目名称:libpki,代码行数:13,代码来源:pki_x509_pkcs7.c
示例13: STACK_OF
/**
* Returns a list of all x509 certificates in a PKCS12 object.
*/
static STACK_OF(X509) *pkcs12_listCerts(PKCS12 *p12) {
STACK_OF(X509) *x509s = sk_X509_new_null();
if (!x509s) return NULL;
// Extract all PKCS7 safes
STACK_OF(PKCS7) *pkcs7s = PKCS12_unpack_authsafes(p12);
if (!pkcs7s) {
certutil_updateErrorString();
sk_X509_free(x509s);
return NULL;
}
// For each PKCS7 safe
int nump = sk_PKCS7_num(pkcs7s);
for (int p = 0; p < nump; p++) {
PKCS7 *p7 = sk_PKCS7_value(pkcs7s, p);
if (!p7) continue;
STACK_OF(PKCS12_SAFEBAG) *safebags = PKCS12_unpack_p7data(p7);
if (!safebags) {
certutil_updateErrorString();
continue;
}
// For each PKCS12 safebag
int numb = sk_PKCS12_SAFEBAG_num(safebags);
for (int i = 0; i < numb; i++) {
PKCS12_SAFEBAG *bag = sk_PKCS12_SAFEBAG_value(safebags, i);
if (!bag) continue;
if (M_PKCS12_bag_type(bag) == NID_certBag) {
// Extract x509 cert
X509 *x509 = PKCS12_certbag2x509(bag);
if (x509 == NULL) {
certutil_updateErrorString();
} else {
sk_X509_push(x509s, x509);
}
}
}
sk_PKCS12_SAFEBAG_pop_free(safebags, PKCS12_SAFEBAG_free);
}
sk_PKCS7_pop_free(pkcs7s, PKCS7_free);
return x509s;
}
开发者ID:xranby,项目名称:fribid,代码行数:49,代码来源:pkcs12.c
示例14: test_resp_signer
static int test_resp_signer(void)
{
OCSP_BASICRESP *bs = NULL;
X509 *signer = NULL, *tmp;
EVP_PKEY *key = NULL;
STACK_OF(X509) *extra_certs = NULL;
int ret = 0;
/*
* Test a response with no certs at all; get the signer from the
* extra certs given to OCSP_resp_get0_signer().
*/
bs = make_dummy_resp();
extra_certs = sk_X509_new_null();
if (!TEST_ptr(bs)
|| !TEST_ptr(extra_certs)
|| !TEST_true(get_cert_and_key(&signer, &key))
|| !TEST_true(sk_X509_push(extra_certs, signer))
|| !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
NULL, OCSP_NOCERTS)))
goto err;
if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, extra_certs))
|| !TEST_int_eq(X509_cmp(tmp, signer), 0))
goto err;
OCSP_BASICRESP_free(bs);
/* Do it again but include the signer cert */
bs = make_dummy_resp();
tmp = NULL;
if (!TEST_ptr(bs)
|| !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(),
NULL, 0)))
goto err;
if (!TEST_true(OCSP_resp_get0_signer(bs, &tmp, NULL))
|| !TEST_int_eq(X509_cmp(tmp, signer), 0))
goto err;
ret = 1;
err:
OCSP_BASICRESP_free(bs);
sk_X509_free(extra_certs);
X509_free(signer);
EVP_PKEY_free(key);
return ret;
}
开发者ID:IIJ-NetBSD,项目名称:netbsd-src,代码行数:44,代码来源:ocspapitest.c
示例15: throw
void Pkcs12::parse(string password) throw(Pkcs12Exception)
{
EVP_PKEY* pkey = NULL;
X509* cert = NULL;
STACK_OF(X509)* ca = NULL;
unsigned long opensslError = 0;
X509* tmp = NULL;
//Limpa fila de erros e carrega tabelas
ERR_clear_error();
//OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
if(!PKCS12_parse(this->pkcs12, password.c_str(), &pkey, &cert, &ca))
{
opensslError = ERR_get_error();
switch(ERR_GET_REASON(opensslError))
{
case PKCS12_R_MAC_VERIFY_FAILURE :
throw Pkcs12Exception(Pkcs12Exception::PARSE_ERROR, "Pkcs12::parse");
break;
case PKCS12_R_PARSE_ERROR :
throw Pkcs12Exception(Pkcs12Exception::MAC_VERIFY_FAILURE, "Pkcs12::parse");
break;
}
}
this->privKey = new PrivateKey(pkey);
this->cert = new Certificate(cert);
for(int i = 0 ; i < sk_X509_num(ca) ; i ++)
{
tmp = sk_X509_value(ca, i);
this->ca.push_back(new Certificate(tmp));
}
sk_X509_free(ca);
}
开发者ID:GNakayama,项目名称:libcryptosec,代码行数:40,代码来源:Pkcs12.cpp
示例16: openssl_pkcs12_cert
void openssl_pkcs12_cert()
{
FILE *tmpfile;
PKCS12 *pkcs12s;
EVP_PKEY *certprk;
X509 *cscert, *cacert;
STACK_OF(X509) * cacerts;
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
certprk = EVP_PKEY_new();
tmpfile = fopen(PKEYF, "r");
certprk = PEM_read_PrivateKey(tmpfile, NULL, NULL, NULL);
fclose(tmpfile);
tmpfile = fopen(PCERTF, "r");
cscert = PEM_read_X509(tmpfile, NULL, NULL, NULL);
fclose(tmpfile);
tmpfile = fopen(RCERTF, "r");
cacert = PEM_read_X509(tmpfile, NULL, NULL, NULL);
fclose(tmpfile);
pkcs12s = PKCS12_new();
cacerts = sk_X509_new_null();
sk_X509_push(cacerts, cacert);
pkcs12s = PKCS12_create("beike2012", "mypkcs12", certprk, cscert,
cacerts, 0, 0, 0, 0, 0);
tmpfile = fopen(PKCS12F, "w");
if (i2d_PKCS12_fp(tmpfile, pkcs12s) <= 0)
openssl_error_show("i2d_PKCS12_fp", 1);
fclose(tmpfile);
sk_X509_free(cacerts);
PKCS12_free(pkcs12s);
}
开发者ID:beike2020,项目名称:source,代码行数:36,代码来源:openssl_base.c
示例17: util_encrypt
// Encrypt a block of data for a target certificate
int __fastcall util_encrypt(struct util_cert cert, char* data, int datalen, char** encdata)
{
int size = 0;
BIO *in = NULL;
PKCS7 *message = NULL;
STACK_OF(X509) *encerts = NULL;
*encdata = NULL;
if (datalen == 0) return 0;
// Setup certificates
encerts = sk_X509_new_null();
sk_X509_push(encerts, cert.x509);
// Encrypt the block
*encdata = NULL;
in = BIO_new_mem_buf(data, datalen);
message = PKCS7_encrypt(encerts, in, EVP_aes_128_cbc(), PKCS7_BINARY);
if (message == NULL) return 0;
size = i2d_PKCS7(message, (unsigned char**)encdata);
BIO_free(in);
PKCS7_free(message);
sk_X509_free(encerts);
return size;
}
开发者ID:Globik,项目名称:meshcentwebrtc,代码行数:25,代码来源:utils.c
示例18: X509_verify_cert
//.........这里部分代码省略.........
else
{
/* extract and save self signed certificate for later use */
chain_ss=sk_X509_pop(ctx->chain);
ctx->last_untrusted--;
num--;
x=sk_X509_value(ctx->chain,num-1);
}
}
/* We now lookup certs from the certificate store */
for (;;)
{
/* If we have enough, we break */
if (depth < num) break;
/* If we are self signed, we break */
xn=X509_get_issuer_name(x);
if (ctx->check_issued(ctx,x,x)) break;
ok = ctx->get_issuer(&xtmp, ctx, x);
if (ok < 0) return ok;
if (ok == 0) break;
x = xtmp;
if (!sk_X509_push(ctx->chain,x))
{
X509_free(xtmp);
X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
return 0;
}
num++;
}
/* we now have our chain, lets check it... */
xn=X509_get_issuer_name(x);
/* Is last certificate looked up self signed? */
if (!ctx->check_issued(ctx,x,x))
{
if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
{
if (ctx->last_untrusted >= num)
ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
else
ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
ctx->current_cert=x;
}
else
{
sk_X509_push(ctx->chain,chain_ss);
num++;
ctx->last_untrusted=num;
ctx->current_cert=chain_ss;
ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
chain_ss=NULL;
}
ctx->error_depth=num-1;
ok=cb(0,ctx);
if (!ok) goto end;
}
/* We have the chain complete: now we need to check its purpose */
ok = check_chain_extensions(ctx);
if (!ok) goto end;
/* The chain extensions are OK: check trust */
if (ctx->trust > 0) ok = check_trust(ctx);
if (!ok) goto end;
/* We may as well copy down any DSA parameters that are required */
X509_get_pubkey_parameters(NULL,ctx->chain);
/* Check revocation status: we do this after copying parameters
* because they may be needed for CRL signature verification.
*/
ok = ctx->check_revocation(ctx);
if(!ok) goto end;
/* At this point, we have a chain and just need to verify it */
if (ctx->verify != NULL)
ok=ctx->verify(ctx);
else
ok=internal_verify(ctx);
if (0)
{
end:
X509_get_pubkey_parameters(NULL,ctx->chain);
}
if (sktmp != NULL) sk_X509_free(sktmp);
if (chain_ss != NULL) X509_free(chain_ss);
return ok;
}
开发者ID:hrulez,项目名称:Actiontec-V1000H,代码行数:101,代码来源:x509_vfy.c
示例19: cert_pkcs7_wrap
//.........这里部分代码省略.........
}
/* Use different CA cert for encryption if requested */
if (1 == hasra)
{
if (sk_X509_push(recipients, cert_encert) <= 0)
{
goto end;
}
}
else
{
/* Use same CA cert also for encryption */
if (sk_X509_push(recipients, cert_cacert) <= 0)
{
goto end;
}
}
/* Create BIO for encryption */
if ((encbio = BIO_new_mem_buf(s->request_payload,s->request_len)) == NULL)
{
goto end;
}
/* Encrypt */
if (NULL == (p7enc = PKCS7_encrypt(recipients, encbio, cert_enc_alg, PKCS7_BINARY)))
{
goto end;
}
BIO_free(encbio);
encbio = NULL;
sk_X509_free(recipients);
recipients = NULL;
/* Write encrypted data */
memorybio = BIO_new(BIO_s_mem());
if (i2d_PKCS7_bio(memorybio, p7enc) <= 0)
{
goto end;
}
PKCS7_free(p7enc);
p7enc = NULL;
(void)BIO_flush(memorybio);
BIO_set_flags(memorybio, BIO_FLAGS_MEM_RDONLY);
len = BIO_get_mem_data(memorybio, &buffer);
/* Create outer PKCS#7 */
s->request_p7 = PKCS7_new();
if (s->request_p7 == NULL)
{
goto end;
}
if (!PKCS7_set_type(s->request_p7, NID_pkcs7_signed))
{
goto end;
}
/* Add signer certificate and signature */
PKCS7_add_certificate(s->request_p7, signercert);
if ((si = PKCS7_add_signature(s->request_p7,signercert, signerkey, cert_sig_alg)) == NULL)
{
goto end;
}
开发者ID:millken,项目名称:zhuxianB30,代码行数:67,代码来源:cert_scep.c
示例20: MAIN
//.........这里部分代码省略.........
#endif
for(i = 0; i < sk_X509_num(certs); i++) {
ucert = sk_X509_value(certs, i);
if(X509_check_private_key(ucert, key)) {
X509_digest(ucert, EVP_sha1(), keyid, &keyidlen);
break;
}
}
if(!keyidlen) {
ucert = NULL;
BIO_printf(bio_err, "No certificate matches private key\n");
goto export_end;
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("reading certs from certfile");
#endif
bags = sk_PKCS12_SAFEBAG_new_null ();
/* Add any more certificates asked for */
if (certfile) {
STACK_OF(X509) *morecerts=NULL;
if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
NULL, e,
"certificates from certfile"))) {
goto export_end;
}
while(sk_X509_num(morecerts) > 0) {
sk_X509_push(certs, sk_X509_shift(morecerts));
}
sk_X509_free(morecerts);
}
#ifdef CRYPTO_MDEBUG
CRYPTO_pop_info();
CRYPTO_push_info("building chain");
#endif
/* If chaining get chain from user cert */
if (chain) {
int vret;
STACK_OF(X509) *chain2;
X509_STORE *store = X509_STORE_new();
if (!store)
{
BIO_printf (bio_err, "Memory allocation error\n");
goto export_end;
}
if (!X509_STORE_load_locations(store, CAfile, CApath))
X509_STORE_set_default_paths (store);
vret = get_cert_chain (ucert, store, &chain2);
X509_STORE_free(store);
if (!vret) {
/* Exclude verified certificate */
for (i = 1; i < sk_X509_num (chain2) ; i++)
sk_X509_push(certs, sk_X509_value (chain2, i));
/* Free first certificate */
X509_free(sk_X509_value(chain2, 0));
sk_X509_free(chain2);
} else {
BIO_printf (bio_err, "Error %s getting chain.\n",
开发者ID:xyzy,项目名称:mips-openssl_0.9.7,代码行数:67,代码来源:pkcs12.c
注:本文中的sk_X509_free函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论