本文整理汇总了C++中sk_GENERAL_NAME_num函数的典型用法代码示例。如果您正苦于以下问题:C++ sk_GENERAL_NAME_num函数的具体用法?C++ sk_GENERAL_NAME_num怎么用?C++ sk_GENERAL_NAME_num使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了sk_GENERAL_NAME_num函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: php_mongodb_matches_san_list
int php_mongodb_matches_san_list(X509 *peer, const char *subject_name) /* {{{ */
{
int i, len;
unsigned char *cert_name = NULL;
char ipbuffer[64];
GENERAL_NAMES *alt_names = X509_get_ext_d2i(peer, NID_subject_alt_name, 0, 0);
int alt_name_count = sk_GENERAL_NAME_num(alt_names);
for (i = 0; i < alt_name_count; i++) {
GENERAL_NAME *san = sk_GENERAL_NAME_value(alt_names, i);
if (san->type == GEN_DNS) {
ASN1_STRING_to_UTF8(&cert_name, san->d.dNSName);
if ((size_t)ASN1_STRING_length(san->d.dNSName) != strlen((const char*)cert_name)) {
OPENSSL_free(cert_name);
/* prevent null-byte poisoning*/
continue;
}
/* accommodate valid FQDN entries ending in "." */
len = strlen((const char*)cert_name);
if (len && strcmp((const char *)&cert_name[len-1], ".") == 0) {
cert_name[len-1] = '\0';
}
if (php_mongodb_matches_wildcard_name(subject_name, (const char *)cert_name) == SUCCESS) {
OPENSSL_free(cert_name);
return SUCCESS;
}
OPENSSL_free(cert_name);
} else if (san->type == GEN_IPADD) {
if (san->d.iPAddress->length == 4) {
sprintf(ipbuffer, "%d.%d.%d.%d",
san->d.iPAddress->data[0],
san->d.iPAddress->data[1],
san->d.iPAddress->data[2],
san->d.iPAddress->data[3]
);
if (strcasecmp(subject_name, (const char*)ipbuffer) == 0) {
return SUCCESS;
}
}
/* No, we aren't bothering to check IPv6 addresses. Why?
* Because IP SAN names are officially deprecated and are
* not allowed by CAs starting in 2015. Deal with it.
*/
}
}
return FAILURE;
}
开发者ID:Anuga,项目名称:mongo-php-driver,代码行数:52,代码来源:php-ssl.c
示例2: check_alt_names
static int
check_alt_names(X509 *cert, const char *hostname)
{
STACK_OF(GENERAL_NAME) *alt_names;
int i, num;
int ret = 1;
union {
struct in_addr v4;
struct in6_addr v6;
} ip;
unsigned ip_size = 0;
/* check whether @hostname is an ip address */
if (strchr(hostname, ':') != NULL) {
ip_size = 16;
ret = inet_pton(AF_INET6, hostname, &ip.v6);
} else {
ip_size = 4;
ret = inet_pton(AF_INET, hostname, &ip.v4);
}
if (ret == 0)
return -1;
ret = -1;
alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (!alt_names)
return ret;
num = sk_GENERAL_NAME_num(alt_names);
tdsdump_log(TDS_DBG_INFO1, "Alt names number %d\n", num);
for (i = 0; i < num; ++i) {
const char *altptr;
size_t altlen;
const GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
if (!name)
continue;
altptr = (const char *) ASN1_STRING_data(name->d.ia5);
altlen = (size_t) ASN1_STRING_length(name->d.ia5);
if (name->type == GEN_DNS && ip_size == 0) {
ret = 0;
if (!check_name_match(name->d.dNSName, hostname))
continue;
} else if (name->type == GEN_IPADD && ip_size != 0) {
ret = 0;
if (altlen != ip_size || memcmp(altptr, &ip, altlen) != 0)
continue;
} else {
continue;
}
sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
return 1;
}
sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
return ret;
}
开发者ID:hutchinson,项目名称:freetds,代码行数:60,代码来源:tls.c
示例3: X509_get_ext_d2i
bool PeerID::Certificate::checkAltNames(boost::asio::ip::address& address) const
{
GENERAL_NAMES* gens = static_cast<GENERAL_NAMES*>(
X509_get_ext_d2i(x509_, NID_subject_alt_name, 0, 0));
BOOST_SCOPE_EXIT(gens){
GENERAL_NAMES_free(gens);
}BOOST_SCOPE_EXIT_END;
for (int i = 0; i < sk_GENERAL_NAME_num(gens); ++i)
{
GENERAL_NAME* gen = sk_GENERAL_NAME_value(gens, i);
if (gen->type == GEN_IPADD)
{
ASN1_OCTET_STRING* ip = gen->d.iPAddress;
if (ip->type == V_ASN1_OCTET_STRING && ip->data)
{
return (
(address.is_v4() && ip->length == 4 &&
std::memcmp(address.to_v4().to_bytes().data(), ip->data, 4) == 0) ||
(address.is_v6() && ip->length == 16 &&
std::memcmp(address.to_v6().to_bytes().data(), ip->data, 16) == 0)
);
}
}
}
}
开发者ID:nelsonleezonhat,项目名称:PolyProxy,代码行数:25,代码来源:PeerID.cpp
示例4: peer_from_x509
/* Gets information about the peer's X509 cert as a tsi_peer object. */
static tsi_result peer_from_x509(X509* cert, int include_certificate_type,
tsi_peer* peer) {
/* TODO(jboeuf): Maybe add more properties. */
GENERAL_NAMES* subject_alt_names =
X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0);
int subject_alt_name_count =
(subject_alt_names != NULL) ? sk_GENERAL_NAME_num(subject_alt_names) : 0;
size_t property_count = (include_certificate_type ? 1 : 0) +
1 /* common name */ + subject_alt_name_count;
tsi_result result = tsi_construct_peer(property_count, peer);
if (result != TSI_OK) return result;
do {
if (include_certificate_type) {
result = tsi_construct_string_peer_property_from_cstring(
TSI_CERTIFICATE_TYPE_PEER_PROPERTY, TSI_X509_CERTIFICATE_TYPE,
&peer->properties[0]);
if (result != TSI_OK) break;
}
result = peer_property_from_x509_common_name(
cert, &peer->properties[include_certificate_type ? 1 : 0]);
if (result != TSI_OK) break;
if (subject_alt_name_count != 0) {
result = add_subject_alt_names_properties_to_peer(peer, subject_alt_names,
subject_alt_name_count);
if (result != TSI_OK) break;
}
} while (0);
if (subject_alt_names != NULL) {
sk_GENERAL_NAME_pop_free(subject_alt_names, GENERAL_NAME_free);
}
if (result != TSI_OK) tsi_peer_destruct(peer);
return result;
}
开发者ID:Infixz,项目名称:grpc,代码行数:36,代码来源:ssl_transport_security.c
示例5: crl_revoked_issuer_match
static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
X509_REVOKED *rev)
{
int i;
if (!rev->issuer) {
if (!nm)
return 1;
if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
return 1;
return 0;
}
if (!nm)
nm = X509_CRL_get_issuer(crl);
for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) {
GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
if (gen->type != GEN_DIRNAME)
continue;
if (!X509_NAME_cmp(nm, gen->d.directoryName))
return 1;
}
return 0;
}
开发者ID:DarovskikhAndrei,项目名称:openssl,代码行数:26,代码来源:x_crl.c
示例6: GENERAL_NAMES_free
std::unique_ptr<std::list<std::string>> SSLUtil::getSubjectAltName(
const X509* cert) {
#ifdef OPENSSL_GE_101
auto nameList = folly::make_unique<std::list<std::string>>();
GENERAL_NAMES* names = (GENERAL_NAMES*)X509_get_ext_d2i(
(X509*)cert, NID_subject_alt_name, nullptr, nullptr);
if (names) {
auto guard = folly::makeGuard([names] { GENERAL_NAMES_free(names); });
size_t count = sk_GENERAL_NAME_num(names);
CHECK(count < std::numeric_limits<int>::max());
for (int i = 0; i < (int)count; ++i) {
GENERAL_NAME* generalName = sk_GENERAL_NAME_value(names, i);
if (generalName->type == GEN_DNS) {
ASN1_STRING* s = generalName->d.dNSName;
const char* name = (const char*)ASN1_STRING_data(s);
// I can't find any docs on what a negative return value here
// would mean, so I'm going to ignore it.
auto len = ASN1_STRING_length(s);
DCHECK(len >= 0);
if (size_t(len) != strlen(name)) {
// Null byte(s) in the name; return an error rather than depending on
// the caller to safely handle this case.
return nullptr;
}
nameList->emplace_back(name);
}
}
}
return nameList;
#else
return nullptr;
#endif
}
开发者ID:Abioy,项目名称:proxygen,代码行数:33,代码来源:SSLUtil.cpp
示例7: setup_dp
static void setup_dp(X509 *x, DIST_POINT *dp)
{
X509_NAME *iname = NULL;
int i;
if (dp->reasons)
{
if (dp->reasons->length > 0)
dp->dp_reasons = dp->reasons->data[0];
if (dp->reasons->length > 1)
dp->dp_reasons |= (dp->reasons->data[1] << 8);
dp->dp_reasons &= CRLDP_ALL_REASONS;
}
else
dp->dp_reasons = CRLDP_ALL_REASONS;
if (!dp->distpoint || (dp->distpoint->type != 1))
return;
for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++)
{
GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
if (gen->type == GEN_DIRNAME)
{
iname = gen->d.directoryName;
break;
}
}
if (!iname)
iname = X509_get_issuer_name(x);
DIST_POINT_set_dpname(dp->distpoint, iname);
}
开发者ID:benlaurie,项目名称:openssl-old,代码行数:31,代码来源:v3_purp.c
示例8: check_alt_names
char *
check_alt_names(char *host, char *fqdn, X509 *x509)
{
char *found, *buf;
const GENERAL_NAMES *ans;
const GENERAL_NAME *p;
int n;
ans = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
if (ans == NULL)
return (NULL);
n = sk_GENERAL_NAME_num(ans);
found = NULL;
while (n-- > 0 && found == NULL) {
p = sk_GENERAL_NAME_value(ans, n);
if (p == NULL || p->type != GEN_DNS)
continue;
if (ASN1_STRING_to_UTF8((u_char **)&buf, p->d.dNSName) <= 0)
continue;
if (fnmatch(buf, host, FNM_NOESCAPE|FNM_CASEFOLD) == 0 ||
(fqdn != NULL &&
fnmatch(buf, fqdn, FNM_NOESCAPE|FNM_CASEFOLD) == 0))
found = buf;
OPENSSL_free(buf);
}
sk_GENERAL_NAME_free(ans);
return (found);
}
开发者ID:avkrotov,项目名称:fdm,代码行数:30,代码来源:connect.c
示例9: matches_subject_alternative_name
/**
* Tries to find a match for hostname in the certificate's Subject Alternative Name extension.
*
* Returns MatchFound if a match was found.
* Returns MatchNotFound if no matches were found.
* Returns MalformedCertificate if any of the hostnames had a NUL character embedded in it.
* Returns NoSANPresent if the SAN extension was not present in the certificate.
*/
static HostnameValidationResult matches_subject_alternative_name(const char *hostname, const X509 *server_cert) {
HostnameValidationResult result = MatchNotFound;
int i;
int san_names_nb = -1;
STACK_OF(GENERAL_NAME) *san_names = NULL;
// Try to extract the names within the SAN extension from the certificate
san_names = X509_get_ext_d2i((X509 *) server_cert, NID_subject_alt_name, NULL, NULL);
if (san_names == NULL) {
return NoSANPresent;
}
san_names_nb = sk_GENERAL_NAME_num(san_names);
// Check each name within the extension
for (i=0; i<san_names_nb; i++) {
const GENERAL_NAME *current_name = sk_GENERAL_NAME_value(san_names, i);
if (current_name->type == GEN_DNS) {
// Current name is a DNS name, let's check it
result = validate_name(hostname, current_name->d.dNSName);
if (result != MatchNotFound) {
break;
}
}
}
sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free);
return result;
}
开发者ID:devnexen,项目名称:h2o,代码行数:37,代码来源:openssl_hostname_validation.c
示例10: verify_hostname
static int verify_hostname(X509 *cert, const char *hostname)
{
int len;
X509_NAME *subj;
char cname[1000];
int i, found;
STACK_OF(GENERAL_NAME) *subj_alt_names;
/* try the DNS subjectAltNames */
found = 0;
if ((subj_alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL))) {
int num_subj_alt_names = sk_GENERAL_NAME_num(subj_alt_names);
for (i = 0; !found && i < num_subj_alt_names; i++) {
GENERAL_NAME *subj_alt_name = sk_GENERAL_NAME_value(subj_alt_names, i);
if (subj_alt_name->type == GEN_DNS &&
strlen((const char *)subj_alt_name->d.ia5->data) == (size_t)subj_alt_name->d.ia5->length &&
host_matches(hostname, (const char *)(subj_alt_name->d.ia5->data)))
found = 1;
}
sk_GENERAL_NAME_pop_free(subj_alt_names, GENERAL_NAME_free);
}
if (found)
return 0;
/* try the common name */
if (!(subj = X509_get_subject_name(cert)))
return error("cannot get certificate subject");
if ((len = X509_NAME_get_text_by_NID(subj, NID_commonName, cname, sizeof(cname))) < 0)
return error("cannot get certificate common name");
if (strlen(cname) == (size_t)len && host_matches(hostname, cname))
return 0;
return error("certificate owner '%s' does not match hostname '%s'",
cname, hostname);
}
开发者ID:Fykec,项目名称:git,代码行数:34,代码来源:imap-send.c
示例11: verify_hostname
static int
verify_hostname(const char *hostname, X509 *cert, char *errbuf, size_t errlen)
{
int i;
/* domainname is the "domain" we wan't to access (actually hostname
* with first part of the DNS name removed) */
const char *domainname = strchr(hostname, '.');
if(domainname != NULL) {
domainname++;
if(strlen(domainname) == 0)
domainname = NULL;
}
// First check commonName
X509_NAME *subjectName;
char commonName[256];
subjectName = X509_get_subject_name(cert);
if(X509_NAME_get_text_by_NID(subjectName, NID_commonName,
commonName, sizeof(commonName)) != -1) {
if(!strcmp(commonName, hostname))
return 0;
}
// Then check altNames
GENERAL_NAMES *names = X509_get_ext_d2i( cert, NID_subject_alt_name, 0, 0);
if(names == NULL) {
snprintf(errbuf, errlen, "SSL: No subjectAltName extension");
return -1;
}
const int num_names = sk_GENERAL_NAME_num(names);
for(i = 0; i < num_names; ++i ) {
GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
unsigned char *dns;
int match;
if(name->type != GEN_DNS)
continue;
ASN1_STRING_to_UTF8(&dns, name->d.dNSName);
if(dns[0] == '*' && dns[1] == '.') {
match = domainname != NULL && !strcasecmp((char *)dns+2, domainname);
} else {
match = !strcasecmp((char *)dns, hostname);
}
OPENSSL_free(dns);
if(match)
return 0;
}
snprintf(errbuf, errlen, "SSL: Hostname mismatch");
return -1;
}
开发者ID:yfqian,项目名称:libsvc,代码行数:59,代码来源:tcp.c
示例12: irssi_ssl_verify_hostname
/* based on verify_extract_name from tls_client.c in postfix */
static gboolean irssi_ssl_verify_hostname(X509 *cert, const char *hostname)
{
int gen_index, gen_count;
gboolean matched = FALSE, has_dns_name = FALSE;
const char *cert_dns_name;
char *cert_subject_cn;
const GENERAL_NAME *gn;
STACK_OF(GENERAL_NAME) * gens;
GString *alt_names;
alt_names = g_string_new("");
/* Verify the dNSName(s) in the peer certificate against the hostname. */
gens = X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0);
if (gens) {
gen_count = sk_GENERAL_NAME_num(gens);
for (gen_index = 0; gen_index < gen_count && !matched; ++gen_index) {
gn = sk_GENERAL_NAME_value(gens, gen_index);
if (gn->type != GEN_DNS)
continue;
/* Even if we have an invalid DNS name, we still ultimately
ignore the CommonName, because subjectAltName:DNS is
present (though malformed). */
has_dns_name = TRUE;
cert_dns_name = tls_dns_name(gn);
if (cert_dns_name && *cert_dns_name) {
g_string_append_printf(alt_names, " '%s'", cert_dns_name);
matched = match_hostname(cert_dns_name, hostname);
}
}
/* Free stack *and* member GENERAL_NAME objects */
sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
}
if (has_dns_name) {
if (! matched) {
/* The CommonName in the issuer DN is obsolete when SubjectAltName is available. */
g_warning("None of the Subject Alt Names%s in the certificate match hostname '%s'", alt_names->str, hostname);
}
g_string_free(alt_names, TRUE);
return matched;
} else { /* No subjectAltNames, look at CommonName */
g_string_free(alt_names, TRUE);
cert_subject_cn = tls_text_name(X509_get_subject_name(cert), NID_commonName);
if (cert_subject_cn && *cert_subject_cn) {
matched = match_hostname(cert_subject_cn, hostname);
if (! matched) {
g_warning("SSL certificate common name '%s' doesn't match host name '%s'", cert_subject_cn, hostname);
}
} else {
g_warning("No subjectAltNames and no valid common name in certificate");
}
free(cert_subject_cn);
}
return matched;
}
开发者ID:mauke,项目名称:irssi-hax,代码行数:60,代码来源:network-openssl.c
示例13: X509_get_subject_name
void OpenSSLCertificate::parse() {
if (!cert) {
return;
}
// Subject name
X509_NAME* subjectName = X509_get_subject_name(cert.get());
if (subjectName) {
// Subject name
ByteArray subjectNameData;
subjectNameData.resize(256);
X509_NAME_oneline(X509_get_subject_name(cert.get()), reinterpret_cast<char*>(subjectNameData.getData()), subjectNameData.getSize());
this->subjectName = std::string(reinterpret_cast<const char*>(subjectNameData.getData()));
// Common name
int cnLoc = X509_NAME_get_index_by_NID(subjectName, NID_commonName, -1);
while (cnLoc != -1) {
X509_NAME_ENTRY* cnEntry = X509_NAME_get_entry(subjectName, cnLoc);
ASN1_STRING* cnData = X509_NAME_ENTRY_get_data(cnEntry);
commonNames.push_back(ByteArray(cnData->data, cnData->length).toString());
cnLoc = X509_NAME_get_index_by_NID(subjectName, NID_commonName, cnLoc);
}
}
// subjectAltNames
int subjectAltNameLoc = X509_get_ext_by_NID(cert.get(), NID_subject_alt_name, -1);
if(subjectAltNameLoc != -1) {
X509_EXTENSION* extension = X509_get_ext(cert.get(), subjectAltNameLoc);
boost::shared_ptr<GENERAL_NAMES> generalNames(reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(extension)), GENERAL_NAMES_free);
boost::shared_ptr<ASN1_OBJECT> xmppAddrObject(OBJ_txt2obj(ID_ON_XMPPADDR_OID, 1), ASN1_OBJECT_free);
boost::shared_ptr<ASN1_OBJECT> dnsSRVObject(OBJ_txt2obj(ID_ON_DNSSRV_OID, 1), ASN1_OBJECT_free);
for (int i = 0; i < sk_GENERAL_NAME_num(generalNames.get()); ++i) {
GENERAL_NAME* generalName = sk_GENERAL_NAME_value(generalNames.get(), i);
if (generalName->type == GEN_OTHERNAME) {
OTHERNAME* otherName = generalName->d.otherName;
if (OBJ_cmp(otherName->type_id, xmppAddrObject.get()) == 0) {
// XmppAddr
if (otherName->value->type != V_ASN1_UTF8STRING) {
continue;
}
ASN1_UTF8STRING* xmppAddrValue = otherName->value->value.utf8string;
addXMPPAddress(ByteArray(ASN1_STRING_data(xmppAddrValue), ASN1_STRING_length(xmppAddrValue)).toString());
}
else if (OBJ_cmp(otherName->type_id, dnsSRVObject.get()) == 0) {
// SRVName
if (otherName->value->type != V_ASN1_IA5STRING) {
continue;
}
ASN1_IA5STRING* srvNameValue = otherName->value->value.ia5string;
addSRVName(ByteArray(ASN1_STRING_data(srvNameValue), ASN1_STRING_length(srvNameValue)).toString());
}
}
else if (generalName->type == GEN_DNS) {
// DNSName
addDNSName(ByteArray(ASN1_STRING_data(generalName->d.dNSName), ASN1_STRING_length(generalName->d.dNSName)).toString());
}
}
}
}
开发者ID:bessey,项目名称:picnic-doc-server,代码行数:59,代码来源:OpenSSLCertificate.cpp
示例14: s2n_verify_host_information
/*
* For each name in the cert. Iterate them. Call the callback. If one returns true, then consider it validated,
* if none of them return true, the cert is considered invalid.
*/
static uint8_t s2n_verify_host_information(struct s2n_x509_validator *validator, struct s2n_connection *conn, X509 *public_cert) {
uint8_t verified = 0;
uint8_t san_found = 0;
/* Check SubjectAltNames before CommonName as per RFC 6125 6.4.4 */
STACK_OF(GENERAL_NAME) *names_list = X509_get_ext_d2i(public_cert, NID_subject_alt_name, NULL, NULL);
int n = sk_GENERAL_NAME_num(names_list);
for (int i = 0; i < n && !verified; i++) {
GENERAL_NAME *current_name = sk_GENERAL_NAME_value(names_list, i);
if (current_name->type == GEN_DNS) {
san_found = 1;
const char *name = (const char *) ASN1_STRING_data(current_name->d.ia5);
size_t name_len = (size_t) ASN1_STRING_length(current_name->d.ia5);
verified = conn->verify_host_fn(name, name_len, conn->data_for_verify_host);
}
}
GENERAL_NAMES_free(names_list);
/* if no SubjectAltNames of type DNS found, go to the common name. */
if (!san_found) {
X509_NAME *subject_name = X509_get_subject_name(public_cert);
if (subject_name) {
int next_idx = 0, curr_idx = -1;
while ((next_idx = X509_NAME_get_index_by_NID(subject_name, NID_commonName, curr_idx)) >= 0) {
curr_idx = next_idx;
}
if (curr_idx >= 0) {
ASN1_STRING *common_name =
X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject_name, curr_idx));
if (common_name) {
char peer_cn[255];
static size_t peer_cn_size = sizeof(peer_cn);
memset_check(&peer_cn, 0, peer_cn_size);
// X520CommonName allows the following ANSI string types per RFC 5280 Appendix A.1
if (ASN1_STRING_type(common_name) == V_ASN1_TELETEXSTRING ||
ASN1_STRING_type(common_name) == V_ASN1_PRINTABLESTRING ||
ASN1_STRING_type(common_name) == V_ASN1_UNIVERSALSTRING ||
ASN1_STRING_type(common_name) == V_ASN1_UTF8STRING ||
ASN1_STRING_type(common_name) == V_ASN1_BMPSTRING ) {
size_t len = (size_t) ASN1_STRING_length(common_name);
lte_check(len, sizeof(peer_cn) - 1);
memcpy_check(peer_cn, ASN1_STRING_data(common_name), len);
verified = conn->verify_host_fn(peer_cn, len, conn->data_for_verify_host);
}
}
}
}
}
return verified;
}
开发者ID:gibson-compsci,项目名称:s2n,代码行数:63,代码来源:s2n_x509_validator.c
示例15: CheckCRL
static void CheckCRL(X509 *x509)
{
int idx = -1;
do
{
int critical = -1;
STACK_OF(DIST_POINT) *crls = X509_get_ext_d2i(x509, NID_crl_distribution_points, &critical, &idx);
if (crls == NULL)
{
if (critical >= 0)
{
/* Found but fails to parse */
SetError(ERR_INVALID);
continue;
}
/* Not found */
break;
}
for (int i = 0; i < sk_DIST_POINT_num(crls); i++)
{
DIST_POINT *dp = sk_DIST_POINT_value(crls, i);
if (dp->distpoint == NULL && dp->CRLissuer == NULL)
{
SetError(ERR_INVALID_CRL_DIST_POINT);
}
if (dp->distpoint != NULL && dp->distpoint->type == 0)
{
/* full name */
for (int j = 0; j < sk_GENERAL_NAME_num(dp->distpoint->name.fullname); j++)
{
GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->distpoint->name.fullname, j);
int type;
ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type);
if (type == GEN_URI)
{
CheckValidURL(ASN1_STRING_get0_data(uri), ASN1_STRING_length(uri));
}
else
{
SetInfo(INF_CRL_NOT_URL);
}
CheckGeneralNameType(gen);
}
}
else
{
/* relative name */
SetWarning(WARN_CRL_RELATIVE);
}
}
sk_DIST_POINT_pop_free(crls, DIST_POINT_free);
}
while (1);
}
开发者ID:kroeckx,项目名称:x509lint,代码行数:58,代码来源:checks.c
示例16: _mosquitto_verify_certificate_hostname
/* This code is based heavily on the example provided in "Secure Programming
* Cookbook for C and C++".
*/
int _mosquitto_verify_certificate_hostname(X509 *cert, const char *hostname)
{
int i;
char name[256];
X509_NAME *subj;
bool have_san_dns = false;
STACK_OF(GENERAL_NAME) *san;
const GENERAL_NAME *nval;
const unsigned char *data;
unsigned char ipv6_addr[16];
unsigned char ipv4_addr[4];
int ipv6_ok;
int ipv4_ok;
#ifdef WIN32
ipv6_ok = InetPton(AF_INET6, hostname, &ipv6_addr);
ipv4_ok = InetPton(AF_INET, hostname, &ipv4_addr);
#else
ipv6_ok = inet_pton(AF_INET6, hostname, &ipv6_addr);
ipv4_ok = inet_pton(AF_INET, hostname, &ipv4_addr);
#endif
san = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if(san){
for(i=0; i<sk_GENERAL_NAME_num(san); i++){
nval = sk_GENERAL_NAME_value(san, i);
if(nval->type == GEN_DNS){
data = ASN1_STRING_data(nval->d.dNSName);
if(data && match_hostname((char *)data, hostname)){
return 1;
}
have_san_dns = true;
}else if(nval->type == GEN_IPADD){
data = ASN1_STRING_data(nval->d.iPAddress);
if(nval->d.iPAddress->length == 4 && ipv4_ok){
if(!memcmp(ipv4_addr, data, 4)){
return 1;
}
}else if(nval->d.iPAddress->length == 16 && ipv6_ok){
if(!memcmp(ipv6_addr, data, 16)){
return 1;
}
}
}
}
if(have_san_dns){
/* Only check CN if subjectAltName DNS entry does not exist. */
return 0;
}
}
subj = X509_get_subject_name(cert);
if(X509_NAME_get_text_by_NID(subj, NID_commonName, name, sizeof(name)) > 0){
name[sizeof(name) - 1] = '\0';
if (!strcasecmp(name, hostname)) return 1;
}
return 0;
}
开发者ID:yashh,项目名称:MQTTKit,代码行数:60,代码来源:tls_mosq.c
示例17: add_alt_names
static void add_alt_names(struct http_ctx *ctx, struct http_cert *cert,
GENERAL_NAMES *names)
{
int num, i;
num = sk_GENERAL_NAME_num(names);
for (i = 0; i < num; i++) {
const GENERAL_NAME *name;
name = sk_GENERAL_NAME_value(names, i);
add_alt_name(ctx, cert, name);
}
}
开发者ID:Bebooo43,项目名称:android_hardware_mediatek,代码行数:12,代码来源:http_curl.c
示例18: eventer_ssl_get_san_values
int
eventer_ssl_get_san_values(eventer_ssl_ctx_t *ctx,
X509_STORE_CTX *x509ctx) {
STACK_OF(GENERAL_NAME) * altnames;
X509 *peer;
int pos = 0;
if(!x509ctx) return 0;
peer = X509_STORE_CTX_get_current_cert(x509ctx);
altnames = X509_get_ext_d2i(peer, NID_subject_alt_name, NULL, NULL);
if (altnames) {
int i;
int numalts = sk_GENERAL_NAME_num(altnames);
char cn[4096];
mtev_boolean written = mtev_false;
memset(cn, 0, 4096);
for (i = 0; i < numalts; i++) {
const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
if (check->type != GEN_DNS) {
continue;
}
ASN1_STRING *data = check->d.dNSName;
if (written) {
/* Leave space for comma, space, data, and null byte */
if (data->length + pos > (int)sizeof(cn) - 3) {
continue;
}
cn[pos] = ',';
cn[pos+1] = ' ';
pos+=2;
}
else {
/* Leave space for data and null byte */
if (data->length + pos > (int)sizeof(cn) - 1) {
continue;
}
written = mtev_true;
}
memcpy(cn+pos, data->data, data->length);
cn[data->length+pos] = '\0';
pos = strlen(cn);
}
if (pos > 0) {
if (ctx->san_list != NULL) {
free(ctx->san_list);
}
ctx->san_list = strdup(cn);
}
sk_GENERAL_NAME_pop_free(altnames, GENERAL_NAME_free);
}
return 1;
}
开发者ID:esproul,项目名称:libmtev,代码行数:53,代码来源:eventer_SSL_fd_opset.c
示例19: extract_x509_extension
static
bool extract_x509_extension(X509 *cert, char *fieldname, char *out, int size)
{
bool retval = false;
X509_EXTENSION *pExt;
char *buf = 0;
int length = 0;
GENERAL_NAMES *extensions;
int nid = OBJ_txt2nid(fieldname);
extensions = (GENERAL_NAMES *)X509_get_ext_d2i(cert, nid, NULL, NULL);
if ( extensions )
{
int numalts;
int i;
/* get amount of alternatives,
* RFC2459 claims there MUST be at least
* one, but we don't depend on it...
*/
numalts = sk_GENERAL_NAME_num(extensions);
/* loop through all alternatives */
for (i=0; i<numalts; i++)
{
/* get a handle to alternative name number i */
const GENERAL_NAME *name = sk_GENERAL_NAME_value (extensions, i );
switch (name->type)
{
case GEN_EMAIL:
ASN1_STRING_to_UTF8((unsigned char**)&buf, name->d.ia5);
if ( strlen (buf) != name->d.ia5->length )
{
msg (D_TLS_ERRORS, "ASN1 ERROR: string contained terminating zero");
OPENSSL_free (buf);
} else {
strncpynt(out, buf, size);
OPENSSL_free(buf);
retval = true;
}
break;
default:
msg (D_TLS_ERRORS, "ASN1 ERROR: can not handle field type %i",
name->type);
break;
}
}
sk_GENERAL_NAME_free (extensions);
}
return retval;
}
开发者ID:alonbl,项目名称:openvpn,代码行数:52,代码来源:ssl_verify_openssl.c
示例20: _SSL_check_server_cert
/* Server certificate name check, logic adapted from libcurl */
static int
_SSL_check_server_cert(SSL *ssl, const char *hostname)
{
X509 *cert;
X509_NAME *subject;
const GENERAL_NAME *altname;
STACK_OF(GENERAL_NAME) *altnames;
ASN1_STRING *tmp;
int i, n, match = -1;
const char *p;
if (SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE ||
(cert = SSL_get_peer_certificate(ssl)) == NULL) {
return (1);
}
/* Check subjectAltName */
if ((altnames = X509_get_ext_d2i(cert, NID_subject_alt_name,
NULL, NULL)) != NULL) {
n = sk_GENERAL_NAME_num(altnames);
for (i = 0; i < n && match != 1; i++) {
altname = sk_GENERAL_NAME_value(altnames, i);
p = (char *)ASN1_STRING_data(altname->d.ia5);
if (altname->type == GEN_DNS) {
match = (ASN1_STRING_length(altname->d.ia5) ==
strlen(p) && match_pattern(hostname, p));
}
}
GENERAL_NAMES_free(altnames);
}
/* No subjectAltName, try CN */
if (match == -1 &&
(subject = X509_get_subject_name(cert)) != NULL) {
for (i = -1; (n = X509_NAME_get_index_by_NID(subject,
NID_commonName, i)) >= 0; ) {
i = n;
}
if (i >= 0) {
if ((tmp = X509_NAME_ENTRY_get_data(
X509_NAME_get_entry(subject, i))) != NULL &&
ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
p = (char *)ASN1_STRING_data(tmp);
match = (ASN1_STRING_length(tmp) ==
strlen(p) && match_pattern(hostname, p));
}
}
}
X509_free(cert);
return (match > 0);
}
开发者ID:dhawes,项目名称:libduo,代码行数:52,代码来源:https.c
注:本文中的sk_GENERAL_NAME_num函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论