diff options
| author | fengweihao <[email protected]> | 2019-10-12 16:42:33 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2019-10-12 16:42:33 +0800 |
| commit | 197fb310d9453f7b5c7f82c8bb9a73fc9537187f (patch) | |
| tree | 291daed6ac0fb0602aab9bd6b059fe9c561b062c | |
| parent | f7eda1fab8d3f8014f30ddb525f5c4e8bc75b966 (diff) | |
* 修改公私钥匹配,支持证书文件无序
* 循环获取最有后一级证书,使用最后一级证书进行公私钥匹配
| -rw-r--r-- | src/x509.c | 81 |
1 files changed, 78 insertions, 3 deletions
@@ -144,6 +144,82 @@ finish: return; } +int x509_get_last_ca(const char *file, X509 *cx509) +{ + int last = 0; + X509 *x = NULL; + BIO *bio = NULL; + + if ((bio = BIO_new(BIO_s_file())) == NULL) + { + goto finish; + } + if (BIO_read_filename(bio, file) <= 0) + { + goto finish; + } + while(NULL!=(x=PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL))) + { + if (0 == X509_NAME_cmp(X509_get_issuer_name(x), X509_get_subject_name(cx509))) + { + last = 1; + X509_free(x); + break; + }; + X509_free(x); + } + BIO_free (bio); +finish: + return last; +} + +X509* x509_get_root_ca(const char *file, STACK_OF(X509) **stack_ca) +{ + int x509_cnt = 0; + X509 *x = NULL, *end = NULL; + BIO *bio = NULL; + STACK_OF(X509) *stack_x509 = NULL; + + if ((bio = BIO_new(BIO_s_file())) == NULL) + { + goto finish; + } + if (BIO_read_filename(bio, file) <= 0) + { + goto finish; + } + if ((stack_x509 = sk_X509_new_null()) == NULL) + { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + goto finish; + } + + while(NULL!=(x=PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL))) + { + if (0 == X509_NAME_cmp(X509_get_issuer_name(x), X509_get_subject_name(x))) + { + /*This is root ca**/ + continue; + X509_free(x); + }; + /*This is last ca*/ + if (x509_get_last_ca(file, x) == 0) + { + end = x; + continue; + } + sk_X509_push(stack_x509, x); + x509_cnt++; + X509_free(x); + } + if (x509_cnt >= 1) + *stack_ca = stack_x509; + + BIO_free (bio); +finish: + return end; +} + static X509 * cert_base_load_x509 (BIO * in_bio, STACK_OF(X509) **stack_ca, int iFormat) { @@ -780,12 +856,11 @@ x509_parse_check(char *cafile, char *keyfile) X509 *x509 = NULL; STACK_OF(X509) *stack_ca = NULL; - - x509 = cert_load_x509(cafile, &informat, &stack_ca); + x509 = x509_get_root_ca(cafile, &stack_ca); if (!x509){ printf("unable to load certificate\n"); goto finish; - } + } if (!X509_check_private_key(x509, pkey)) { printf("Matching failure\n"); }else{ |