修改实体证书未匹配，显示问题

author: fengweihao <[email protected]> 2019-08-26 17:03:04 +0800
committer: fengweihao <[email protected]> 2019-08-26 17:03:04 +0800
commit: 9cf2e7be8fbf64e214421f8757bd590b3b7cc4ad (patch)
tree: 43ef8abe34e9e667331fd30a4680c3b0bd21990e
parent: 8fa489316be959ed85136d4aa51243cf3f6aefca (diff)
1 files changed, 12 insertions, 8 deletions
diff --git a/src/x509.c b/src/x509.c
index c219083..5855caf 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -64,7 +64,7 @@ static void help()
   printf("Welcome to x509 %s\n", "1.1.1");
   printf("x509 <-incert |-inkey | -incrl | -inlist> arg\n"
          "Usage:\n"
-         "  -incert     | input certificate file\n"
+         "  -incert     | input certificate file [url]\n"
          "  -inkey      | input private key file\n"
          "  -incrl      | input certificate revocation list\n"
          "  -inlist     | input certificate list file,format = pem\n"
@@ -511,7 +511,7 @@ int X509_check_valid_date(X509 *x509)
     return 0;
 }
 
-int x509_parse_cert(char *certfile)
+int x509_parse_cert(char *certfile, char *input_url)
 {
     int xret = -1;
     int informat = 0;
@@ -530,16 +530,19 @@ int x509_parse_cert(char *certfile)
 	constraints = x509_get_ExtBasicConstraints(x509);
     printf("Ca Constraints : %s\n", (constraints != NULL)?constraints: "NULL");
 	/*end-entity certificate san**/
-	if (STRSTR(constraints, "End Entity"))
+	if ((constraints != NULL && STRSTR(constraints, "End Entity")) ||
+		 constraints == NULL)
 	{
 		char *cn = x509_get_cn(x509);
-		if (!cn || X509_check_host(x509, cn, strlen(cn), 0, NULL) != 1)
+		if (!cn || X509_check_host(x509, cn, strlen(cn), 0, NULL) != 1 ||
+			input_url == NULL || X509_check_host(x509, input_url, strlen(input_url), 0, NULL) != 1)
 		{
-			printf("Match host name: %s\n", "ERR_CERT_COMMON_NAME_INVALID");
+			printf("Match host name: %s\n", "Matching failure");
 		}
 		kfree(cn);
 	}
-	kfree(constraints);
+	printf("Match host name: %s\n", "Successful matching");
+	if (constraints) kfree(constraints);
     if (informat == LOCAL_USER_P12 || informat == LOCAL_USER_PEN){
         if (stack_ca){
            printf("Chain Length   : %d\n", sk_X509_num(stack_ca) + 1);
@@ -726,6 +729,7 @@ decoder_argv_parser(int argc, char **argv, char **infile, char **infile2)
             if (--argc < 1)
                 goto help;
             *infile = argv[i+1];
+			*infile2 = argv[i+2];
             iformat = INPUT_FILE_CERT;
             break;
         }
@@ -739,7 +743,7 @@ decoder_argv_parser(int argc, char **argv, char **infile, char **infile2)
         if (STRCMP(argv[i], "-inlist")== 0){
             if (--argc < 1)
                 goto help;
-            *infile = argv[i+1];
+            *infile = argv[i+1];			
             iformat = INPUT_FILE_LIST;
             break;
         }
@@ -802,7 +806,7 @@ int x509_check_format(int argc, char **argv)
             x509_parse_key(infile);
             break;
         case INPUT_FILE_CERT:
-            x509_parse_cert(infile);
+            x509_parse_cert(infile, infile2);
             break;
         case INPUT_FILE_CRL:
             x509_parse_crl(infile);
author	fengweihao <[email protected]>	2019-08-26 17:03:04 +0800
committer	fengweihao <[email protected]>	2019-08-26 17:03:04 +0800
commit	9cf2e7be8fbf64e214421f8757bd590b3b7cc4ad (patch)
tree	43ef8abe34e9e667331fd30a4680c3b0bd21990e
parent	8fa489316be959ed85136d4aa51243cf3f6aefca (diff)