|
| 1 | +/* certverify.c |
| 2 | + * |
| 3 | + * Copyright (C) 2006-2018 wolfSSL Inc. |
| 4 | + * |
| 5 | + * This file is part of wolfSSL. |
| 6 | + * |
| 7 | + * wolfSSL is free software; you can redistribute it and/or modify |
| 8 | + * it under the terms of the GNU General Public License as published by |
| 9 | + * the Free Software Foundation; either version 2 of the License, or |
| 10 | + * (at your option) any later version. |
| 11 | + * |
| 12 | + * wolfSSL is distributed in the hope that it will be useful, |
| 13 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 15 | + * GNU General Public License for more details. |
| 16 | + * |
| 17 | + * You should have received a copy of the GNU General Public License |
| 18 | + * along with this program; if not, write to the Free Software |
| 19 | + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
| 20 | + */ |
| 21 | + |
| 22 | +#include <stdio.h> |
| 23 | +#include <wolfssl/options.h> |
| 24 | +#include <wolfssl/ssl.h> |
| 25 | +#include <wolfssl/wolfcrypt/error-crypt.h> |
| 26 | +#include <wolfssl/test.h> |
| 27 | + |
| 28 | +int main(int argc, char** argv) |
| 29 | +{ |
| 30 | + FILE* file; |
| 31 | + int ret = 0; |
| 32 | + X509_STORE* store = NULL; |
| 33 | + X509_STORE_CTX* ctx = NULL; |
| 34 | + X509 *ca = NULL, *cert = NULL; |
| 35 | + |
| 36 | + const char* caCert = "../certs/ca-cert.pem"; |
| 37 | + const char* verifyCert = "../certs/server-cert.pem"; |
| 38 | + |
| 39 | + /* check if CA and x509 were passed in */ |
| 40 | + if (argc > 1 && strcmp(argv[1], "-h") == 0) { |
| 41 | + printf("%s <ca pem file> <cert pem file>\n", argv[0]); |
| 42 | + return 1; |
| 43 | + } |
| 44 | + |
| 45 | + if (argc == 3) { |
| 46 | + caCert = argv[1]; |
| 47 | + verifyCert = argv[2]; |
| 48 | + } |
| 49 | + |
| 50 | + wolfSSL_Init(); |
| 51 | +#ifdef DEBUG_WOLFSSL |
| 52 | + wolfSSL_Debugging_ON(); |
| 53 | +#endif |
| 54 | + |
| 55 | + /* read in CA cert */ |
| 56 | + file = fopen(caCert, "rb"); |
| 57 | + if (file == NULL) { |
| 58 | + printf("Failed to open %s\n", caCert); |
| 59 | + ret = -1; goto exit; |
| 60 | + } |
| 61 | + ca = PEM_read_X509(file, NULL, NULL, NULL); |
| 62 | + fclose(file); |
| 63 | + if (ca == NULL) { |
| 64 | + printf("Failed to convert %s to X509\n", caCert); |
| 65 | + ret = -1; goto exit; |
| 66 | + } |
| 67 | + |
| 68 | + /* read in cert to verify */ |
| 69 | + file = fopen(verifyCert, "rb"); |
| 70 | + if (file == NULL) { |
| 71 | + printf("Failed to open %s\n", verifyCert); |
| 72 | + ret = -1; goto exit; |
| 73 | + } |
| 74 | + cert = PEM_read_X509(file, NULL, NULL, NULL); |
| 75 | + fclose(file); |
| 76 | + if (cert == NULL) { |
| 77 | + printf("Failed to convert %s to X509\n", verifyCert); |
| 78 | + ret = -1; goto exit; |
| 79 | + } |
| 80 | + |
| 81 | + /* setup the x509 cert store */ |
| 82 | + store = X509_STORE_new(); |
| 83 | + if (X509_STORE_add_cert(store, ca) != WOLFSSL_SUCCESS) { |
| 84 | + printf("Failed to add CA to X509 STORE\n"); |
| 85 | + ret = -1; goto exit; |
| 86 | + } |
| 87 | + |
| 88 | + /* setup the x509 cert store contex */ |
| 89 | + ctx = X509_STORE_CTX_new(); |
| 90 | + if (X509_STORE_CTX_init(ctx, store, cert, NULL) != WOLFSSL_SUCCESS) { |
| 91 | + printf("Failed to initialize X509 STORE CTX\n"); |
| 92 | + ret = -1; goto exit; |
| 93 | + } |
| 94 | + |
| 95 | + /* attempt verify */ |
| 96 | + if (X509_verify_cert(ctx) == WOLFSSL_SUCCESS) { |
| 97 | + printf("Verified certificate %s\n", verifyCert); |
| 98 | + } |
| 99 | + else { |
| 100 | + int err = X509_STORE_CTX_get_error(ctx); |
| 101 | + printf("Failed to verified certificate %s\n", verifyCert); |
| 102 | + printf("Error [%d] reason [%s]\n", err, ERR_reason_error_string(err)); |
| 103 | + } |
| 104 | + |
| 105 | +exit: |
| 106 | + X509_STORE_free(store); |
| 107 | + X509_STORE_CTX_free(ctx); |
| 108 | + X509_free(ca); |
| 109 | + X509_free(cert); |
| 110 | + wolfSSL_Cleanup(); |
| 111 | + |
| 112 | + return ret; |
| 113 | +} |
0 commit comments