WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #21 from dgarske/certmgr_crl_check 

Added CRL check example.
pull/23/merge
toddouska 2016-08-02 22:22:57 -07:00 committed by GitHub
parent a50b79a018 4569b6ab4a
commit 3079a10e0b
1 changed files with 54 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
certmanager/certverify.c
View File

@ -32,6 +32,15 @@ int main(void)
const char* caCert = "../certs/ca-cert.pem"; const char* caCert = "../certs/ca-cert.pem";
const char* verifyCert = "../certs/server-cert.pem"; const char* verifyCert = "../certs/server-cert.pem";
#ifdef HAVE_CRL
const char* crlPem = "../certs/crl/crl.pem";
const char* caCertDer = "../certs/ca-cert.der";
FILE* file;
byte buf[4096];
int bufSz;
#endif
cm = wolfSSL_CertManagerNew(); cm = wolfSSL_CertManagerNew();
if (cm == NULL) { if (cm == NULL) {
printf("wolfSSL_CertManagerNew() failed\n"); printf("wolfSSL_CertManagerNew() failed\n");
@ -41,18 +50,56 @@ int main(void)
ret = wolfSSL_CertManagerLoadCA(cm, caCert, 0); ret = wolfSSL_CertManagerLoadCA(cm, caCert, 0);
if (ret != SSL_SUCCESS) { if (ret != SSL_SUCCESS) {
printf("wolfSSL_CertManagerLoadCA() failed (%d): %s\n", printf("wolfSSL_CertManagerLoadCA() failed (%d): %s\n",
ret, wc_GetErrorString(ret)); ret, wolfSSL_ERR_reason_error_string(ret));
wolfSSL_CertManagerFree(cm); ret = -1; goto exit;
return -1;
} }
ret = wolfSSL_CertManagerVerify(cm, verifyCert, SSL_FILETYPE_PEM); ret = wolfSSL_CertManagerVerify(cm, verifyCert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) { if (ret != SSL_SUCCESS) {
printf("wolfSSL_CertManagerVerify() failed (%d): %s\n", printf("wolfSSL_CertManagerVerify() failed (%d): %s\n",
ret, wc_GetErrorString(ret)); ret, wolfSSL_ERR_reason_error_string(ret));
wolfSSL_CertManagerFree(cm); ret = -1; goto exit;
return -1;
} }
printf("Verification Successful!\n"); printf("Verification Successful!\n");
#ifdef HAVE_CRL
file = fopen(crlPem, "rb");
if (file == NULL) {
ret = -1; goto exit;
} }
bufSz = fread(buf, 1, sizeof(buf), file);
fclose(file);
ret = wolfSSL_CertManagerLoadCRLBuffer(cm, buf, bufSz, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) {
printf("wolfSSL_CertManagerLoadCRLBuffer() failed (%d): %s\n",
ret, wolfSSL_ERR_reason_error_string(ret));
ret = -1; goto exit;
}
file = fopen(caCertDer, "rb");
if (file == NULL) {
ret = -1; goto exit;
}
bufSz = fread(buf, 1, sizeof(buf), file);
fclose(file);
ret = wolfSSL_CertManagerCheckCRL(cm, buf, bufSz);
if (ret != SSL_SUCCESS) {
printf("wolfSSL_CertManagerCheckCRL() failed (%d): %s\n",
ret, wolfSSL_ERR_reason_error_string(ret));
ret = -1; goto exit;
}
printf("CRL Verification Successful!\n");
#endif
exit:
if (cm) {
wolfSSL_CertManagerFree(cm);
}
return ret;
}