WolfSSL
/
wolfssl-examples
mirror of https://github.com/wolfSSL/wolfssl-examples.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixes suggested by dgarske.

pull/271/head
Anthony Hu 2021-10-15 10:51:46 -04:00
parent 46f61cc8f8
commit 885db8126b
4 changed files with 73 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
certmanager/Makefile
View File

@ -2,14 +2,16 @@ CC=gcc
CFLAGS=-Wall CFLAGS=-Wall
LIBS= -lwolfssl LIBS= -lwolfssl
all: certloadverifybuffer certverify all: certloadverifybuffer certverify falcon_certverify
certloadverifybuffer: certloadverifybuffer.o certloadverifybuffer: certloadverifybuffer.o
$(CC) -o $@ $^ $(CFLAGS) $(LIBS) $(CC) -o $@ $^ $(CFLAGS) $(LIBS)
certverify: certverify.o certverify: certverify.o
$(CC) -o $@ $^ $(CFLAGS) $(LIBS) $(CC) -o $@ $^ $(CFLAGS) $(LIBS)
falcon_certverify: falcon_certverify.o
$(CC) -o $@ $^ $(CFLAGS) $(LIBS)
.PHONY: clean .PHONY: clean
clean: clean:
rm -f *.o certverify certloadverifybuffer rm -f *.o certverify certloadverifybuffer falcon_certverify

41
certmanager/README.md
View File

@ -16,47 +16,10 @@ $ ./certverify
The `generate_falcon_chains.sh` script will allow you to use the OQS project's The `generate_falcon_chains.sh` script will allow you to use the OQS project's
OpenSSL in order to generate a self-signed CA certificate and entity OpenSSL in order to generate a self-signed CA certificate and entity
certificate that use Falcon. In the OpenSSL directory, run the script to certificate that use Falcon. In the OpenSSL directory, run the script to
generate the certificates in the the /tmp/ directory. generate the certificates and then copy into this directory.
Apply the following patch:
```
diff --git a/certmanager/certverify.c b/certmanager/certverify.c
index 4b5fed7..1b29d89 100644
--- a/certmanager/certverify.c
+++ b/certmanager/certverify.c
@@ -25,13 +25,15 @@
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/test.h>
+#undef HAVE_CRL
+
int main(void)
{
int ret;
WOLFSSL_CERT_MANAGER* cm = NULL;
- const char* caCert = "../certs/ca-cert.pem";
- const char* verifyCert = "../certs/server-cert.pem";
+ const char* caCert = "/tmp/falcon1024_root_cert.pem";
+ const char* verifyCert = "/tmp/falcon1024_entity_cert.pem";
#ifdef HAVE_CRL
const char* crlPem = "../certs/crl/crl.pem";
@@ -52,7 +54,7 @@ int main(void)
return -1;
}
- wolfSSL_CertManagerSetVerify(cm, myVerify);
+ //wolfSSL_CertManagerSetVerify(cm, myVerify);
ret = wolfSSL_CertManagerLoadCA(cm, caCert, NULL);
if (ret != SSL_SUCCESS) {
```
Then compile and run the sample:
``` ```
$ make $ make
$ ./certverify $ ./falcon_certverify
``` ```

67
certmanager/falcon_certverify.c 100644
View File

@ -0,0 +1,67 @@
/* falcon_certverify.c
*
* Copyright (C) 2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <stdio.h>
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/test.h>
int main(void)
{
int ret;
WOLFSSL_CERT_MANAGER* cm = NULL;
const char* caCert = "./falcon1024_root_cert.pem";
const char* verifyCert = "./falcon1024_entity_cert.pem";
wolfSSL_Init();
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
cm = wolfSSL_CertManagerNew();
if (cm == NULL) {
printf("wolfSSL_CertManagerNew() failed\n");
return -1;
}
ret = wolfSSL_CertManagerLoadCA(cm, caCert, NULL);
if (ret != SSL_SUCCESS) {
printf("wolfSSL_CertManagerLoadCA() failed (%d): %s\n",
ret, wolfSSL_ERR_reason_error_string(ret));
ret = -1; goto exit;
}
ret = wolfSSL_CertManagerVerify(cm, verifyCert, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS) {
printf("wolfSSL_CertManagerVerify() failed (%d): %s\n",
ret, wolfSSL_ERR_reason_error_string(ret));
ret = -1; goto exit;
}
printf("Verification Successful!\n");
exit:
wolfSSL_CertManagerFree(cm);
wolfSSL_Cleanup();
return ret;
}

1
certmanager/generate_falcon_chains.sh
View File

@ -87,4 +87,3 @@ extendedKeyUsage = critical, serverAuth,clientAuth\n" > entity.conf
./apps/openssl verify -no-CApath -check_ss_sig -CAfile falcon512_root_cert.pem falcon512_entity_cert.pem ./apps/openssl verify -no-CApath -check_ss_sig -CAfile falcon512_root_cert.pem falcon512_entity_cert.pem
./apps/openssl verify -no-CApath -check_ss_sig -CAfile falcon1024_root_cert.pem falcon1024_entity_cert.pem ./apps/openssl verify -no-CApath -check_ss_sig -CAfile falcon1024_root_cert.pem falcon1024_entity_cert.pem
mv *.pem /tmp/