mirror of https://github.com/wolfSSL/wolfssl.git
Add show x509 test
Tesfa Mael
parent
6ca12787ae
commit
520a032b71
|
|
@ -9501,6 +9501,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
|
|||
}
|
||||
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
store->depth = args->count;
|
||||
store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
|
||||
sizeof(WOLFSSL_X509_VERIFY_PARAM),
|
||||
ssl->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
|
|
|
|||
66
src/ssl.c
66
src/ssl.c
|
|
@ -3451,13 +3451,13 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
|
|||
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
|
||||
#if defined(WOLFSSL_SIGNER_DER_CERT)
|
||||
/******************************************************************************
|
||||
* wolfSSL_CertManager_GetCerts - retrieve stack of X509 certificates in a
|
||||
* wolfSSL_CertManagerGetCerts - retrieve stack of X509 certificates in a
|
||||
* certificate manager (CM), also knows as cert store in OpenSSL.
|
||||
*
|
||||
* RETURNS:
|
||||
* returns stack of X509 certs on success, otherwise returns a NULL.
|
||||
*/
|
||||
WOLFSSL_STACK* wolfSSL_CertManager_GetCerts(WOLFSSL_CERT_MANAGER* cm)
|
||||
WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
|
||||
{
|
||||
WOLFSSL_STACK* sk = NULL;
|
||||
Signer* signers = NULL;
|
||||
|
|
@ -3475,8 +3475,6 @@ WOLFSSL_STACK* wolfSSL_CertManager_GetCerts(WOLFSSL_CERT_MANAGER* cm)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
|
||||
|
||||
if (wc_LockMutex(&cm->caLock) != 0) {
|
||||
goto error_init;
|
||||
}
|
||||
|
|
@ -3561,35 +3559,7 @@ error_init:
|
|||
* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx
|
||||
*
|
||||
* This API can be used in SSL verify callback function to view cert chain
|
||||
* Here's an example to display certs to stdout.
|
||||
|
||||
static int verify_callback(int ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
WOLFSSL_BIO* bio = NULL;
|
||||
WOLFSSL_STACK* sk = NULL;
|
||||
X509* x509 = NULL;
|
||||
int i = 0;
|
||||
|
||||
sk = wolfSSL_X509_STORE_GetCerts(ctx->store->cm);
|
||||
|
||||
for (i = 0; i < sk_X509_num(sk); i++) {
|
||||
x509 = sk_X509_value(sk, i);
|
||||
bio = BIO_new(wolfSSL_BIO_s_file());
|
||||
if (bio != NULL) {
|
||||
BIO_set_fp(bio, stdout, BIO_NOCLOSE);
|
||||
X509_print(bio, x509);
|
||||
BIO_free(bio);
|
||||
}
|
||||
}
|
||||
|
||||
sk_X509_free(sk);
|
||||
return ok;
|
||||
}
|
||||
* You can register your call back function in your app as follows:
|
||||
*
|
||||
* ctx = SSL_CTX_new(SSLv23_method());
|
||||
* SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
* verify_callback);
|
||||
* See examples/client/client.c and myVerify() function in test.h
|
||||
*
|
||||
* RETURNS:
|
||||
* returns stack of X509 certs on success, otherwise returns a NULL.
|
||||
|
|
@ -3613,10 +3583,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
|
||||
certIdx = s->totalCerts;
|
||||
|
||||
while (certIdx-- > 0) {
|
||||
for (certIdx = s->totalCerts - 1; certIdx >= 0; certIdx--) {
|
||||
/* get certificate buffer */
|
||||
cert = &s->certs[certIdx];
|
||||
|
||||
|
|
@ -3681,7 +3648,7 @@ error:
|
|||
|
||||
return NULL;
|
||||
}
|
||||
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) */
|
||||
#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM */
|
||||
|
||||
/* Unload the CA signer list */
|
||||
int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
|
||||
|
|
@ -38374,15 +38341,6 @@ int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
|
|||
return ret;
|
||||
}
|
||||
|
||||
int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_X509_num");
|
||||
|
||||
if (s == NULL)
|
||||
return -1;
|
||||
return (int)s->num;
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_ALL)
|
||||
WOLFSSL_X509_INFO* wolfSSL_X509_INFO_new(void)
|
||||
{
|
||||
|
|
@ -39110,6 +39068,16 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CT
|
|||
|
||||
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
|
||||
int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_sk_X509_num");
|
||||
|
||||
if (s == NULL)
|
||||
return -1;
|
||||
return (int)s->num;
|
||||
}
|
||||
|
||||
unsigned long wolfSSL_ERR_peek_last_error(void)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
|
||||
|
|
@ -43780,9 +43748,9 @@ error:
|
|||
}
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
#endif /* defined(OPENSSL_ALL) && defined(HAVE_PKCS7) */
|
||||
#endif /* OPENSSL_ALL && HAVE_PKCS7 */
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
|
||||
#if defined(OPENSSL_EXTRA)
|
||||
WOLFSSL_STACK* wolfSSL_sk_X509_new(void)
|
||||
{
|
||||
WOLFSSL_STACK* s = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
|
||||
|
|
|
|||
10
tests/api.c
10
tests/api.c
|
|
@ -1093,7 +1093,7 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
|
|||
return ret;
|
||||
}
|
||||
|
||||
static void test_wolfSSL_CertManager_GetCerts(void)
|
||||
static void test_wolfSSL_CertManagerGetCerts(void)
|
||||
{
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
|
||||
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
|
||||
|
|
@ -1109,18 +1109,18 @@ static void test_wolfSSL_CertManager_GetCerts(void)
|
|||
#endif
|
||||
int i = 0;
|
||||
|
||||
printf(testingFmt, "wolfSSL_CertManager_GetCerts()");
|
||||
printf(testingFmt, "wolfSSL_CertManagerGetCerts()");
|
||||
AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
|
||||
|
||||
AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
|
||||
fclose(file1);
|
||||
|
||||
AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
|
||||
AssertNull(sk = wolfSSL_CertManager_GetCerts(cm));
|
||||
AssertNull(sk = wolfSSL_CertManagerGetCerts(cm));
|
||||
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
|
||||
"./certs/ca-cert.pem", NULL));
|
||||
|
||||
AssertNotNull(sk = wolfSSL_CertManager_GetCerts(cm));
|
||||
AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm));
|
||||
|
||||
for (i = 0; i < sk_X509_num(sk); i++) {
|
||||
x509 = sk_X509_value(sk, i);
|
||||
|
|
@ -28317,7 +28317,7 @@ void ApiTest(void)
|
|||
test_wolfSSL_CTX_use_PrivateKey_file();
|
||||
test_wolfSSL_CTX_load_verify_locations();
|
||||
test_wolfSSL_CertManagerLoadCABuffer();
|
||||
test_wolfSSL_CertManager_GetCerts();
|
||||
test_wolfSSL_CertManagerGetCerts();
|
||||
test_wolfSSL_CertManagerCRL();
|
||||
test_wolfSSL_CTX_load_verify_locations_ex();
|
||||
test_wolfSSL_CTX_load_verify_buffer_ex();
|
||||
|
|
|
|||
|
|
@ -570,7 +570,7 @@ typedef struct WOLFSSL_X509_STORE_CTX {
|
|||
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
|
||||
void* ex_data[MAX_EX_DATA]; /* external data */
|
||||
#endif
|
||||
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
|
||||
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
|
||||
int depth; /* used in X509_STORE_CTX_*_depth */
|
||||
#endif
|
||||
void* userCtx; /* user ctx */
|
||||
|
|
@ -2575,7 +2575,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
|
|||
WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
|
||||
WOLFSSL_CERT_MANAGER* cm);
|
||||
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManager_GetCerts(WOLFSSL_CERT_MANAGER* cm);
|
||||
WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm);
|
||||
#endif
|
||||
WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
|
||||
WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);
|
||||
|
|
|
|||
|
|
@ -1650,6 +1650,12 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
|
|||
char buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
WOLFSSL_X509* peer;
|
||||
#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
|
||||
WOLFSSL_BIO* bio = NULL;
|
||||
WOLFSSL_STACK* sk = NULL;
|
||||
X509* x509 = NULL;
|
||||
int i = 0;
|
||||
#endif
|
||||
#endif
|
||||
(void)preverify;
|
||||
|
||||
|
|
@ -1681,6 +1687,24 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
|
|||
subject);
|
||||
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
|
||||
#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
|
||||
/* avoid printing same certs since myVerify is called for every cert in the chain */
|
||||
if (store->depth == 1) {
|
||||
/* retrieve x509 certs and display them on stdout */
|
||||
sk = wolfSSL_X509_STORE_GetCerts(store);
|
||||
|
||||
for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) {
|
||||
x509 = wolfSSL_sk_X509_value(sk, i);
|
||||
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
|
||||
if (bio != NULL) {
|
||||
wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
|
||||
wolfSSL_X509_print(bio, x509);
|
||||
wolfSSL_BIO_free(bio);
|
||||
}
|
||||
}
|
||||
wolfSSL_sk_X509_free(sk);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else
|
||||
printf("\tPeer has no cert!\n");
|
||||
|
|
|
|||
Loading…
Reference in New Issue