mirror of https://github.com/wolfSSL/wolfssl.git
add CertManager Verify with Buffer
parent
c2292c31b0
commit
f528f5a7d3
|
@ -789,6 +789,8 @@ CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
|
|||
const char* d);
|
||||
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
||||
int format);
|
||||
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
|
||||
const unsigned char* buff, int sz, int format);
|
||||
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
|
||||
int sz);
|
||||
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
|
||||
|
|
77
src/ssl.c
77
src/ssl.c
|
@ -1280,28 +1280,64 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
|
|||
}
|
||||
|
||||
|
||||
/* Verify the ceritficate, 1 for success, < 0 for error */
|
||||
int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
|
||||
int sz, int format)
|
||||
{
|
||||
int ret = 0;
|
||||
int eccKey = 0; /* not used */
|
||||
|
||||
DecodedCert cert;
|
||||
buffer der;
|
||||
|
||||
CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
|
||||
|
||||
der.buffer = NULL;
|
||||
|
||||
if (format == SSL_FILETYPE_PEM) {
|
||||
EncryptedInfo info;
|
||||
|
||||
info.set = 0;
|
||||
info.ctx = NULL;
|
||||
info.consumed = 0;
|
||||
ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey);
|
||||
InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
|
||||
}
|
||||
else
|
||||
InitDecodedCert(&cert, buff, sz, cm->heap);
|
||||
|
||||
if (ret == 0)
|
||||
ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
|
||||
#ifdef HAVE_CRL
|
||||
if (ret == 0 && cm->crlEnabled)
|
||||
ret = CheckCertCRL(cm->crl, &cert);
|
||||
#endif
|
||||
|
||||
FreeDecodedCert(&cert);
|
||||
XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/* Verify the ceritficate, 1 for success, < 0 for error */
|
||||
int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
|
||||
int format)
|
||||
{
|
||||
int ret = SSL_FATAL_ERROR;
|
||||
int eccKey = 0; /* not used */
|
||||
DecodedCert cert;
|
||||
|
||||
int ret = SSL_FATAL_ERROR;
|
||||
byte staticBuffer[FILE_BUFFER_SIZE];
|
||||
byte* myBuffer = staticBuffer;
|
||||
int dynamic = 0;
|
||||
long sz = 0;
|
||||
buffer der;
|
||||
XFILE* file = XFOPEN(fname, "rb");
|
||||
|
||||
CYASSL_ENTER("CyaSSL_CertManagerVerify");
|
||||
|
||||
if (!file) return SSL_BAD_FILE;
|
||||
XFSEEK(file, 0, XSEEK_END);
|
||||
sz = XFTELL(file);
|
||||
XREWIND(file);
|
||||
|
||||
der.buffer = NULL;
|
||||
|
||||
if (sz > (long)sizeof(staticBuffer)) {
|
||||
CYASSL_MSG("Getting dynamic buffer");
|
||||
myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
|
||||
|
@ -1314,32 +1350,9 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
|
|||
|
||||
if ( (ret = XFREAD(myBuffer, sz, 1, file)) < 0)
|
||||
ret = SSL_BAD_FILE;
|
||||
else {
|
||||
ret = 0; /* ok */
|
||||
if (format == SSL_FILETYPE_PEM) {
|
||||
EncryptedInfo info;
|
||||
|
||||
info.set = 0;
|
||||
info.ctx = NULL;
|
||||
info.consumed = 0;
|
||||
ret = PemToDer(myBuffer, sz, CERT_TYPE, &der, cm->heap, &info,
|
||||
&eccKey);
|
||||
InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
|
||||
else
|
||||
ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
|
||||
|
||||
}
|
||||
else
|
||||
InitDecodedCert(&cert, myBuffer, sz, cm->heap);
|
||||
|
||||
if (ret == 0)
|
||||
ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
|
||||
#ifdef HAVE_CRL
|
||||
if (ret == 0 && cm->crlEnabled)
|
||||
ret = CheckCertCRL(cm->crl, &cert);
|
||||
#endif
|
||||
}
|
||||
|
||||
FreeDecodedCert(&cert);
|
||||
XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
|
||||
XFCLOSE(file);
|
||||
if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
|
||||
|
||||
|
|
Loading…
Reference in New Issue