1c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* crypto/pkcs7/verify.c */ 2c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * All rights reserved. 4c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 5c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * This package is an SSL implementation written 6c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * by Eric Young (eay@cryptsoft.com). 7c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The implementation was written so as to conform with Netscapes SSL. 8c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 9c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * This library is free for commercial and non-commercial use as long as 10c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the following conditions are aheared to. The following conditions 11c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * apply to all code found in this distribution, be it the RC4, RSA, 12c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * included with this distribution is covered by the same copyright terms 14c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 16c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Copyright remains Eric Young's, and as such any Copyright notices in 17c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the code are not to be removed. 18c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * If this package is used in a product, Eric Young should be given attribution 19c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * as the author of the parts of the library used. 20c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * This can be in the form of a textual message at program startup or 21c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * in documentation (online or textual) provided with the package. 22c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 23c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Redistribution and use in source and binary forms, with or without 24c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * modification, are permitted provided that the following conditions 25c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * are met: 26c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 1. Redistributions of source code must retain the copyright 27c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * notice, this list of conditions and the following disclaimer. 28c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 2. Redistributions in binary form must reproduce the above copyright 29c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * notice, this list of conditions and the following disclaimer in the 30c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * documentation and/or other materials provided with the distribution. 31c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 3. All advertising materials mentioning features or use of this software 32c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * must display the following acknowledgement: 33c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * "This product includes cryptographic software written by 34c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * Eric Young (eay@cryptsoft.com)" 35c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The word 'cryptographic' can be left out if the rouines from the library 36c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * being used are not cryptographic related :-). 37c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 4. If you include any Windows specific code (or a derivative thereof) from 38c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * the apps directory (application code) you must include an acknowledgement: 39c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 41c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * SUCH DAMAGE. 52c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * 53c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * The licence and distribution terms for any publically available version or 54c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * derivative of this code cannot be changed. i.e. this code cannot simply be 55c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * copied and put under another distribution licence 56c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * [including the GNU Public Licence.] 57c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org */ 58c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <stdio.h> 59c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <stdlib.h> 60c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <string.h> 61c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/bio.h> 62c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/x509.h> 63c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/pem.h> 64c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/err.h> 65c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org#include <openssl/asn1.h> 66c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 67c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint verify_callback(int ok, X509_STORE_CTX *ctx); 68c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 69c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgBIO *bio_err=NULL; 70c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 71c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint main(argc,argv) 72c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint argc; 73c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgchar *argv[]; 74c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 75c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org char *keyfile=NULL; 76c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO *in; 77c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org EVP_PKEY *pkey; 78c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509 *x509; 79c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org PKCS7 *p7; 80c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org PKCS7_SIGNER_INFO *si; 81c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_STORE_CTX cert_ctx; 82c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_STORE *cert_store=NULL; 83c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO *data,*detached=NULL,*p7bio=NULL; 84c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org char buf[1024*4]; 85c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org unsigned char *pp; 86c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int i,printit=0; 87c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org STACK_OF(PKCS7_SIGNER_INFO) *sk; 88c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 89c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org OpenSSL_add_all_algorithms(); 90c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 91c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 92c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org data=BIO_new(BIO_s_file()); 93c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org pp=NULL; 94c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org while (argc > 1) 95c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 96c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org argc--; 97c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org argv++; 98c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (strcmp(argv[0],"-p") == 0) 99c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 100c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printit=1; 101c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 102c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) { 103c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org keyfile = argv[1]; 104c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org argc-=1; 105c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org argv+=1; 106c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2)) 107c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 108c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org detached=BIO_new(BIO_s_file()); 109c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!BIO_read_filename(detached,argv[1])) 110c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 111c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org argc-=1; 112c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org argv+=1; 113c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 114c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else break; 115c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 116c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 117c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!BIO_read_filename(data,argv[0])) goto err; 118c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 119c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if(!keyfile) { 120c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org fprintf(stderr, "No private key file specified\n"); 121c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 122c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 123c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 124c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err; 125c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; 126c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_reset(in); 127c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) 128c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 129c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_free(in); 130c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 131c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (pp == NULL) 132c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_set_fp(data,stdin,BIO_NOCLOSE); 133c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 134c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 135c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Load the PKCS7 object from a file */ 136c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err; 137c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 138c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 139c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 140c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* This stuff is being setup for certificate verification. 141c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * When using SSL, it could be replaced with a 142c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */ 143c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org cert_store=X509_STORE_new(); 144c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_STORE_set_default_paths(cert_store); 145c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_STORE_load_locations(cert_store,NULL,"../../certs"); 146c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_STORE_set_verify_cb_func(cert_store,verify_callback); 147c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 148c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ERR_clear_error(); 149c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 150c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* We need to process the data */ 151c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* We cannot support detached encryption */ 152c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org p7bio=PKCS7_dataDecode(p7,pkey,detached,x509); 153c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 154c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (p7bio == NULL) 155c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 156c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org printf("problems decoding\n"); 157c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 158c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 159c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 160c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* We now have to 'read' from p7bio to calculate digests etc. */ 161c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (;;) 162c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 163c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org i=BIO_read(p7bio,buf,sizeof(buf)); 164c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* print it? */ 165c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (i <= 0) break; 166c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org fwrite(buf,1, i, stdout); 167c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 168c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 169c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* We can now verify signatures */ 170c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org sk=PKCS7_get_signer_info(p7); 171c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (sk == NULL) 172c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 173c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org fprintf(stderr, "there are no signatures on this data\n"); 174c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 175c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 176c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 177c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org /* Ok, first we need to, for each subject entry, 178c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org * see if we can verify */ 179c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ERR_clear_error(); 180c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++) 181c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 182c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org si=sk_PKCS7_SIGNER_INFO_value(sk,i); 183c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si); 184c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (i <= 0) 185c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org goto err; 186c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 187c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org fprintf(stderr,"Signature verified\n"); 188c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 189c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 190c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_STORE_free(cert_store); 191c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 192c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org exit(0); 193c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgerr: 194c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ERR_load_crypto_strings(); 195c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ERR_print_errors_fp(stderr); 196c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org exit(1); 197c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 198c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 199c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org/* should be X509 * but we can just have them as char *. */ 200c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.orgint verify_callback(int ok, X509_STORE_CTX *ctx) 201c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 202c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org char buf[256]; 203c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509 *err_cert; 204c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org int err,depth; 205c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 206c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org err_cert=X509_STORE_CTX_get_current_cert(ctx); 207c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org err= X509_STORE_CTX_get_error(ctx); 208c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org depth= X509_STORE_CTX_get_error_depth(ctx); 209c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org 210c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); 211c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_printf(bio_err,"depth=%d %s\n",depth,buf); 212c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (!ok) 213c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 214c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_printf(bio_err,"verify error:num=%d:%s\n",err, 215c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_verify_cert_error_string(err)); 216c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org if (depth < 6) 217c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 218c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ok=1; 219c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_STORE_CTX_set_error(ctx,X509_V_OK); 220c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 221c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org else 222c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 223c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ok=0; 224c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG); 225c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 226c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 227c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org switch (ctx->error) 228c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org { 229c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 230c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); 231c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_printf(bio_err,"issuer= %s\n",buf); 232c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; 233c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case X509_V_ERR_CERT_NOT_YET_VALID: 234c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 235c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_printf(bio_err,"notBefore="); 236c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); 237c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_printf(bio_err,"\n"); 238c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; 239c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case X509_V_ERR_CERT_HAS_EXPIRED: 240c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 241c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_printf(bio_err,"notAfter="); 242c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); 243c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_printf(bio_err,"\n"); 244c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org break; 245c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 246c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org BIO_printf(bio_err,"verify return:%d\n",ok); 247c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org return(ok); 248c9490d33b98b7affb729b5f1db13cb0a348471aagl@chromium.org } 249