public
Last active

  • Download Gist
certcheck.cs
C#
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86
/* This is a Mono tool, for checking if an SSLv3
* certificate can be used for Server validation
* during an SSLv3 handshake
*
* Compile with:
* gmcs -r:Mono.Security certcheck.cs
*
* Usage:
* mono certcheck.exe /path/to/acertfile.cer
* */
 
using System;
using System.IO;
using System.Net.Security;
using System.Security.Authentication;
 
using Mono.Security.X509;
using Mono.Security.X509.Extensions;
 
 
class CertCheck
{
public static void CheckStep(string msg)
{
Console.Write(msg + "... ");
}
 
public static void CheckOk()
{
Console.WriteLine("Ok");
}
 
public static void CheckFail(string msg)
{
Console.WriteLine(msg);
ExitInvalid();
}
 
public static void ExitInvalid()
{
Console.WriteLine("This certificate CAN NOT be used by Mono for Server validation");
Environment.Exit(0);
}
 
public static void ExitValid()
{
Console.WriteLine("This certificate CAN be used by Mono for Server validation");
}
 
public static void Main(string[] args)
{
if(args.Length < 1) {
Console.WriteLine("Usage: certcheck <certfile.cer>");
return;
}
 
byte[] bytes = File.ReadAllBytes(args[0]);
X509Certificate cert = new X509Certificate(bytes);
 
CheckStep("Checking if certificate is SSLv3");
if(cert.Version != 3) {
CheckFail("No");
}
CheckOk();
 
 
CheckStep("Checking for KeyUsageExtension (2.5.29.15)");
 
X509Extension xtn = cert.Extensions["2.5.29.15"];
if(xtn == null) {
CheckFail("Not present");
}
CheckOk();
 
 
CheckStep("Checking if KeyEncipherment flag is set");
KeyUsageExtension kux = new KeyUsageExtension(xtn);
if(!kux.Support(KeyUsages.keyEncipherment)) {
CheckFail("Not set");
}
 
CheckOk();
ExitValid();
}
}

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.