Created
December 22, 2014 02:51
-
-
Save sakamoto-poteko/adbc7b0db0fcaabd8841 to your computer and use it in GitHub Desktop.
Verify certificate chain against given CA (PEM) using GnuTLS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <gnutls/gnutls.h> | |
#include <gnutls/x509.h> | |
int main(void) | |
{ | |
FILE *fl; | |
gnutls_datum_t cert[3]; | |
gnutls_datum_t root; | |
long len; | |
char *cert_content; | |
gnutls_x509_crt_t cert_x509[3]; | |
gnutls_x509_crt_t root_x509; | |
char issuer_name[512]; | |
char subject_name[512]; | |
size_t length, lengths; | |
fl = fopen("/home/afa/storage/dondakeeee/shiny-bear/build/Release/checkdera/cert.pem", "r"); | |
fseek(fl, 0, SEEK_END); | |
len = ftell(fl); | |
cert_content = (char *)malloc(len); | |
fseek(fl, 0, SEEK_SET); | |
fread(cert_content, 1, len, fl); | |
fclose(fl); | |
cert[0].data = (unsigned char *)cert_content; | |
cert[0].size = strlen(cert_content); | |
fl = fopen("/home/afa/storage/dondakeeee/shiny-bear/build/Release/checkdera/inter.pem", "r"); | |
fseek(fl, 0, SEEK_END); | |
len = ftell(fl); | |
cert_content = (char *)malloc(len); | |
fseek(fl, 0, SEEK_SET); | |
fread(cert_content, 1, len, fl); | |
fclose(fl); | |
cert[1].data = (unsigned char *)cert_content; | |
cert[1].size = strlen(cert_content); | |
fl = fopen("/home/afa/storage/dondakeeee/shiny-bear/build/Release/checkdera/root.pem", "r"); | |
fseek(fl, 0, SEEK_END); | |
len = ftell(fl); | |
cert_content = (char *)malloc(len); | |
fseek(fl, 0, SEEK_SET); | |
fread(cert_content, 1, len, fl); | |
fclose(fl); | |
cert[2].data = (unsigned char *)cert_content; | |
cert[2].size = strlen(cert_content); | |
fl = fopen("/home/afa/storage/dondakeeee/shiny-bear/build/Release/checkdera/root.pem", "r"); | |
fseek(fl, 0, SEEK_END); | |
len = ftell(fl); | |
cert_content = (char *)malloc(len); | |
fseek(fl, 0, SEEK_SET); | |
fread(cert_content, 1, len, fl); | |
fclose(fl); | |
root.data = (unsigned char *)cert_content; | |
root.size = strlen(cert_content); | |
gnutls_x509_crt_init(&cert_x509[0]); | |
gnutls_x509_crt_import(cert_x509[0], &cert[0], GNUTLS_X509_FMT_PEM); | |
gnutls_x509_crt_init(&cert_x509[1]); | |
gnutls_x509_crt_import(cert_x509[1], &cert[1], GNUTLS_X509_FMT_PEM); | |
gnutls_x509_crt_init(&cert_x509[2]); | |
gnutls_x509_crt_import(cert_x509[2], &cert[2], GNUTLS_X509_FMT_PEM); | |
length = 512; | |
lengths = 512; | |
gnutls_x509_crt_get_issuer_dn(cert_x509[0], issuer_name, &length); | |
gnutls_x509_crt_get_dn(cert_x509[0], subject_name, &lengths); | |
printf("Issuer 0: %s\nSubject 0: %s\n", issuer_name, subject_name); | |
length = 512; | |
lengths = 512; | |
gnutls_x509_crt_get_issuer_dn(cert_x509[1], issuer_name, &length); | |
gnutls_x509_crt_get_dn(cert_x509[1], subject_name, &lengths); | |
printf("Issuer 1: %s\nSubject 1: %s\n", issuer_name, subject_name); | |
length = 512; | |
lengths = 512; | |
gnutls_x509_crt_get_issuer_dn(cert_x509[2], issuer_name, &length); | |
gnutls_x509_crt_get_dn(cert_x509[2], subject_name, &lengths); | |
printf("Issuer 2: %s\nSubject 2: %s\n", issuer_name, subject_name); | |
gnutls_x509_crt_init(&root_x509); | |
gnutls_x509_crt_import(root_x509, &root, GNUTLS_X509_FMT_PEM); | |
gnutls_x509_trust_list_t tlist; | |
gnutls_x509_trust_list_init(&tlist, 0); | |
gnutls_x509_trust_list_add_cas(tlist, &root_x509, 1, 0); | |
unsigned int result; | |
gnutls_x509_trust_list_verify_crt(tlist, cert_x509, 3, 0, &result, NULL); | |
// result: 0 if validated | |
printf("Certificate chain is %s\n", result ? "invalid" : "valid"); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment