阅读和验证证书 [英] Reading and Verifying Certificates
问题描述
您好,我有两个证书,即mycert.crt和root.crt。我需要verfiy如果我的证书是由根证书签名。
我使用下面的代码这样做使用下面的代码,但我得到一个错误
分段错误(内核转储)
Hi I have two certificates, i.e mycert.crt and root.crt. and I need to verfiy if my certificate is signed by root certificate. I am using the following code to do so using the following code but I am getting an error Segmentation fault (core dumped)
static int verifyCerti (BYTE *cert1, BYTE *cert2, int certlenght1, int certlenght2);
int main (int ac, char **av)
{
FILE *f_in, *f_in2;
BYTE *certBuf, *certBuf2;
UINT32 certBufLen,certBufLen2;
UINT32 certLen,certLen2;
int result;
//////////// Reading first certificate/////
certBufLen = 0;
certBuf = malloc (1);
//for (i=0; i<nCerts; i++) {
if ((f_in = fopen (av[1], "rb")) == NULL) {
fprintf (stderr, "Unable to open file %s for input\n", av[1]);
exit (1);
}
fseek (f_in, 0, SEEK_END);
certLen = ftell (f_in);
fseek (f_in, 0, SEEK_SET);
certBuf = realloc (certBuf, certBufLen + certLen);
if (fread (certBuf+certBufLen, 1, certLen, f_in) != certLen) {
fprintf (stderr, "Failed to read file %s\n", av[1]);
exit (1);
}
if (certBuf[certBufLen] != 0x30) {
fprintf (stderr, "Certificate file %s not in binary format\n", av[1]);
exit (1);
}
fclose (f_in);
printf ("we reach here %s \n", av[1]);
////////////////Reading second certificate/////////////////////////////////////////////////
certBufLen2 = 0;
certBuf2 = malloc (1);
if ((f_in2 = fopen (av[2], "rb")) == NULL) {
fprintf (stderr, "Unable to open file %s for input\n", av[2]);
exit (1);
}
fseek (f_in2, 0, SEEK_END);
certLen2 = ftell (f_in2);
fseek (f_in2, 0, SEEK_SET);
certBuf2 = realloc (certBuf2, certBufLen2 + certLen2);
if (fread (certBuf2+certBufLen2, 1, certLen2, f_in2) != certLen2) {
fprintf (stderr, "Failed to read file %s\n", av[2]);
exit (1);
}
if (certBuf2[certBufLen2] != 0x30) {
fprintf (stderr, "Certificate file %s not in binary format\n", av[2]);
exit (1);
}
fclose (f_in2);
printf ("we reach here %s \n", av[2]);
if (verifyCerti (certBuf, certBuf2, certBufLen, certBufLen2) < 0) {
fprintf (stderr, "Certificate chain is incorrect\n");
exit (1);
}
}
static int verifyCerti (BYTE *cert1, BYTE *cert2, int certLen1, int certLen2)
{
X509 *root;
X509 *mycert;
root = d2i_X509 (NULL, (unsigned char const **)&cert2, certLen2);
mycert = d2i_X509 (NULL, (unsigned char const **)&cert1, certLen1);
//Get root certificate into root
//Get mycert into mycert.
//Get the public key.
EVP_PKEY *pubkey = X509_get_pubkey(root);
//verify. result less than or 0 means not verified or some error.
int result = X509_verify(mycert, pubkey);
//free the public key.
EVP_PKEY_free(pubkey);
return result;
}
错误是我认为因为X509_verify(),但我不确定
The error is i think because of X509_verify(), but I am not sure.
推荐答案
函数的目的是验证pkey(公钥)是否用serverCert验证, key。
The purpose of the function is to verify if the pkey (public key) verifies with the serverCert signed with a corresponding private key..
你应该实际传递的第二个参数是公共密钥,其相应的私钥已经签署了在parameter1传递的证书。我不认为您传递的是正确的公钥。
What you should actually be passing as the second parameter is the public key, whose corresponding private key had signed the certificate passed in parameter1. I don't think you are passing the correct public key.
尝试使用错误代码来获取失败。
Try to get the error codes for the failure using.
unsigned int errCode = ERR_get_error();
printf("\nError: %s\n", ERR_error_string(errCode, NULL));
printf("\nLib: %s\n", ERR_lib_error_string(errCode));
printf("\nFunc: %s\n", ERR_func_error_string(errCode));
printf("\nReason: %s\n", ERR_reason_error_string(errCode));
这篇关于阅读和验证证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!