利用openssl验证X509证书是否是某CA签发

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
static int cb(int ok, X509_STORE_CTX *ctx)
{
        char buf[256];
        if (!ok)
        {
                X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
                printf("%s",buf);
                printf("error %d at %d depth lookup:%s",ctx->error, ctx->error_depth,
                X509_verify_cert_error_string(ctx->error));
               if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
                ok=1;
         }
         ERR_clear_error();
        return(ok);
}
void app_abort (char *msg)
{
fprintf(stderr, msg);
exit(-1);
}
int main(int argc, char *argv[])
{
int i, ret;
X509_STORE *cert_ctx = NULL;
X509_STORE_CTX *csc;
X509 *x = NULL;
BIO *in = NULL;
X509_LOOKUP *lookup;

if (argc!=3)
   app_abort("./a.out <CAfile> <certfile>");
if ((cert_ctx = X509_STORE_new()) == NULL)
   app_abort("Can't create cert_ctx");
ERR_load_crypto_strings();
X509_STORE_set_verify_cb_func(cert_ctx, cb);
signal(SIGPIPE, SIG_IGN);
SSLeay_add_all_algorithms();

if ((lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file())) == NULL)
   app_abort("Lookup CA file error");
if (!(i = X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, argv[1],(long)X509_FILETYPE_PEM, NULL)))
   app_abort("Can't open CAfile");
ERR_clear_error();

if ((in = BIO_new(BIO_s_file())) == NULL)
   app_abort("certfile BIO error");
if (BIO_read_filename(in, argv[2])<=0)
   app_abort("open certfile error");
if ((x = PEM_read_bio_X509(in, NULL, NULL, NULL)) == NULL)
   app_abort("load certfile error");
if ((csc = X509_STORE_CTX_new()) == NULL)
   app_abort("ctx init error");
X509_STORE_CTX_init(csc, cert_ctx, x, NULL);
if ((i = X509_verify_cert(csc)) == 1)
   printf("Status=OK(%d)", i);
else
   printf("Status=Error(%d)", i);
X509_STORE_CTX_free(csc);
X509_STORE_free(cert_ctx);
exit(0);
}
编译后运行./X509_TEST cafile certfile

你可能感兴趣的:(职场,OpenSSL,X509,休闲,证书验证)