forked from wolfSSL/wolfssl
add CertManager Verify with Buffer
This commit is contained in:
toddouska
@ -789,6 +789,8 @@ CYASSL_API int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER*, const char* f,
|
|||||||
const char* d);
|
const char* d);
|
||||||
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
CYASSL_API int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER*, const char* f,
|
||||||
int format);
|
int format);
|
||||||
|
CYASSL_API int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm,
|
||||||
|
const unsigned char* buff, int sz, int format);
|
||||||
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
|
CYASSL_API int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER*, unsigned char*,
|
||||||
int sz);
|
int sz);
|
||||||
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
|
CYASSL_API int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER*, int options);
|
||||||
|
|||||||
77
src/ssl.c
77
src/ssl.c
@ -1280,28 +1280,64 @@ int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Verify the ceritficate, 1 for success, < 0 for error */
|
||||||
|
int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
|
||||||
|
int sz, int format)
|
||||||
|
{
|
||||||
|
int ret = 0;
|
||||||
|
int eccKey = 0; /* not used */
|
||||||
|
|
||||||
|
DecodedCert cert;
|
||||||
|
buffer der;
|
||||||
|
|
||||||
|
CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
|
||||||
|
|
||||||
|
der.buffer = NULL;
|
||||||
|
|
||||||
|
if (format == SSL_FILETYPE_PEM) {
|
||||||
|
EncryptedInfo info;
|
||||||
|
|
||||||
|
info.set = 0;
|
||||||
|
info.ctx = NULL;
|
||||||
|
info.consumed = 0;
|
||||||
|
ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, &info, &eccKey);
|
||||||
|
InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
InitDecodedCert(&cert, buff, sz, cm->heap);
|
||||||
|
|
||||||
|
if (ret == 0)
|
||||||
|
ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
|
||||||
|
#ifdef HAVE_CRL
|
||||||
|
if (ret == 0 && cm->crlEnabled)
|
||||||
|
ret = CheckCertCRL(cm->crl, &cert);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
FreeDecodedCert(&cert);
|
||||||
|
XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Verify the ceritficate, 1 for success, < 0 for error */
|
/* Verify the ceritficate, 1 for success, < 0 for error */
|
||||||
int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
|
int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
|
||||||
int format)
|
int format)
|
||||||
{
|
{
|
||||||
int ret = SSL_FATAL_ERROR;
|
int ret = SSL_FATAL_ERROR;
|
||||||
int eccKey = 0; /* not used */
|
|
||||||
DecodedCert cert;
|
|
||||||
|
|
||||||
byte staticBuffer[FILE_BUFFER_SIZE];
|
byte staticBuffer[FILE_BUFFER_SIZE];
|
||||||
byte* myBuffer = staticBuffer;
|
byte* myBuffer = staticBuffer;
|
||||||
int dynamic = 0;
|
int dynamic = 0;
|
||||||
long sz = 0;
|
long sz = 0;
|
||||||
buffer der;
|
|
||||||
XFILE* file = XFOPEN(fname, "rb");
|
XFILE* file = XFOPEN(fname, "rb");
|
||||||
|
|
||||||
|
CYASSL_ENTER("CyaSSL_CertManagerVerify");
|
||||||
|
|
||||||
if (!file) return SSL_BAD_FILE;
|
if (!file) return SSL_BAD_FILE;
|
||||||
XFSEEK(file, 0, XSEEK_END);
|
XFSEEK(file, 0, XSEEK_END);
|
||||||
sz = XFTELL(file);
|
sz = XFTELL(file);
|
||||||
XREWIND(file);
|
XREWIND(file);
|
||||||
|
|
||||||
der.buffer = NULL;
|
|
||||||
|
|
||||||
if (sz > (long)sizeof(staticBuffer)) {
|
if (sz > (long)sizeof(staticBuffer)) {
|
||||||
CYASSL_MSG("Getting dynamic buffer");
|
CYASSL_MSG("Getting dynamic buffer");
|
||||||
myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
|
myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
|
||||||
@ -1314,32 +1350,9 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
|
|||||||
|
|
||||||
if ( (ret = XFREAD(myBuffer, sz, 1, file)) < 0)
|
if ( (ret = XFREAD(myBuffer, sz, 1, file)) < 0)
|
||||||
ret = SSL_BAD_FILE;
|
ret = SSL_BAD_FILE;
|
||||||
else {
|
else
|
||||||
ret = 0; /* ok */
|
ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
|
||||||
if (format == SSL_FILETYPE_PEM) {
|
|
||||||
EncryptedInfo info;
|
|
||||||
|
|
||||||
info.set = 0;
|
|
||||||
info.ctx = NULL;
|
|
||||||
info.consumed = 0;
|
|
||||||
ret = PemToDer(myBuffer, sz, CERT_TYPE, &der, cm->heap, &info,
|
|
||||||
&eccKey);
|
|
||||||
InitDecodedCert(&cert, der.buffer, der.length, cm->heap);
|
|
||||||
|
|
||||||
}
|
|
||||||
else
|
|
||||||
InitDecodedCert(&cert, myBuffer, sz, cm->heap);
|
|
||||||
|
|
||||||
if (ret == 0)
|
|
||||||
ret = ParseCertRelative(&cert, CERT_TYPE, 1, cm);
|
|
||||||
#ifdef HAVE_CRL
|
|
||||||
if (ret == 0 && cm->crlEnabled)
|
|
||||||
ret = CheckCertCRL(cm->crl, &cert);
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
FreeDecodedCert(&cert);
|
|
||||||
XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
|
|
||||||
XFCLOSE(file);
|
XFCLOSE(file);
|
||||||
if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
|
if (dynamic) XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user