Test si un certificat est autosigné
#include <stdio.h>
#include <tchar.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/asn1.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
BIO *bio_out;
static int vflags =
0;
static STACK_OF
(X509
) *load_stack
(char *certfile
)
{
STACK_OF
(X509_INFO
) *sk=
NULL;
STACK_OF
(X509
) *stack=
NULL, *ret=
NULL;
BIO *in=
NULL;
X509_INFO *xi;
if(!
(stack = sk_X509_new_null
())) {
BIO_printf
(bio_out,
"memory allocation failure\n");
goto end;
}
if(!
(in=BIO_new_file
(certfile,
"r"))) {
BIO_printf
(bio_out,
"error opening the file, %s\n",certfile
);
goto end;
}
/* This loads from a file, a stack of x509/crl/pkey sets */
if(!
(sk=PEM_X509_INFO_read_bio
(in,
NULL,NULL,
NULL))) {
BIO_printf
(bio_out,
"error reading the file, %s\n",certfile
);
goto end;
}
/* scan over it and pull out the certs */
while (sk_X509_INFO_num
(sk
))
{
xi=sk_X509_INFO_shift
(sk
);
if (xi->x509 !=
NULL)
{
sk_X509_push
(stack,xi->x509
);
xi->x509=
NULL;
}
X509_INFO_free
(xi
);
}
if(!sk_X509_num
(stack
)) {
BIO_printf
(bio_out,
"no certificates in file, %s\n",certfile
);
sk_X509_free
(stack
);
goto end;
}
ret=stack;
end:
BIO_free
(in
);
sk_X509_INFO_free
(sk
);
return(ret
);
}
static int verify_cb
(int ok, X509_STORE_CTX *ctx
)
{
char buf
[256];
if (!ok
){
if (ctx->error_depth >
0) return(1);
if (ctx->current_cert
){
X509_NAME_oneline
(X509_get_subject_name
(ctx->current_cert
),buf,
sizeof buf
);
BIO_printf
(bio_out,
"%s\n",buf
);
}
BIO_printf
(bio_out,
"error %d at %d depth lookup:%s\n",ctx->error,ctx->error_depth,X509_verify_cert_error_string
(ctx->error
));
}
return(ok
);
}
X509* load_cert_file
(char *cert
)
{
X509 *x=
NULL;
int ret=
1;
BIO *in=
NULL;
in=BIO_new
(BIO_s_file
());
if(BIO_read_filename
(in,cert
)<=
0){
printf("%s@%i Error opening %s\n",__FILE__,__LINE__,cert
);
goto end;
}
x=PEM_read_bio_X509
(in,
NULL,
0,
NULL);
if (x ==
NULL){
printf("%s@%i unable to open certificate\n",__FILE__,__LINE__
);
goto end;
}
end:
BIO_free
(in
);
return(x
);
}
int main
(int argc,
char* argv
[])
{
BIO *bio_crt=
NULL,*bio_key=
NULL;
//char crtfile[]="cert1.crt";
//char crtfile[]="cert2.crt";
char crtfile
[]=
"cert3.crt";
X509_STORE *ctx=
NULL;
X509_STORE_CTX *csc;
X509 *x=
NULL;
STACK_OF
(X509
) *trusted=
NULL;
int i;
OpenSSL_add_all_digests
();
OpenSSL_add_all_algorithms
();
ERR_load_crypto_strings
();
bio_out=BIO_new_fp
(stdout,BIO_NOCLOSE
);
x=load_cert_file
(crtfile
);
if(x==
NULL){
goto end;
}
ctx=X509_STORE_new
();
if (ctx ==
NULL){
goto end;
}
//X509_STORE_set_verify_cb_func(ctx,verify_cb);
csc = X509_STORE_CTX_new
();
if (csc ==
NULL){
ERR_print_errors
(bio_out
);
goto end;
}
X509_STORE_set_flags
(ctx,
0);
if(!X509_STORE_CTX_init
(csc,ctx,x,
NULL)){
ERR_print_errors
(bio_out
);
goto end;
}
trusted = load_stack
(crtfile
);
X509_STORE_CTX_trusted_stack
(csc, trusted
);
i=X509_verify_cert
(csc
);
if(i<
0){
ERR_print_errors
(bio_out
);
}else if (i
){
BIO_printf
(bio_out,
"%s is self signed\n",crtfile
);
}else{
BIO_printf
(bio_out,
"%s is not self signed\n",crtfile
);
}
X509_STORE_CTX_free
(csc
);
end:
sk_X509_pop_free
(trusted, X509_free
);
if (ctx !=
NULL) X509_STORE_free
(ctx
);
X509_free
(x
);
return 0;
}