Mercurial > projects > hoofbaby

annotate deps/Platinum/ThirdParty/Neptune/ThirdParty/axTLS/ssl/x509.c @ 0:3425707ddbf6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial import (hopefully this mercurial stuff works...)
author fraserofthenight
date Mon, 06 Jul 2009 08:06:28 -0700
parents
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
1 /*
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
2 * Copyright (c) 2007, Cameron Rich
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
3 *
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
4 * All rights reserved.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
5 *
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
8 *
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
9 * * Redistributions of source code must retain the above copyright notice,
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
10 * this list of conditions and the following disclaimer.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
11 * * Redistributions in binary form must reproduce the above copyright notice,
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
12 * this list of conditions and the following disclaimer in the documentation
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
13 * and/or other materials provided with the distribution.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
14 * * Neither the name of the axTLS project nor the names of its contributors
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
15 * may be used to endorse or promote products derived from this software
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
16 * without specific prior written permission.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
17 *
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
29 */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
30
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
31 /**
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
32 * @file x509.c
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
33 *
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
34 * Certificate processing.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
35 */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
36
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
37 #include <stdio.h>
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
38 #include <stdlib.h>
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
39 #include <string.h>
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
40 #include <time.h>
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
41 #include "os_port.h"
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
42 #include "crypto_misc.h"
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
43
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
44 #ifdef CONFIG_SSL_CERT_VERIFICATION
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
45 /**
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
46 * Retrieve the signature from a certificate.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
47 */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
48 static const uint8_t *get_signature(const uint8_t *asn1_sig, int *len)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
49 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
50 int offset = 0;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
51 const uint8_t *ptr = NULL;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
52
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
53 if (asn1_next_obj(asn1_sig, &offset, ASN1_SEQUENCE) < 0 ||
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
54 asn1_skip_obj(asn1_sig, &offset, ASN1_SEQUENCE))
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
55 goto end_get_sig;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
56
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
57 if (asn1_sig[offset++] != ASN1_OCTET_STRING)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
58 goto end_get_sig;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
59 *len = get_asn1_length(asn1_sig, &offset);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
60 ptr = &asn1_sig[offset]; /* all ok */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
61
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
62 end_get_sig:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
63 return ptr;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
64 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
65
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
66 #endif
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
67
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
68 /**
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
69 * Construct a new x509 object.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
70 * @return 0 if ok. < 0 if there was a problem.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
71 */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
72 int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
73 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
74 int begin_tbs, end_tbs;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
75 int ret = X509_NOT_OK, offset = 0, cert_size = 0;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
76 X509_CTX *x509_ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
77 BI_CTX *bi_ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
78
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
79 *ctx = (X509_CTX *)calloc(1, sizeof(X509_CTX));
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
80 x509_ctx = *ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
81
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
82 /* get the certificate size */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
83 asn1_skip_obj(cert, &cert_size, ASN1_SEQUENCE);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
84
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
85 if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
86 goto end_cert;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
87
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
88 begin_tbs = offset; /* start of the tbs */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
89 end_tbs = begin_tbs; /* work out the end of the tbs */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
90 asn1_skip_obj(cert, &end_tbs, ASN1_SEQUENCE);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
91
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
92 if (asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
93 goto end_cert;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
94
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
95 if (cert[offset] == ASN1_EXPLICIT_TAG) /* optional version */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
96 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
97 if (asn1_version(cert, &offset, x509_ctx))
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
98 goto end_cert;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
99 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
100
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
101 if (asn1_skip_obj(cert, &offset, ASN1_INTEGER) || /* serial number */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
102 asn1_next_obj(cert, &offset, ASN1_SEQUENCE) < 0)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
103 goto end_cert;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
104
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
105 /* make sure the signature is ok */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
106 if (asn1_signature_type(cert, &offset, x509_ctx))
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
107 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
108 ret = X509_VFY_ERROR_UNSUPPORTED_DIGEST;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
109 goto end_cert;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
110 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
111
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
112 if (asn1_name(cert, &offset, x509_ctx->ca_cert_dn) ||
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
113 asn1_validity(cert, &offset, x509_ctx) ||
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
114 asn1_name(cert, &offset, x509_ctx->cert_dn) ||
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
115 asn1_public_key(cert, &offset, x509_ctx))
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
116 goto end_cert;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
117
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
118 bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
119
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
120 #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
121 /* use the appropriate signature algorithm (SHA1/MD5/MD2) */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
122 if (x509_ctx->sig_type == SIG_TYPE_MD5)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
123 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
124 MD5_CTX md5_ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
125 uint8_t md5_dgst[MD5_SIZE];
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
126 MD5_Init(&md5_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
127 MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
128 MD5_Final(md5_dgst, &md5_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
129 x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
130 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
131 else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
132 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
133 SHA1_CTX sha_ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
134 uint8_t sha_dgst[SHA1_SIZE];
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
135 SHA1_Init(&sha_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
136 SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
137 SHA1_Final(sha_dgst, &sha_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
138 x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
139 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
140 else if (x509_ctx->sig_type == SIG_TYPE_MD2)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
141 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
142 MD2_CTX md2_ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
143 uint8_t md2_dgst[MD2_SIZE];
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
144 MD2_Init(&md2_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
145 MD2_Update(&md2_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
146 MD2_Final(md2_dgst, &md2_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
147 x509_ctx->digest = bi_import(bi_ctx, md2_dgst, MD2_SIZE);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
148 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
149
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
150 offset = end_tbs; /* skip the v3 data */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
151 if (asn1_skip_obj(cert, &offset, ASN1_SEQUENCE) ||
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
152 asn1_signature(cert, &offset, x509_ctx))
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
153 goto end_cert;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
154 #endif
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
155
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
156 /* GBG: compute the fingerprints */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
157 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
158 MD5_CTX md5_ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
159 MD5_Init(&md5_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
160 MD5_Update(&md5_ctx, cert, cert_size);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
161 MD5_Final(x509_ctx->fingerprint.md5, &md5_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
162 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
163 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
164 SHA1_CTX sha1_ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
165 SHA1_Init(&sha1_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
166 SHA1_Update(&sha1_ctx, cert, cert_size);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
167 SHA1_Final(x509_ctx->fingerprint.sha1, &sha1_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
168 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
169 /* /GBG: compute the fingerprints */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
170
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
171 if (len)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
172 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
173 *len = cert_size;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
174 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
175
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
176 ret = X509_OK;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
177 end_cert:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
178
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
179 #ifdef CONFIG_SSL_FULL_MODE
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
180 if (ret)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
181 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
182 printf("Error: Invalid X509 ASN.1 file\n");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
183 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
184 #endif
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
185
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
186 return ret;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
187 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
188
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
189 /**
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
190 * Free an X.509 object's resources.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
191 */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
192 void x509_free(X509_CTX *x509_ctx)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
193 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
194 X509_CTX *next;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
195 int i;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
196
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
197 if (x509_ctx == NULL) /* if already null, then don't bother */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
198 return;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
199
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
200 for (i = 0; i < X509_NUM_DN_TYPES; i++)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
201 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
202 free(x509_ctx->ca_cert_dn[i]);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
203 free(x509_ctx->cert_dn[i]);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
204 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
205
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
206 free(x509_ctx->signature);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
207
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
208 #ifdef CONFIG_SSL_CERT_VERIFICATION
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
209 if (x509_ctx->digest)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
210 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
211 bi_free(x509_ctx->rsa_ctx->bi_ctx, x509_ctx->digest);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
212 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
213 #endif
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
214
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
215 RSA_free(x509_ctx->rsa_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
216
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
217 next = x509_ctx->next;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
218 free(x509_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
219 x509_free(next); /* clear the chain */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
220 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
221
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
222 #ifdef CONFIG_SSL_CERT_VERIFICATION
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
223 /**
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
224 * Take a signature and decrypt it.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
225 */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
226 static bigint *sig_verify(BI_CTX *ctx, const uint8_t *sig, int sig_len,
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
227 bigint *modulus, bigint *pub_exp)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
228 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
229 int i, size;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
230 bigint *decrypted_bi, *dat_bi;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
231 bigint *bir = NULL;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
232 uint8_t *block = (uint8_t *)alloca(sig_len);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
233
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
234 /* decrypt */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
235 dat_bi = bi_import(ctx, sig, sig_len);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
236 ctx->mod_offset = BIGINT_M_OFFSET;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
237
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
238 /* convert to a normal block */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
239 decrypted_bi = bi_mod_power2(ctx, dat_bi, modulus, pub_exp);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
240
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
241 bi_export(ctx, decrypted_bi, block, sig_len);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
242 ctx->mod_offset = BIGINT_M_OFFSET;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
243
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
244 i = 10; /* start at the first possible non-padded byte */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
245 while (block[i++] && i < sig_len);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
246 size = sig_len - i;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
247
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
248 /* get only the bit we want */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
249 if (size > 0)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
250 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
251 int len;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
252 const uint8_t *sig_ptr = get_signature(&block[i], &len);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
253
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
254 if (sig_ptr)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
255 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
256 bir = bi_import(ctx, sig_ptr, len);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
257 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
258 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
259
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
260 /* save a few bytes of memory */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
261 bi_clear_cache(ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
262 return bir;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
263 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
264
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
265 /**
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
266 * Do some basic checks on the certificate chain.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
267 *
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
268 * Certificate verification consists of a number of checks:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
269 * - A root certificate exists in the certificate store.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
270 * - The date of the certificate is after the start date.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
271 * - The date of the certificate is before the finish date.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
272 * - The certificate chain is valid.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
273 * - That the certificate(s) are not self-signed.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
274 * - The signature of the certificate is valid.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
275 */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
276 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
277 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
278 int ret = X509_OK, i = 0;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
279 bigint *cert_sig;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
280 X509_CTX *next_cert = NULL;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
281 BI_CTX *ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
282 bigint *mod = NULL, *expn = NULL;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
283 struct timeval tv;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
284 int match_ca_cert = 0;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
285 uint8_t is_self_signed = 0;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
286
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
287 if (cert == NULL || ca_cert_ctx == NULL)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
288 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
289 ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
290 goto end_verify;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
291 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
292
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
293 /* last cert in the chain - look for a trusted cert */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
294 if (cert->next == NULL && ca_cert_ctx)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
295 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
296 while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
297 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
298 if (asn1_compare_dn(cert->ca_cert_dn,
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
299 ca_cert_ctx->cert[i]->cert_dn) == 0)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
300 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
301 match_ca_cert = 1;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
302 next_cert = ca_cert_ctx->cert[i];
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
303 break;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
304 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
305
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
306 i++;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
307 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
308
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
309 /* trusted cert not found */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
310 if (match_ca_cert == 0)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
311 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
312 ret = X509_VFY_ERROR_NO_TRUSTED_CERT;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
313 goto end_verify;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
314 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
315 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
316 else
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
317 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
318 next_cert = cert->next;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
319 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
320
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
321 gettimeofday(&tv, NULL);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
322
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
323 /* check the not before date */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
324 if (tv.tv_sec < cert->not_before)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
325 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
326 ret = X509_VFY_ERROR_NOT_YET_VALID;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
327 goto end_verify;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
328 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
329
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
330 /* check the not after date */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
331 if (tv.tv_sec > cert->not_after)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
332 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
333 ret = X509_VFY_ERROR_EXPIRED;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
334 goto end_verify;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
335 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
336
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
337 ctx = cert->rsa_ctx->bi_ctx;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
338
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
339 /* check for self-signing */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
340 if (asn1_compare_dn(cert->ca_cert_dn, cert->cert_dn) == 0)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
341 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
342 is_self_signed = 1;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
343 mod = cert->rsa_ctx->m;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
344 expn = cert->rsa_ctx->e;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
345 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
346 else if (next_cert != NULL)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
347 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
348 mod = next_cert->rsa_ctx->m;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
349 expn = next_cert->rsa_ctx->e;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
350
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
351 /* check the chain integrity */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
352 if (asn1_compare_dn(cert->ca_cert_dn, next_cert->cert_dn) != 0)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
353 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
354 ret = X509_VFY_ERROR_INVALID_CHAIN;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
355 goto end_verify;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
356 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
357 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
358
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
359 /* check the signature */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
360 if (mod != NULL)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
361 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
362 cert_sig = sig_verify(ctx, cert->signature, cert->sig_len,
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
363 bi_clone(ctx, mod), bi_clone(ctx, expn));
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
364
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
365 if (cert_sig && cert->digest)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
366 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
367 if (bi_compare(cert_sig, cert->digest))
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
368 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
369 ret = X509_VFY_ERROR_BAD_SIGNATURE;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
370 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
371
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
372 bi_free(ctx, cert_sig);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
373
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
374 if (ret)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
375 goto end_verify;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
376 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
377 else
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
378 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
379 ret = X509_VFY_ERROR_BAD_SIGNATURE;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
380 goto end_verify;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
381 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
382 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
383
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
384 if (is_self_signed)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
385 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
386 ret = X509_VFY_ERROR_SELF_SIGNED;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
387 goto end_verify;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
388 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
389
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
390 /* go down the certificate chain using recursion. */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
391 if (ret == 0 && cert->next)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
392 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
393 ret = x509_verify(ca_cert_ctx, next_cert);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
394 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
395
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
396 end_verify:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
397 return ret;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
398 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
399 #endif
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
400
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
401 #if defined (CONFIG_SSL_FULL_MODE)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
402 /**
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
403 * Used for diagnostics.
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
404 */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
405 static const char *not_part_of_cert = "<Not Part Of Certificate>";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
406 void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
407 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
408 if (cert == NULL)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
409 return;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
410
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
411 printf("=== CERTIFICATE ISSUED TO ===\n");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
412 printf("Common Name (CN):\t\t");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
413 printf("%s\n", cert->cert_dn[X509_COMMON_NAME] ?
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
414 cert->cert_dn[X509_COMMON_NAME] : not_part_of_cert);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
415
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
416 printf("Organization (O):\t\t");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
417 printf("%s\n", cert->cert_dn[X509_ORGANIZATION] ?
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
418 cert->cert_dn[X509_ORGANIZATION] : not_part_of_cert);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
419
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
420 printf("Organizational Unit (OU):\t");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
421 printf("%s\n", cert->cert_dn[X509_ORGANIZATIONAL_UNIT] ?
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
422 cert->cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
423
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
424 printf("=== CERTIFICATE ISSUED BY ===\n");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
425 printf("Common Name (CN):\t\t");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
426 printf("%s\n", cert->ca_cert_dn[X509_COMMON_NAME] ?
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
427 cert->ca_cert_dn[X509_COMMON_NAME] : not_part_of_cert);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
428
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
429 printf("Organization (O):\t\t");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
430 printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATION] ?
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
431 cert->ca_cert_dn[X509_ORGANIZATION] : not_part_of_cert);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
432
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
433 printf("Organizational Unit (OU):\t");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
434 printf("%s\n", cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] ?
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
435 cert->ca_cert_dn[X509_ORGANIZATIONAL_UNIT] : not_part_of_cert);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
436
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
437 printf("Not Before:\t\t\t%s", ctime(&cert->not_before));
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
438 printf("Not After:\t\t\t%s", ctime(&cert->not_after));
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
439 printf("RSA bitsize:\t\t\t%d\n", cert->rsa_ctx->num_octets*8);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
440 printf("Sig Type:\t\t\t");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
441 switch (cert->sig_type)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
442 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
443 case SIG_TYPE_MD5:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
444 printf("MD5\n");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
445 break;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
446 case SIG_TYPE_SHA1:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
447 printf("SHA1\n");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
448 break;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
449 case SIG_TYPE_MD2:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
450 printf("MD2\n");
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
451 break;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
452 default:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
453 printf("Unrecognized: %d\n", cert->sig_type);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
454 break;
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
455 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
456
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
457 if (ca_cert_ctx)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
458 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
459 printf("Verify:\t\t\t%s\n",
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
460 x509_display_error(x509_verify(ca_cert_ctx, cert)));
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
461 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
462
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
463 #if 0
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
464 print_blob("Signature", cert->signature, cert->sig_len);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
465 bi_print("Modulus", cert->rsa_ctx->m);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
466 bi_print("Pub Exp", cert->rsa_ctx->e);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
467 #endif
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
468
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
469 if (ca_cert_ctx)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
470 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
471 x509_print(cert->next, ca_cert_ctx);
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
472 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
473
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
474 TTY_FLUSH();
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
475 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
476
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
477 const char * x509_display_error(int error)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
478 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
479 switch (error)
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
480 {
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
481 case X509_NOT_OK:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
482 return "X509 not ok";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
483
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
484 case X509_VFY_ERROR_NO_TRUSTED_CERT:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
485 return "No trusted cert is available";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
486
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
487 case X509_VFY_ERROR_BAD_SIGNATURE:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
488 return "Bad signature";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
489
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
490 case X509_VFY_ERROR_NOT_YET_VALID:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
491 return "Cert is not yet valid";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
492
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
493 case X509_VFY_ERROR_EXPIRED:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
494 return "Cert has expired";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
495
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
496 case X509_VFY_ERROR_SELF_SIGNED:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
497 return "Cert is self-signed";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
498
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
499 case X509_VFY_ERROR_INVALID_CHAIN:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
500 return "Chain is invalid (check order of certs)";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
501
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
502 case X509_VFY_ERROR_UNSUPPORTED_DIGEST:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
503 return "Unsupported digest";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
504
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
505 case X509_INVALID_PRIV_KEY:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
506 return "Invalid private key";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
507
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
508 default:
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
509 return "Unknown";
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
510 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
511 }
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
512 #endif /* CONFIG_SSL_FULL_MODE */
3425707ddbf6 Initial import (hopefully this mercurial stuff works...)
fraserofthenight
parents:
diff changeset
513