\/\/ Verify_Cert.c
\/\/
\/\/ Copyright 2009 Kim Sung-tae <pchero21@gmail.com>
\/\/
\/\/ This program is free software; you can redistribute it and\/or modify
\/\/ it under the terms of the GNU General Public License as published by
\/\/ the Free Software Foundation; either version 2 of the License, or
\/\/ (at your option) any later version.
\/\/
\/\/ This program is distributed in the hope that it will be useful,
\/\/ but WITHOUT ANY WARRANTY; without even the implied warranty of
\/\/ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
\/\/ GNU General Public License for more details.
\/\/
\/\/ You should have received a copy of the GNU General Public License
\/\/ along with this program; if not, write to the Free Software
\/\/ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
\/\/ MA 02110-1301, USA.<\/p>\n
#include <stdio.h><\/p>\n
#include <openssl\/bio.h>
#include <openssl\/conf.h>
#include <openssl\/err.h>
#include <openssl\/bn.h>
#include <openssl\/rsa.h>
#include <openssl\/evp.h>
#include <openssl\/objects.h>
#include <openssl\/x509.h>
#include <openssl\/x509v3.h>
#include <openssl\/rand.h>
#include <openssl\/pem.h><\/p>\n
#define CA_CERT_FILE “rootcert.pem”
#define CRL_FILE “testcrl.pem”
#define CERT_FILE “newcert.pem”<\/p>\n
int verifyCallbackfunc(int ok, X509_STORE_CTX *store)
{
X509 *cert;
if(!ok) {
cert = X509_STORE_CTX_get_current_cert(store);
printf(“error:%sn”, X509_verify_cert_error_string(store->error));
}
return ok;
}<\/p>\n
int main(int argc, char** argv)
{
BIO *bio_err;
int retVal;
char *retString;
X509 *cert;
X509_STORE *store;
X509_LOOKUP *lookup;
X509_STORE_CTX *storeCtx;
BIO *certBIO = NULL;
OpenSSL_add_all_algorithms();
\/\/ \ud654\uba74 \ucd9c\ub825\uc6a9 BIO \uc0dd\uc131
if((bio_err = BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
\/\/ \uc778\uc99d\ud560 \uc778\uc99d\uc11c\ub97c \uc77d\uae30 \uc704\ud55c BIO \uc0dd\uc131
certBIO = BIO_new(BIO_s_file());
if(BIO_read_filename(certBIO, CERT_FILE) <= 0) {
BIO_printf(bio_err, “\uc778\uc99d\uc11c \ud30c\uc77c [%s]\uc744 \uc5ec\ub294\ub370 \uc5d0\ub7ec\uac00 \ubc1c\uc0dd \ud588\uc2b5\ub2c8\ub2e4.”, CERT_FILE);
ERR_print_errors(bio_err);
exit(1);
}
\/\/ \uc778\uc99d\ud560 \uc778\uc99d\uc11c\ub97c \ud30c\uc77c\ub85c\ubd80\ud130 \uc77d\uc5b4 X509 \uad6c\uc870\uccb4\ub85c \ubcc0\ud658
cert = PEM_read_bio_X509(certBIO, NULL, NULL, NULL);
if(cert == NULL) {
BIO_printf(bio_err, “CA \uc778\uc99d\uc11c\ub97c \ub85c\ub4dc\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.”);
ERR_print_errors(bio_err);
exit(1);
}
\/\/ \uc778\uc99d\uc11c\ub97c \uc800\uc7a5\ud560 STORE \uad6c\uc870\uccb4 \uc0dd\uc131
store = X509_STORE_new();
if(store == NULL) {
BIO_printf(bio_err, “X509_STORE \ub97c \uc0dd\uc131\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.”);
ERR_print_errors(bio_err);
exit(1);
}
\/\/ \ucf5c\ubc31 \ud568\uc218 \uc124\uc815
X509_STORE_set_verify_cb_func(store, verifyCallbackfunc);
\/\/ \ud30c\uc77c\ub85c\ubd80\ud130 CA \uc778\uc99d\uc11c \uc77d\uc74c
if(!X509_STORE_load_locations(store, CA_CERT_FILE, NULL)) {
BIO_printf(bio_err, “CA \uc778\uc99d\uc11c\ub97c \ub85c\ub4dc\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.”);
ERR_print_errors(bio_err);
exit(1);
}
\/\/ STORE\uc5d0 CA \uc778\uc99d\uc11c \ucd94\uac00
lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
if(lookup == NULL) {
BIO_printf(bio_err, “X509_LOOKUP \ub97c \uc0dd\uc131\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.”);
ERR_print_errors(bio_err);
exit(1);
}
\/\/ CRL \uc77d\uc74c
if(!X509_load_crl_file(lookup, CRL_FILE, X509_FILETYPE_PEM)) {
BIO_printf(bio_err, “CRL\uc744 \ub85c\ub4dc \ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.”);
ERR_print_errors(bio_err);
exit(1);
}
\/\/ CA \uc778\uc99d\uc11c, CRL \uc778\uc99d \ubaa8\ub450 \uc9c0\uc6d0
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
\/\/ STORE \ucee8\ud14d\uc2a4\ud2b8 \uc0dd\uc131
storeCtx = X509_STORE_CTX_new();
if(storeCtx == NULL) {
BIO_printf(bio_err, “X509_STORE_CTX\ub97c \uc0dd\uc131 \ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.”);
ERR_print_errors(bio_err);
exit(1);
}
if(!X509_STORE_CTX_init(storeCtx, store, cert, NULL)) {
BIO_printf(bio_err, “X509_STORE_CTX\ub97c \ucd08\uae30\ud654 \ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.”);
ERR_print_errors(bio_err);
exit(1);
}
\/\/ \uc778\uc99d\uc11c \uc778\uc99d
retVal = X509_verify_cert(storeCtx);
if(retVal == 1) {
BIO_printf(bio_err, “\uc778\uc99d \ub418\uc5c8\uc2b5\ub2c8\ub2e4.”);
}
else {
BIO_printf(bio_err, “\uc778\uc99d\uc744 \ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4.”);
ERR_print_errors(bio_err);
}
return 0;
}<\/p>\n
XcClgYwHih.c<\/a>XObk62k8pF.pem<\/a>XKaRlaHhnu.pem<\/a>XD8GYZUkIz.pem<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
\/\/ Verify_Cert.c\/\/ \/\/ Copyright 2009 Kim Sung-tae <pchero21@gmail.com>\/\/ \/\/ This program is free software; you can redistribute it and\/or modify\/\/ it under the terms of the GNU General … Continue reading