|
#1
June 28th, 2016, 03:30 PM
| |||
| |||
| x509 Nid
Hi I am interested in having the information about the involves allocating memory for the store via X509_STORE_new and then loading certificates into it?
|
|
#2
June 28th, 2016, 04:11 PM
| |||
| |||
| Re: x509 Nid
An authentication store can be utilized to hold different CA testaments. It is utilized for confirmation purposes, when you have different CA endorsements, however you don't as a matter of course know which of those CA authentications marked the testament. While checking the declaration, OpenSSL will search for the CA testament or the chain in the store. Setting up the store programatically includes designating memory for the store through X509_STORE_new and afterward stacking endorsements into it. There are two methods for putting the endorsements into the store – by stacking and including every individual declaration or supplying the area of CA testaments. 1 void verifyCertificate() 2 { 3 X509 *cert = loadCert("cert.pem"); 4 X509_STORE *store = X509_STORE_new(); 5 6 loadToStore("cert-1.pem", store); 7 loadToStore("cert-2.pem", store); 8 loadToStore("cert-3.pem", store); 9 The posting for stacking the endorsement into the store will be demonstrated later. Confirmation is performed utilizing a store connection. Setting up a connection includes designating space for a store setting and initialising it. 10 // Create the context to verify the certificate. 11 X509_STORE_CTX *ctx = X509_STORE_CTX_new(); 12 13 // Initial the store to verify the certificate. 14 X509_STORE_CTX_init(ctx, store, cert, NULL); 15 16 X509_verify_cert(ctx); 17 18 X509_STORE_CTX_cleanup(ctx); 19 X509_STORE_CTX_free(ctx); 20 X509_STORE_free(store); 21 ctx = NULL; 22 store = NULL; 23 } 24 The third parameter to X509_STORE_CTX_init, cert, is the endorsement that will be checked. The call to X509_verify_cert should likewise give back the quality one, if check succeeds. Adding a declaration to the store requires the endorsement to be perused first. 25 void loadToStore(std::string file, X509_STORE *&store) 26 { 27 X509 *cert = loadCert(file); 28 if (cert != NULL) 29 { 30 X509_STORE_add_cert(store, cert); 31 } 32 else 33 { 34 std::cout << "Can not load certificate " 35 << file << std::endl; 36 } 37 } 38 39 X509 *loadCert(std::string file) 40 { 41 FILE *fp = fopen(file.c_str(), "r"); 42 X509 *cert = PEM_read_X509(fp, NULL, NULL, NULL); 43 fclose(fp); 44 return cert; 45 } |
| |