1 /* $OpenBSD: ca.c,v 1.1 2013/01/26 09:37:23 gilles Exp $ */ 2 3 /* 4 * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/types.h> 20 21 #include <openssl/err.h> 22 #include <openssl/ssl.h> 23 24 int ca_X509_verify(X509 *, STACK_OF(X509) *, const char *, const char *, const char **); 25 26 int 27 ca_X509_verify(X509 *certificate, STACK_OF(X509) *chain, const char *CAfile, 28 const char *CRLfile, const char **errstr) 29 { 30 X509_STORE *store = NULL; 31 X509_STORE_CTX *xsc = NULL; 32 int ret = 0; 33 34 if ((store = X509_STORE_new()) == NULL) 35 goto end; 36 37 X509_STORE_load_locations(store, CAfile, NULL); 38 X509_STORE_set_default_paths(store); 39 40 if ((xsc = X509_STORE_CTX_new()) == NULL) 41 goto end; 42 43 if (X509_STORE_CTX_init(xsc, store, certificate, chain) != 1) 44 goto end; 45 46 ret = X509_verify_cert(xsc); 47 48 end: 49 *errstr = NULL; 50 if (ret != 1) { 51 if (xsc) 52 *errstr = X509_verify_cert_error_string(xsc->error); 53 else if (ERR_peek_last_error()) 54 *errstr = ERR_error_string(ERR_peek_last_error(), NULL); 55 } 56 57 if (xsc) 58 X509_STORE_CTX_free(xsc); 59 if (store) 60 X509_STORE_free(store); 61 62 return ret > 0 ? 1 : 0; 63 } 64