嗨,我有两个证书,即mycert.crt和root.crt。我需要确定我的证书是否由根证书签名。 我使用下面的代码这样做使用下面的代码,但我得到一个错误 分割故障(核心转储)阅读和验证证书
static int verifyCerti (BYTE *cert1, BYTE *cert2, int certlenght1, int certlenght2);
int main (int ac, char **av)
{
FILE *f_in, *f_in2;
BYTE *certBuf, *certBuf2;
UINT32 certBufLen,certBufLen2;
UINT32 certLen,certLen2;
int result;
//////////// Reading first certificate/////
certBufLen = 0;
certBuf = malloc (1);
//for (i=0; i<nCerts; i++) {
if ((f_in = fopen (av[1], "rb")) == NULL) {
fprintf (stderr, "Unable to open file %s for input\n", av[1]);
exit (1);
}
fseek (f_in, 0, SEEK_END);
certLen = ftell (f_in);
fseek (f_in, 0, SEEK_SET);
certBuf = realloc (certBuf, certBufLen + certLen);
if (fread (certBuf+certBufLen, 1, certLen, f_in) != certLen) {
fprintf (stderr, "Failed to read file %s\n", av[1]);
exit (1);
}
if (certBuf[certBufLen] != 0x30) {
fprintf (stderr, "Certificate file %s not in binary format\n", av[1]);
exit (1);
}
fclose (f_in);
printf ("we reach here %s \n", av[1]);
////////////////Reading second certificate/////////////////////////////////////////////////
certBufLen2 = 0;
certBuf2 = malloc (1);
if ((f_in2 = fopen (av[2], "rb")) == NULL) {
fprintf (stderr, "Unable to open file %s for input\n", av[2]);
exit (1);
}
fseek (f_in2, 0, SEEK_END);
certLen2 = ftell (f_in2);
fseek (f_in2, 0, SEEK_SET);
certBuf2 = realloc (certBuf2, certBufLen2 + certLen2);
if (fread (certBuf2+certBufLen2, 1, certLen2, f_in2) != certLen2) {
fprintf (stderr, "Failed to read file %s\n", av[2]);
exit (1);
}
if (certBuf2[certBufLen2] != 0x30) {
fprintf (stderr, "Certificate file %s not in binary format\n", av[2]);
exit (1);
}
fclose (f_in2);
printf ("we reach here %s \n", av[2]);
if (verifyCerti (certBuf, certBuf2, certBufLen, certBufLen2) < 0) {
fprintf (stderr, "Certificate chain is incorrect\n");
exit (1);
}
}
static int verifyCerti (BYTE *cert1, BYTE *cert2, int certLen1, int certLen2)
{
X509 *root;
X509 *mycert;
root = d2i_X509 (NULL, (unsigned char const **)&cert2, certLen2);
mycert = d2i_X509 (NULL, (unsigned char const **)&cert1, certLen1);
//Get root certificate into root
//Get mycert into mycert.
//Get the public key.
EVP_PKEY *pubkey = X509_get_pubkey(root);
//verify. result less than or 0 means not verified or some error.
int result = X509_verify(mycert, pubkey);
//free the public key.
EVP_PKEY_free(pubkey);
return result;
}
的错误是我想是因为X509_verify(),但我不确定。
你打扰在调试器下运行这个吗?有什么特别的原因,你没有使用'X509 * d2i_X509_fp(FILE * fp,X509 ** x)'为您的文件加载? – WhozCraig 2013-05-10 14:59:58
您在传递给X509_verify之前是否检查过root和mycert的值?他们应该是有效的证书。 – doptimusprime 2013-05-11 05:27:29
对于d2i函数,证书的格式应该是DER。查看证书文件的格式是否为DER。如果不是这样,则将其转换为DER。 – doptimusprime 2013-05-18 19:21:11