📄 myverify.cpp
字号:
// MyVerify.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <openssl/err.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/pkcs12.h>
#include <openssl/ui.h>
#include <openssl/safestack.h>
#include "openssl/evp.h"
int VerifyCert(char *CAfile , char *Certfile , char *CRLfile );
int main(int argc, char* argv[])
{
int ret;
ret = VerifyCert( "ca.cer", "cert.cer" , "certcrl.crl" );
if ( ret < 0 )
printf ("Cert error!\n");
else if ( ret == 0 )
printf ( "Verify error!\n" );
else
printf ( "Verify OK!\n" );
return 0;
}
int VerifyCert(char *CAfile , char *Certfile , char *CRLfile )
{
X509 *x1 ;
X509_STORE *cert_ctx=NULL;
BIO *cert;
X509_STORE_CTX *csc;
X509_LOOKUP *lookup=NULL;
int i;
CRYPTO_malloc_init();
OpenSSL_add_all_algorithms();
//构造用户证书的X509结构体x1
if ((cert=BIO_new(BIO_s_file())) == NULL)
return -1;
if (BIO_read_filename(cert,Certfile) <= 0)
return -1;
x1=d2i_X509_bio(cert,NULL);
if (x1 == NULL) return -1;
//构造CA的X509_STORE结构体 cert_ctx
cert_ctx=X509_STORE_new();
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
if (lookup == NULL) return -1;
i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_ASN1);
if (!i) return -1;
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
i = X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
if (i) return -1;
lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
i = X509_load_crl_file(lookup,CRLfile,X509_FILETYPE_ASN1);//read the CRL file
if (!i) return -1;
X509_STORE_set_flags(cert_ctx,X509_V_FLAG_CRL_CHECK);
//构造CA的X509_STORE_CTX 结构体,第二个参数可以是 X509_V_FLAG_IGNORE_CRITICAL 、X509_V_FLAG_CB_ISSUER_CHECK 、X509_V_FLAG_CRL_CHECK、X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL等
csc = X509_STORE_CTX_new();
if(!X509_STORE_CTX_init(csc,cert_ctx ,x1,NULL))
return -1;
//开始校验
i=0;
i=X509_verify_cert(csc);
X509_STORE_CTX_free(csc);
BIO_free(cert);
return i;
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -