93 */
94 int
95 get_cert_chain(PKG_ERR *err, X509 *cert, STACK_OF(X509) *clcerts,
96 STACK_OF(X509) *cas, STACK_OF(X509) **chain)
97 {
98 X509_STORE_CTX *store_ctx = NULL;
99 X509_STORE *ca_store = NULL;
100 X509 *ca_cert = NULL;
101 int i;
102 int ret = 0;
103
104 if ((ca_store = X509_STORE_new()) == NULL) {
105 pkgerr_add(err, PKGERR_NOMEM,
106 gettext(ERR_MEM));
107 ret = 1;
108 goto cleanup;
109 }
110
111 /* add all ca certs into the store */
112 for (i = 0; i < sk_X509_num(cas); i++) {
113 /* LINTED pointer cast may result in improper alignment */
114 ca_cert = sk_X509_value(cas, i);
115 if (X509_STORE_add_cert(ca_store, ca_cert) == 0) {
116 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
117 ret = 1;
118 goto cleanup;
119 }
120 }
121
122 /* initialize context object used during the chain resolution */
123
124 if ((store_ctx = X509_STORE_CTX_new()) == NULL) {
125 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
126 ret = 1;
127 goto cleanup;
128 }
129
130 (void) X509_STORE_CTX_init(store_ctx, ca_store, cert, clcerts);
131 /* attempt to verify the cert, which builds the cert chain */
132 if (X509_verify_cert(store_ctx) <= 0) {
133 pkgerr_add(err, PKGERR_CHAIN,
157 * Arguments: cert - The certificate to get the name from
158 *
159 * Returns : A static buffer containing the common name (CN) of the
160 * subject of the cert.
161 *
162 * if the CN is not available, returns a string with the entire
163 * X509 distinguished name.
164 */
165 char
166 *get_subject_display_name(X509 *cert)
167 {
168
169 X509_NAME *xname;
170 static char sname[ATTR_MAX];
171
172 xname = X509_get_subject_name(cert);
173 if (X509_NAME_get_text_by_NID(xname,
174 NID_commonName, sname,
175 ATTR_MAX) <= 0) {
176 (void) strncpy(sname,
177 X509_NAME_oneline(xname,
178 NULL, 0), ATTR_MAX);
179 sname[ATTR_MAX - 1] = '\0';
180 }
181 return (sname);
182 }
183
184 /*
185 * Name: get_display_name
186 * Description: Retrieves a name used for identifying a certificate's issuer.
187 *
188 * Arguments: cert - The certificate to get the name from
189 *
190 * Returns : A static buffer containing the common name (CN)
191 * of the issuer of the cert.
192 *
193 * if the CN is not available, returns a string with the entire
194 * X509 distinguished name.
195 */
196 char
197 *get_issuer_display_name(X509 *cert)
198 {
199
200 X509_NAME *xname;
201 static char sname[ATTR_MAX];
202
203 xname = X509_get_issuer_name(cert);
204 if (X509_NAME_get_text_by_NID(xname,
205 NID_commonName, sname,
206 ATTR_MAX) <= 0) {
207 (void) strncpy(sname,
208 X509_NAME_oneline(xname,
209 NULL, 0), ATTR_MAX);
210 sname[ATTR_MAX - 1] = '\0';
211 }
212 return (sname);
213 }
214
215
216 /*
217 * Name: get_serial_num
218 * Description: Retrieves the serial number of an X509 cert
219 *
220 * Arguments: cert - The certificate to get the data from
221 *
222 * Returns : A static buffer containing the serial number
223 * of the cert
224 *
225 * if the SN is not available, returns NULL
226 */
227 char
228 *get_serial_num(X509 *cert)
229 {
|
93 */
94 int
95 get_cert_chain(PKG_ERR *err, X509 *cert, STACK_OF(X509) *clcerts,
96 STACK_OF(X509) *cas, STACK_OF(X509) **chain)
97 {
98 X509_STORE_CTX *store_ctx = NULL;
99 X509_STORE *ca_store = NULL;
100 X509 *ca_cert = NULL;
101 int i;
102 int ret = 0;
103
104 if ((ca_store = X509_STORE_new()) == NULL) {
105 pkgerr_add(err, PKGERR_NOMEM,
106 gettext(ERR_MEM));
107 ret = 1;
108 goto cleanup;
109 }
110
111 /* add all ca certs into the store */
112 for (i = 0; i < sk_X509_num(cas); i++) {
113 ca_cert = sk_X509_value(cas, i);
114 if (X509_STORE_add_cert(ca_store, ca_cert) == 0) {
115 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
116 ret = 1;
117 goto cleanup;
118 }
119 }
120
121 /* initialize context object used during the chain resolution */
122
123 if ((store_ctx = X509_STORE_CTX_new()) == NULL) {
124 pkgerr_add(err, PKGERR_NOMEM, gettext(ERR_MEM));
125 ret = 1;
126 goto cleanup;
127 }
128
129 (void) X509_STORE_CTX_init(store_ctx, ca_store, cert, clcerts);
130 /* attempt to verify the cert, which builds the cert chain */
131 if (X509_verify_cert(store_ctx) <= 0) {
132 pkgerr_add(err, PKGERR_CHAIN,
156 * Arguments: cert - The certificate to get the name from
157 *
158 * Returns : A static buffer containing the common name (CN) of the
159 * subject of the cert.
160 *
161 * if the CN is not available, returns a string with the entire
162 * X509 distinguished name.
163 */
164 char
165 *get_subject_display_name(X509 *cert)
166 {
167
168 X509_NAME *xname;
169 static char sname[ATTR_MAX];
170
171 xname = X509_get_subject_name(cert);
172 if (X509_NAME_get_text_by_NID(xname,
173 NID_commonName, sname,
174 ATTR_MAX) <= 0) {
175 (void) strncpy(sname,
176 X509_NAME_oneline(xname, NULL, 0), ATTR_MAX);
177 sname[ATTR_MAX - 1] = '\0';
178 }
179 return (sname);
180 }
181
182 /*
183 * Name: get_display_name
184 * Description: Retrieves a name used for identifying a certificate's issuer.
185 *
186 * Arguments: cert - The certificate to get the name from
187 *
188 * Returns : A static buffer containing the common name (CN)
189 * of the issuer of the cert.
190 *
191 * if the CN is not available, returns a string with the entire
192 * X509 distinguished name.
193 */
194 char
195 *get_issuer_display_name(X509 *cert)
196 {
197
198 X509_NAME *xname;
199 static char sname[ATTR_MAX];
200
201 xname = X509_get_issuer_name(cert);
202 if (X509_NAME_get_text_by_NID(xname,
203 NID_commonName, sname,
204 ATTR_MAX) <= 0) {
205 (void) strncpy(sname,
206 X509_NAME_oneline(xname, NULL, 0), ATTR_MAX);
207 sname[ATTR_MAX - 1] = '\0';
208 }
209 return (sname);
210 }
211
212
213 /*
214 * Name: get_serial_num
215 * Description: Retrieves the serial number of an X509 cert
216 *
217 * Arguments: cert - The certificate to get the data from
218 *
219 * Returns : A static buffer containing the serial number
220 * of the cert
221 *
222 * if the SN is not available, returns NULL
223 */
224 char
225 *get_serial_num(X509 *cert)
226 {
|