view common/certhelp.c @ 592:778f74d0706f

Verify the binary directly without relying on settings (which might differ)
author Andre Heinecke <aheinecke@intevation.de>
date Wed, 28 May 2014 08:36:05 +0000
parents 17e1c8f37d72
children 265583011f24
line wrap: on
line source
/* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
 * Software engineering by Intevation GmbH
 *
 * This file is Free Software under the GNU GPL (v>=2)
 * and comes with ABSOLUTELY NO WARRANTY!
 * See LICENSE.txt for details.
 */
#include <stdlib.h>

#include "certhelp.h"
#include "logging.h"
#include "errorcodes.h"
#include "strhelp.h"

char *
get_oid_valstr(x509_name *namebuf, unsigned char *oid)
{
  char *str = NULL;
  size_t oid_len = strlen((char *)oid);
  while ( namebuf != NULL )
    {
      if ( (namebuf->oid.len == oid_len) &&
           (memcmp(namebuf->oid.p, oid, oid_len) == 0) )
        {
          str = xstrndup((char *)namebuf->val.p, namebuf->val.len);
          break;
        }
      namebuf = namebuf->next;
    }
  return str;
}

char *
x509_parse_subject(unsigned char *derdata, size_t derlen,
                   unsigned char *oid)
{
  x509_crt chain;
  char *str;

  x509_crt_init(&chain);
  if (x509_crt_parse_der(&chain, derdata, derlen) != 0)
    {
      ERRORPRINTF("Could not parse certificate!\n");
      return NULL;
    }
  else
    {
      str = get_oid_valstr(&(chain.subject), oid);
      x509_crt_free(&chain);
    }
  return str;
}

http://wald.intevation.org/projects/trustbridge/