Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to verify a X509 certificate in C

Tags:

c

certificate

openssl

x509certificate

x509

I have a certificate in X509 format. this a input parameters in a function. What I would like to do is to verify the validity of the certificate. How can it be done? 

X509_verify_cert();

I found this function, but this does not accept a X509* certificate, it accepts X509_store and I only have a X509.

Thanks best regards.

like image 648
mmm Avatar asked Apr 05 '13 14:04

mmm

2 Answers

To verify a certificate signature, you need the public key of an issuer certificate. This issuer certificate's signature is verified with another issuing certificate (or trusted root certificate). Thus if a certificate's signature verifies all the way up a chain to a trusted root, then that certificate is considered trusted.

Self-signed certificates' signatures are verified using their own public key, like the example below:

int verify_cert(const char* pem_c_str)
{
    BIO *bio_mem = BIO_new(BIO_s_mem());
    BIO_puts(bio_mem, pem_c_str);
    X509 * x509 = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL);

    EVP_PKEY *pkey=X509_get_pubkey(x509);
    int r= X509_verify(x509, pkey);
    EVP_PKEY_free(pkey);

    BIO_free(bio_mem);
    X509_free(x509);
    return r;
}

from: http://www.zedwood.com/article/openssl-c-verify-self-signed-certificate-signature

like image 197
velcrow Avatar answered Sep 26 '22 23:09

velcrow

I am here just to post my answer as I found it with the above comments.

I had no certificate chain, so in the work I'm doing I only have a certificate generated by me programatically. I wanted to check the validity of it, so I created the following function, which checks the certificate against itself in other to verify the validity of it.

void check_certificate_validaty(X509* certificate)
{
    int status;
    X509_STORE_CTX *ctx;
    ctx = X509_STORE_CTX_new();
    X509_STORE *store = X509_STORE_new();

    X509_STORE_add_cert(store, certificate);

    X509_STORE_CTX_init(ctx, store, certificate, NULL);

    status = X509_verify_cert(ctx);
    if(status == 1)
    {
        printf("Certificate verified ok\n");
    }else
    {
        printf("%s\n", X509_verify_cert_error_string(ctx->error));
    }
}

Hope this helps someone :)

like image 32
mmm Avatar answered Sep 25 '22 23:09

mmm
Sign in to Comment

Related questions

Is it possible to run C code directly in the browser?
How can I programmatically find the IP address/netmask/gateway configured for a specific network device in Linux?
C: enum VS #define for mathematical constants?
linux c - get server hostname?
Unblock recvfrom when socket is closed
How to get Module HANDLE from func ptr in Win32?
How to debug a crash before main?
Scope of typedefs
Unexpected return value from fread()
Passing char pointer in C
Simulating ARM code
Why there isn't a single bit data type in C/C++? [duplicate]
Where is the Don't Fragment Bit of the IP Flags used?
How to find memory leaks in source code
snprintf vs. strcpy (etc.) in C
How to initialize a pointer to a specific memory address in C++ [duplicate]
expected identifier or ‘(’ before numeric constant?
High Order Bits - Take them and make a uint64_t into a uint8_t
why to register struct cdev in driver code
How to call a C++ method from C? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!