Monday, 15 August 2011

ssl - Unable to perform CRL check during certificate validation in OpenSSL -



ssl - Unable to perform CRL check during certificate validation in OpenSSL -

i trying perform certificate validation using openssl crl check.

i able using command prompt both below mentioned commands -

1. openssl verify -crl_check -cafile ca_crl.pem recipient_cert.pem 2. openssl verify -crl_check -crlfile crls.pem -cafile ca.pem mycert.pem

in first command ca_crl.pem contains both ca certificate , crl content. , in sec command ca , crl mentioned in different files.

now want perform same operation using c code. refered below link maintain getting homecoming value 0 x509_verify_cert no error codes give hint.

http://etutorials.org/programming/secure+programming/chapter+10.+public+key+infrastructure/10.5+performing+x.509+certificate+verification+with+openssl/

any pointers mistake?

update 1:

i trying different approach. curent code. getting homecoming value 1 x509_verify_cert should getting error code 12 crl has expired error.

this code -

void printerror() { __android_log_print(android_log_debug, "openssljni", "\nprinting errors"); long err = err_get_error(); while (err != 0 ) { char buf[130]; char* ptr = err_error_string(err, buf); __android_log_print(android_log_debug, "openssljni", "\nerror buffer: %s", buf); err = err_get_error(); } }

//verification code starts.

x509* x509 = initialised; stack_of(x509) *certs = initialised; char* cafile = initialised; x509_store *cert_ctx=x509_store_new(); if (cert_ctx == null) { homecoming 0; } x509_store_set_verify_cb(cert_ctx,cb); x509_lookup *lookup=x509_store_add_lookup(cert_ctx,x509_lookup_file()); if (cafile) { i=x509_lookup_load_file(lookup,cafile,x509_filetype_pem); if(!i) { __android_log_print(android_log_debug, "openssljni", "\nerror loading file %s\n", cafile); //bio_printf(bio_err, "error loading file %s\n", cafile); //err_print_errors(bio_err); //goto end; } } else { x509_lookup_load_file(lookup,null,x509_filetype_default); } x509_store_ctx *csc = x509_store_ctx_new(); if (csc != null) { x509_store_set_flags(cert_ctx, x509_v_flag_crl_check); if(x509_store_ctx_init(csc, cert_ctx, x509, certs)) { x509_store_ctx_set_flags(csc, x509_v_flag_crl_check); __android_log_print(android_log_debug, "openssljni", "\ncalling x509_verify_cert"); int = x509_verify_cert(csc); int ret = 0; if (i > 0) { ret=1; } __android_log_print(android_log_debug, "openssljni", "\nreturn value: %d", i); printerror(); return(ret); } }

ssl openssl certificate x509certificate x509

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)