本文整理汇总了C++中ASN1_STRING_data函数的典型用法代码示例。如果您正苦于以下问题:C++ ASN1_STRING_data函数的具体用法?C++ ASN1_STRING_data怎么用?C++ ASN1_STRING_data使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ASN1_STRING_data函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: X509_get_subject_name
void OpenSSLCertificate::parse() {
if (!cert) {
return;
}
// Subject name
X509_NAME* subjectName = X509_get_subject_name(cert.get());
if (subjectName) {
// Subject name
ByteArray subjectNameData;
subjectNameData.resize(256);
X509_NAME_oneline(X509_get_subject_name(cert.get()), reinterpret_cast<char*>(subjectNameData.getData()), subjectNameData.getSize());
this->subjectName = std::string(reinterpret_cast<const char*>(subjectNameData.getData()));
// Common name
int cnLoc = X509_NAME_get_index_by_NID(subjectName, NID_commonName, -1);
while (cnLoc != -1) {
X509_NAME_ENTRY* cnEntry = X509_NAME_get_entry(subjectName, cnLoc);
ASN1_STRING* cnData = X509_NAME_ENTRY_get_data(cnEntry);
commonNames.push_back(ByteArray(cnData->data, cnData->length).toString());
cnLoc = X509_NAME_get_index_by_NID(subjectName, NID_commonName, cnLoc);
}
}
// subjectAltNames
int subjectAltNameLoc = X509_get_ext_by_NID(cert.get(), NID_subject_alt_name, -1);
if(subjectAltNameLoc != -1) {
X509_EXTENSION* extension = X509_get_ext(cert.get(), subjectAltNameLoc);
boost::shared_ptr<GENERAL_NAMES> generalNames(reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(extension)), GENERAL_NAMES_free);
boost::shared_ptr<ASN1_OBJECT> xmppAddrObject(OBJ_txt2obj(ID_ON_XMPPADDR_OID, 1), ASN1_OBJECT_free);
boost::shared_ptr<ASN1_OBJECT> dnsSRVObject(OBJ_txt2obj(ID_ON_DNSSRV_OID, 1), ASN1_OBJECT_free);
for (int i = 0; i < sk_GENERAL_NAME_num(generalNames.get()); ++i) {
GENERAL_NAME* generalName = sk_GENERAL_NAME_value(generalNames.get(), i);
if (generalName->type == GEN_OTHERNAME) {
OTHERNAME* otherName = generalName->d.otherName;
if (OBJ_cmp(otherName->type_id, xmppAddrObject.get()) == 0) {
// XmppAddr
if (otherName->value->type != V_ASN1_UTF8STRING) {
continue;
}
ASN1_UTF8STRING* xmppAddrValue = otherName->value->value.utf8string;
addXMPPAddress(ByteArray(ASN1_STRING_data(xmppAddrValue), ASN1_STRING_length(xmppAddrValue)).toString());
}
else if (OBJ_cmp(otherName->type_id, dnsSRVObject.get()) == 0) {
// SRVName
if (otherName->value->type != V_ASN1_IA5STRING) {
continue;
}
ASN1_IA5STRING* srvNameValue = otherName->value->value.ia5string;
addSRVName(ByteArray(ASN1_STRING_data(srvNameValue), ASN1_STRING_length(srvNameValue)).toString());
}
}
else if (generalName->type == GEN_DNS) {
// DNSName
addDNSName(ByteArray(ASN1_STRING_data(generalName->d.dNSName), ASN1_STRING_length(generalName->d.dNSName)).toString());
}
}
}
}
开发者ID:bessey,项目名称:picnic-doc-server,代码行数:59,代码来源:OpenSSLCertificate.cpp
示例2: s2n_verify_host_information
/*
* For each name in the cert. Iterate them. Call the callback. If one returns true, then consider it validated,
* if none of them return true, the cert is considered invalid.
*/
static uint8_t s2n_verify_host_information(struct s2n_x509_validator *validator, struct s2n_connection *conn, X509 *public_cert) {
uint8_t verified = 0;
uint8_t san_found = 0;
/* Check SubjectAltNames before CommonName as per RFC 6125 6.4.4 */
STACK_OF(GENERAL_NAME) *names_list = X509_get_ext_d2i(public_cert, NID_subject_alt_name, NULL, NULL);
int n = sk_GENERAL_NAME_num(names_list);
for (int i = 0; i < n && !verified; i++) {
GENERAL_NAME *current_name = sk_GENERAL_NAME_value(names_list, i);
if (current_name->type == GEN_DNS) {
san_found = 1;
const char *name = (const char *) ASN1_STRING_data(current_name->d.ia5);
size_t name_len = (size_t) ASN1_STRING_length(current_name->d.ia5);
verified = conn->verify_host_fn(name, name_len, conn->data_for_verify_host);
}
}
GENERAL_NAMES_free(names_list);
/* if no SubjectAltNames of type DNS found, go to the common name. */
if (!san_found) {
X509_NAME *subject_name = X509_get_subject_name(public_cert);
if (subject_name) {
int next_idx = 0, curr_idx = -1;
while ((next_idx = X509_NAME_get_index_by_NID(subject_name, NID_commonName, curr_idx)) >= 0) {
curr_idx = next_idx;
}
if (curr_idx >= 0) {
ASN1_STRING *common_name =
X509_NAME_ENTRY_get_data(X509_NAME_get_entry(subject_name, curr_idx));
if (common_name) {
char peer_cn[255];
static size_t peer_cn_size = sizeof(peer_cn);
memset_check(&peer_cn, 0, peer_cn_size);
// X520CommonName allows the following ANSI string types per RFC 5280 Appendix A.1
if (ASN1_STRING_type(common_name) == V_ASN1_TELETEXSTRING ||
ASN1_STRING_type(common_name) == V_ASN1_PRINTABLESTRING ||
ASN1_STRING_type(common_name) == V_ASN1_UNIVERSALSTRING ||
ASN1_STRING_type(common_name) == V_ASN1_UTF8STRING ||
ASN1_STRING_type(common_name) == V_ASN1_BMPSTRING ) {
size_t len = (size_t) ASN1_STRING_length(common_name);
lte_check(len, sizeof(peer_cn) - 1);
memcpy_check(peer_cn, ASN1_STRING_data(common_name), len);
verified = conn->verify_host_fn(peer_cn, len, conn->data_for_verify_host);
}
}
}
}
}
return verified;
}
开发者ID:gibson-compsci,项目名称:s2n,代码行数:63,代码来源:s2n_x509_validator.c
示例3: _mosquitto_verify_certificate_hostname
/* This code is based heavily on the example provided in "Secure Programming
* Cookbook for C and C++".
*/
int _mosquitto_verify_certificate_hostname(X509 *cert, const char *hostname)
{
int i;
char name[256];
X509_NAME *subj;
bool have_san_dns = false;
STACK_OF(GENERAL_NAME) *san;
const GENERAL_NAME *nval;
const unsigned char *data;
unsigned char ipv6_addr[16];
unsigned char ipv4_addr[4];
int ipv6_ok;
int ipv4_ok;
#ifdef WIN32
ipv6_ok = InetPton(AF_INET6, hostname, &ipv6_addr);
ipv4_ok = InetPton(AF_INET, hostname, &ipv4_addr);
#else
ipv6_ok = inet_pton(AF_INET6, hostname, &ipv6_addr);
ipv4_ok = inet_pton(AF_INET, hostname, &ipv4_addr);
#endif
san = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if(san){
for(i=0; i<sk_GENERAL_NAME_num(san); i++){
nval = sk_GENERAL_NAME_value(san, i);
if(nval->type == GEN_DNS){
data = ASN1_STRING_data(nval->d.dNSName);
if(data && match_hostname((char *)data, hostname)){
return 1;
}
have_san_dns = true;
}else if(nval->type == GEN_IPADD){
data = ASN1_STRING_data(nval->d.iPAddress);
if(nval->d.iPAddress->length == 4 && ipv4_ok){
if(!memcmp(ipv4_addr, data, 4)){
return 1;
}
}else if(nval->d.iPAddress->length == 16 && ipv6_ok){
if(!memcmp(ipv6_addr, data, 16)){
return 1;
}
}
}
}
if(have_san_dns){
/* Only check CN if subjectAltName DNS entry does not exist. */
return 0;
}
}
subj = X509_get_subject_name(cert);
if(X509_NAME_get_text_by_NID(subj, NID_commonName, name, sizeof(name)) > 0){
name[sizeof(name) - 1] = '\0';
if (!strcasecmp(name, hostname)) return 1;
}
return 0;
}
开发者ID:yashh,项目名称:MQTTKit,代码行数:60,代码来源:tls_mosq.c
示例4: ASN1_TYPE_get_int_octetstring
/* int max_len: for returned value */
int
ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
int max_len)
{
int ret = -1, n;
ASN1_INTEGER *ai = NULL;
ASN1_OCTET_STRING *os = NULL;
const unsigned char *p;
long length;
ASN1_const_CTX c;
if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {
goto err;
}
p = ASN1_STRING_data(a->value.sequence);
length = ASN1_STRING_length(a->value.sequence);
c.pp = &p;
c.p = p;
c.max = p + length;
c.error = ASN1_R_DATA_IS_WRONG;
M_ASN1_D2I_start_sequence();
c.q = c.p;
if ((ai = d2i_ASN1_INTEGER(NULL, &c.p, c.slen)) == NULL)
goto err;
c.slen -= (c.p - c.q);
c.q = c.p;
if ((os = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
goto err;
c.slen -= (c.p - c.q);
if (!M_ASN1_D2I_end_sequence())
goto err;
if (num != NULL)
*num = ASN1_INTEGER_get(ai);
ret = ASN1_STRING_length(os);
if (max_len > ret)
n = ret;
else
n = max_len;
if (data != NULL)
memcpy(data, ASN1_STRING_data(os), n);
if (0) {
err:
ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,
ASN1_R_DATA_IS_WRONG);
}
M_ASN1_OCTET_STRING_free(os);
M_ASN1_INTEGER_free(ai);
return (ret);
}
开发者ID:GyazSquare,项目名称:LibreSSL-Framework,代码行数:55,代码来源:evp_asn1.c
示例5: _SSL_check_server_cert
/* Server certificate name check, logic adapted from libcurl */
static int
_SSL_check_server_cert(SSL *ssl, const char *hostname)
{
X509 *cert;
X509_NAME *subject;
const GENERAL_NAME *altname;
STACK_OF(GENERAL_NAME) *altnames;
ASN1_STRING *tmp;
int i, n, match = -1;
const char *p;
if (SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE ||
(cert = SSL_get_peer_certificate(ssl)) == NULL) {
return (1);
}
/* Check subjectAltName */
if ((altnames = X509_get_ext_d2i(cert, NID_subject_alt_name,
NULL, NULL)) != NULL) {
n = sk_GENERAL_NAME_num(altnames);
for (i = 0; i < n && match != 1; i++) {
altname = sk_GENERAL_NAME_value(altnames, i);
p = (char *)ASN1_STRING_data(altname->d.ia5);
if (altname->type == GEN_DNS) {
match = (ASN1_STRING_length(altname->d.ia5) ==
strlen(p) && match_pattern(hostname, p));
}
}
GENERAL_NAMES_free(altnames);
}
/* No subjectAltName, try CN */
if (match == -1 &&
(subject = X509_get_subject_name(cert)) != NULL) {
for (i = -1; (n = X509_NAME_get_index_by_NID(subject,
NID_commonName, i)) >= 0; ) {
i = n;
}
if (i >= 0) {
if ((tmp = X509_NAME_ENTRY_get_data(
X509_NAME_get_entry(subject, i))) != NULL &&
ASN1_STRING_type(tmp) == V_ASN1_UTF8STRING) {
p = (char *)ASN1_STRING_data(tmp);
match = (ASN1_STRING_length(tmp) ==
strlen(p) && match_pattern(hostname, p));
}
}
}
X509_free(cert);
return (match > 0);
}
开发者ID:dhawes,项目名称:libduo,代码行数:52,代码来源:https.c
示例6: get_subject
static PyObject *
get_subject (certificate_x509 *self, PyObject *args)
{
if (!PyArg_ParseTuple (args, "")) {
return NULL;
}
X509_NAME *name = X509_get_subject_name (self->x509);
int entries = X509_NAME_entry_count (name);
int i;
PyObject *dict = PyDict_New ();
for (i = 0; i < entries; i++) {
X509_NAME_ENTRY *entry = X509_NAME_get_entry (name, i);
ASN1_OBJECT *obj = X509_NAME_ENTRY_get_object (entry);
ASN1_STRING *data = X509_NAME_ENTRY_get_data (entry);
PyObject *key =
PyString_FromString (OBJ_nid2sn (OBJ_obj2nid (obj)));
PyObject *value = PyString_FromString ((const char *)
ASN1_STRING_data (data));
PyDict_SetItem (dict, key, value);
Py_DECREF (key);
Py_DECREF (value);
}
return dict;
}
开发者ID:jlsherrill,项目名称:python-rhsm,代码行数:29,代码来源:certificate.c
示例7: validate_name
static HostnameValidationResult validate_name(const char *hostname, ASN1_STRING *certname_asn1) {
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
char *certname_s = (char *) ASN1_STRING_get0_data(certname_asn1);
#else
char *certname_s = (char *) ASN1_STRING_data(certname_asn1);
#endif
int certname_len = ASN1_STRING_length(certname_asn1), hostname_len = strlen(hostname);
// Make sure there isn't an embedded NUL character in the DNS name
if (has_nul(certname_s, certname_len)) {
return MalformedCertificate;
}
// remove last '.' from hostname
if (hostname_len != 0 && hostname[hostname_len - 1] == '.')
--hostname_len;
// skip the first segment if wildcard
if (certname_len > 2 && certname_s[0] == '*' && certname_s[1] == '.') {
if (hostname_len != 0) {
do {
--hostname_len;
if (*hostname++ == '.')
break;
} while (hostname_len != 0);
}
certname_s += 2;
certname_len -= 2;
}
// Compare expected hostname with the DNS name
if (certname_len != hostname_len) {
return MatchNotFound;
}
return memeq_ncase(hostname, certname_s, hostname_len) ? MatchFound : MatchNotFound;
}
开发者ID:devnexen,项目名称:h2o,代码行数:33,代码来源:openssl_hostname_validation.c
示例8: memcpy
/* Convert an ASN1 string which may not be null terminated into a
* standard null terminated string. Also check for embedded null
* characters.
*/
char *asn1_to_cstr(ASN1_STRING *astr)
{
unsigned int astr_len = 0;
char *tmp = NULL;
char *cstr = NULL;
if (!(astr_len = (unsigned int) ASN1_STRING_length(astr))) {
return NULL;
}
if (!(tmp = (char *)ASN1_STRING_data(astr))) {
return NULL;
}
/* Verify that the string does not contain embedded null characters.
*/
if (memchr(tmp, '\0', astr_len)) {
return NULL;
}
if ((cstr = (char *) malloc(astr_len + 1)) == NULL) {
return NULL;
}
memcpy(cstr, tmp, astr_len);
cstr[astr_len] = '\0';
return cstr;
}
开发者ID:Cryptophobia,项目名称:ossec-wazuh,代码行数:33,代码来源:check_cert.c
示例9: OPENSSL_assert
TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX (TS_REQ * req, TS_VERIFY_CTX * ctx)
{
TS_VERIFY_CTX *ret = ctx;
ASN1_OBJECT *policy;
TS_MSG_IMPRINT *imprint;
X509_ALGOR *md_alg;
ASN1_OCTET_STRING *msg;
const ASN1_INTEGER *nonce;
OPENSSL_assert (req != NULL);
if (ret)
TS_VERIFY_CTX_cleanup (ret);
else if (!(ret = TS_VERIFY_CTX_new ()))
return NULL;
/* Setting flags. */
ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
/* Setting policy. */
if ((policy = TS_REQ_get_policy_id (req)) != NULL)
{
if (!(ret->policy = OBJ_dup (policy)))
goto err;
}
else
ret->flags &= ~TS_VFY_POLICY;
/* Setting md_alg, imprint and imprint_len. */
imprint = TS_REQ_get_msg_imprint (req);
md_alg = TS_MSG_IMPRINT_get_algo (imprint);
if (!(ret->md_alg = X509_ALGOR_dup (md_alg)))
goto err;
msg = TS_MSG_IMPRINT_get_msg (imprint);
ret->imprint_len = ASN1_STRING_length (msg);
if (!(ret->imprint = OPENSSL_malloc (ret->imprint_len)))
goto err;
memcpy (ret->imprint, ASN1_STRING_data (msg), ret->imprint_len);
/* Setting nonce. */
if ((nonce = TS_REQ_get_nonce (req)) != NULL)
{
if (!(ret->nonce = ASN1_INTEGER_dup (nonce)))
goto err;
}
else
ret->flags &= ~TS_VFY_NONCE;
return ret;
err:
if (ctx)
TS_VERIFY_CTX_cleanup (ctx);
else
TS_VERIFY_CTX_free (ret);
return NULL;
}
开发者ID:274914765,项目名称:C,代码行数:60,代码来源:ts_verify_ctx.c
示例10: get_peer_common_name
static char *
get_peer_common_name(const struct ssl_stream *sslv)
{
X509 *peer_cert = SSL_get_peer_certificate(sslv->ssl);
if (!peer_cert) {
return NULL;
}
int cn_index = X509_NAME_get_index_by_NID(X509_get_subject_name(peer_cert),
NID_commonName, -1);
if (cn_index < 0) {
return NULL;
}
X509_NAME_ENTRY *cn_entry = X509_NAME_get_entry(
X509_get_subject_name(peer_cert), cn_index);
if (!cn_entry) {
return NULL;
}
ASN1_STRING *cn_data = X509_NAME_ENTRY_get_data(cn_entry);
if (!cn_data) {
return NULL;
}
const char *cn;
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined (LIBRESSL_VERSION_NUMBER)
/* ASN1_STRING_data() is deprecated as of OpenSSL version 1.1 */
cn = (const char *)ASN1_STRING_data(cn_data);
#else
cn = (const char *)ASN1_STRING_get0_data(cn_data);
#endif
return xstrdup(cn);
}
开发者ID:openvswitch,项目名称:ovs,代码行数:34,代码来源:stream-ssl.c
示例11: openssl_new_xattribute
static X509_ATTRIBUTE* openssl_new_xattribute(lua_State*L, X509_ATTRIBUTE** a, int idx, int utf8)
{
int arttype;
size_t len;
int nid;
const char* data;
lua_getfield(L, idx, "object");
nid = openssl_get_nid(L, -1);
lua_pop(L, 1);
lua_getfield(L, idx, "type");
arttype = openssl_get_asn1type(L, -1);
lua_pop(L, 1);
lua_getfield(L, idx, "value");
if(lua_isuserdata(L, -1))
{
ASN1_STRING* value = CHECK_OBJECT(-1, ASN1_STRING, "openssl.asn1_string");
data = ASN1_STRING_data(value);
len = ASN1_STRING_length(value);
}else
data = luaL_checklstring(L, idx, &len);
lua_pop(L, 1);
return X509_ATTRIBUTE_create_by_NID(a, nid, arttype, data, len);
}
开发者ID:Udo,项目名称:lua-openssl,代码行数:27,代码来源:xattrs.c
示例12: dh_cms_set_peerkey
static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
{
ASN1_OBJECT *aoid;
int atype;
void *aval;
ASN1_INTEGER *public_key = NULL;
int rv = 0;
EVP_PKEY *pkpeer = NULL, *pk = NULL;
DH *dhpeer = NULL;
const unsigned char *p;
int plen;
X509_ALGOR_get0(&aoid, &atype, &aval, alg);
if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
goto err;
/* Only absent parameters allowed in RFC XXXX */
if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
goto err;
pk = EVP_PKEY_CTX_get0_pkey(pctx);
if (!pk)
goto err;
if (pk->type != EVP_PKEY_DHX)
goto err;
/* Get parameters from parent key */
dhpeer = DHparams_dup(pk->pkey.dh);
/* We have parameters now set public key */
plen = ASN1_STRING_length(pubkey);
p = ASN1_STRING_data(pubkey);
if (!p || !plen)
goto err;
if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, plen))) {
DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR);
goto err;
}
/* We have parameters now set public key */
if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) {
DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR);
goto err;
}
pkpeer = EVP_PKEY_new();
if (!pkpeer)
goto err;
EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
dhpeer = NULL;
if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
rv = 1;
err:
if (public_key)
ASN1_INTEGER_free(public_key);
if (pkpeer)
EVP_PKEY_free(pkpeer);
if (dhpeer)
DH_free(dhpeer);
return rv;
}
开发者ID:Orav,项目名称:kbengine,代码行数:60,代码来源:dh_ameth.c
示例13: matches_common_name
static int matches_common_name(const char *hostname, const X509 *server_cert)
{
int common_name_loc = -1;
X509_NAME_ENTRY *common_name_entry = 0;
ASN1_STRING *common_name_asn1 = 0;
char *common_name_str = 0;
common_name_loc = X509_NAME_get_index_by_NID(X509_get_subject_name(
(X509 *) server_cert),
NID_commonName, -1);
if (common_name_loc < 0) {
return Error;
}
common_name_entry = X509_NAME_get_entry(
X509_get_subject_name(
(X509 *) server_cert),
common_name_loc);
if (!common_name_entry) {
return Error;
}
common_name_asn1 = X509_NAME_ENTRY_get_data(common_name_entry);
if (!common_name_asn1) {
return Error;
}
common_name_str = (char *) ASN1_STRING_data(common_name_asn1);
if (ASN1_STRING_length(common_name_asn1) != strlen(common_name_str)) {
return MalformedCertificate;
}
if (!strcasecmp(hostname, common_name_str)) {
return MatchFound;
}
else {
return MatchNotFound;
}
}
开发者ID:kidd,项目名称:turbo,代码行数:35,代码来源:turbo_ffi_wrap.c
示例14: msg_panic
const char *tls_dns_name(const GENERAL_NAME * gn,
const TLS_SESS_STATE *TLScontext)
{
const char *myname = "tls_dns_name";
char *cp;
const char *dnsname;
int len;
/*
* Peername checks are security sensitive, carefully scrutinize the
* input!
*/
if (gn->type != GEN_DNS)
msg_panic("%s: Non DNS input argument", myname);
/*
* We expect the OpenSSL library to construct GEN_DNS extesion objects as
* ASN1_IA5STRING values. Check we got the right union member.
*/
if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING) {
msg_warn("%s: %s: invalid ASN1 value type in subjectAltName",
myname, TLScontext->namaddr);
return (0);
}
/*
* Safe to treat as an ASCII string possibly holding a DNS name
*/
dnsname = (char *) ASN1_STRING_data(gn->d.ia5);
len = ASN1_STRING_length(gn->d.ia5);
TRIM0(dnsname, len);
/*
* Per Dr. Steven Henson of the OpenSSL development team, ASN1_IA5STRING
* values can have internal ASCII NUL values in this context because
* their length is taken from the decoded ASN1 buffer, a trailing NUL is
* always appended to make sure that the string is terminated, but the
* ASN.1 length may differ from strlen().
*/
if (len != strlen(dnsname)) {
msg_warn("%s: %s: internal NUL in subjectAltName",
myname, TLScontext->namaddr);
return 0;
}
/*
* XXX: Should we be more strict and call valid_hostname()? So long as
* the name is safe to handle, if it is not a valid hostname, it will not
* compare equal to the expected peername, so being more strict than
* "printable" is likely excessive...
*/
if (*dnsname && !allprint(dnsname)) {
cp = mystrdup(dnsname);
msg_warn("%s: %s: non-printable characters in subjectAltName: %.100s",
myname, TLScontext->namaddr, printable(cp, '?'));
myfree(cp);
return 0;
}
return (dnsname);
}
开发者ID:Jingeun,项目名称:tongsu_smtp,代码行数:60,代码来源:tls_verify.c
示例15: pub_encode_gost94
static int pub_encode_gost94(X509_PUBKEY *pub,const EVP_PKEY *pk)
{
ASN1_OBJECT *algobj = NULL;
ASN1_OCTET_STRING *octet = NULL;
void *pval = NULL;
unsigned char *buf=NULL,*databuf,*sptr;
int i,j,data_len,ret=0;
int ptype = V_ASN1_UNDEF;
DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pk);
algobj = OBJ_nid2obj(EVP_PKEY_base_id(pk));
if (pk->save_parameters)
{
ASN1_STRING *params = encode_gost_algor_params(pk);
pval = params;
ptype = V_ASN1_SEQUENCE;
}
data_len = BN_num_bytes(dsa->pub_key);
databuf = OPENSSL_malloc(data_len);
BN_bn2bin(dsa->pub_key,databuf);
octet = ASN1_OCTET_STRING_new();
ASN1_STRING_set(octet,NULL,data_len);
sptr = ASN1_STRING_data(octet);
for (i=0,j=data_len-1; i< data_len;i++,j--)
{
sptr[i]=databuf[j];
}
OPENSSL_free(databuf);
ret = i2d_ASN1_OCTET_STRING(octet,&buf);
ASN1_BIT_STRING_free(octet);
if (ret <0) return 0;
return X509_PUBKEY_set0_param(pub,algobj,ptype,pval,buf,ret);
}
开发者ID:0culus,项目名称:openssl,代码行数:33,代码来源:gost_ameth.c
示例16: genCommonName
std::string genCommonName(X509* cert) {
if (cert == nullptr) {
return "";
}
auto subject_name = X509_get_subject_name(cert);
if (subject_name == nullptr) {
return "";
}
auto nid = OBJ_txt2nid("CN");
auto index = X509_NAME_get_index_by_NID(subject_name, nid, -1);
if (index == -1) {
return "";
}
auto commonNameEntry = X509_NAME_get_entry(subject_name, index);
if (commonNameEntry == nullptr) {
return "";
}
auto commonNameData = X509_NAME_ENTRY_get_data(commonNameEntry);
auto data = ASN1_STRING_data(commonNameData);
return std::string(reinterpret_cast<char*>(data));
}
开发者ID:huamichaelchen,项目名称:osquery,代码行数:25,代码来源:keychain_utils.cpp
示例17: check_alt_names
static int
check_alt_names(X509 *cert, const char *hostname)
{
STACK_OF(GENERAL_NAME) *alt_names;
int i, num;
int ret = 1;
union {
struct in_addr v4;
struct in6_addr v6;
} ip;
unsigned ip_size = 0;
/* check whether @hostname is an ip address */
if (strchr(hostname, ':') != NULL) {
ip_size = 16;
ret = inet_pton(AF_INET6, hostname, &ip.v6);
} else {
ip_size = 4;
ret = inet_pton(AF_INET, hostname, &ip.v4);
}
if (ret == 0)
return -1;
ret = -1;
alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (!alt_names)
return ret;
num = sk_GENERAL_NAME_num(alt_names);
tdsdump_log(TDS_DBG_INFO1, "Alt names number %d\n", num);
for (i = 0; i < num; ++i) {
const char *altptr;
size_t altlen;
const GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
if (!name)
continue;
altptr = (const char *) ASN1_STRING_data(name->d.ia5);
altlen = (size_t) ASN1_STRING_length(name->d.ia5);
if (name->type == GEN_DNS && ip_size == 0) {
ret = 0;
if (!check_name_match(name->d.dNSName, hostname))
continue;
} else if (name->type == GEN_IPADD && ip_size != 0) {
ret = 0;
if (altlen != ip_size || memcmp(altptr, &ip, altlen) != 0)
continue;
} else {
continue;
}
sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
return 1;
}
sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
return ret;
}
开发者ID:hutchinson,项目名称:freetds,代码行数:60,代码来源:tls.c
示例18: GENERAL_NAMES_free
std::unique_ptr<std::list<std::string>> SSLUtil::getSubjectAltName(
const X509* cert) {
#ifdef OPENSSL_GE_101
auto nameList = folly::make_unique<std::list<std::string>>();
GENERAL_NAMES* names = (GENERAL_NAMES*)X509_get_ext_d2i(
(X509*)cert, NID_subject_alt_name, nullptr, nullptr);
if (names) {
auto guard = folly::makeGuard([names] { GENERAL_NAMES_free(names); });
size_t count = sk_GENERAL_NAME_num(names);
CHECK(count < std::numeric_limits<int>::max());
for (int i = 0; i < (int)count; ++i) {
GENERAL_NAME* generalName = sk_GENERAL_NAME_value(names, i);
if (generalName->type == GEN_DNS) {
ASN1_STRING* s = generalName->d.dNSName;
const char* name = (const char*)ASN1_STRING_data(s);
// I can't find any docs on what a negative return value here
// would mean, so I'm going to ignore it.
auto len = ASN1_STRING_length(s);
DCHECK(len >= 0);
if (size_t(len) != strlen(name)) {
// Null byte(s) in the name; return an error rather than depending on
// the caller to safely handle this case.
return nullptr;
}
nameList->emplace_back(name);
}
}
}
return nameList;
#else
return nullptr;
#endif
}
开发者ID:Abioy,项目名称:proxygen,代码行数:33,代码来源:SSLUtil.cpp
示例19: genCommonName
std::string genCommonName(X509* cert) {
if (cert == nullptr) {
return "";
}
X509_NAME* subject_name = nullptr;
OSX_OPENSSL(subject_name = X509_get_subject_name(cert));
if (subject_name == nullptr) {
return "";
}
int nid = 0;
OSX_OPENSSL(nid = OBJ_txt2nid("CN"));
int index = 0;
OSX_OPENSSL(index = X509_NAME_get_index_by_NID(subject_name, nid, -1));
if (index == -1) {
return "";
}
X509_NAME_ENTRY* commonNameEntry = nullptr;
OSX_OPENSSL(commonNameEntry = X509_NAME_get_entry(subject_name, index));
if (commonNameEntry == nullptr) {
return "";
}
ASN1_STRING* commonNameData = nullptr;
OSX_OPENSSL(commonNameData = X509_NAME_ENTRY_get_data(commonNameEntry));
unsigned char* data = nullptr;
OSX_OPENSSL(data = ASN1_STRING_data(commonNameData));
return std::string(reinterpret_cast<char*>(data));
}
开发者ID:eastebry,项目名称:osquery,代码行数:33,代码来源:keychain_utils.cpp
示例20: sigattr_asn1_octet
/*
* read an attribute of type octet string
*/
unsigned char *sigattr_octet(scep_t *scep, char *attrname, int *len) {
ASN1_OCTET_STRING *asn1;
unsigned char *data = NULL;
/* get the attribute as an ASN1_OCTET_STRING */
asn1 = sigattr_asn1_octet(scep, attrname);
if (asn1 == NULL)
return NULL;
if (debug)
BIO_printf(bio_err, "%s:%d: got an asn1 string for attribute\n",
__FILE__ , __LINE__);
/* unpack the ASN1_STRING into a C-String (0-terminated) */
*len = ASN1_STRING_length(asn1);
data = (unsigned char *)malloc(*len);
memcpy(data, ASN1_STRING_data(asn1), *len);
if (debug)
BIO_printf(bio_err, "%s:%d: allocated %d new bytes for value\n",
__FILE__, __LINE__, *len);
/* return the data */
return data;
}
开发者ID:xman1979,项目名称:openscep,代码行数:28,代码来源:sigattr.c
注:本文中的ASN1_STRING_data函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论