The Http://www.cnblogs.com/wobash/archive/2009/12/29/1635246.html project encountered the problem of using OpenSSL to verify the certificate chain, looking for a long time on the internet, and found that there was very little information Through multi-party efforts, finally realized the basic function, in order to give you a reference, I realized a certificate chain of the class, for reference, because I am also just contact OpenSSL, if there is not correct place, please a lot of guidance/************************* //* VerifyDCChain.h *//******************************************* /#ifndef verifydcchain_h_ #define Verifydcchain_h_ #include #include #include #include # Include #include #include #include using namespace std; Class Verifydcchain {public:verifydcchain (); ~verifydcchain ();/* Initialize certificate chain stack M_chain * @param [in] certchains the number of individual certificate filenames in the certificate chain Group * @param [in] number of certificates in the NUM certificate chain */int Init (const string* certchains, const int num); /* * Verify the leaf certificate with the given certificate chain * @param [in] certfile the leaf certificate file name that needs to be validated */int Verify (const char* certfile); Private:/* * Load Certificate file * @param [in] certfile the name of the certificate that needs to be loaded */x509* load_certfile (const char* certfile); private:x509* m_leaf; Stack_of (X509) * m_chain; }; #endif/**************************************//* VerifyDCChain.cpp *//****************************************************** /#include "VerifyDCChain.h" Verifydcchain::verifydcchain (): M_leaf (null), M_chain (null) {Crypto_ Malloc_init (); Openssl_add_all_algorithms (); } verifydcchain::~verifydcchain () {if (m_leaf! = NULL) {x509_free (m_leaf);} if (M_chain!=null) {sk_x509_free (m_chain); }} int Verifydcchain::init (const string* certchains, const int num) {int ret = 0; x509* temp = new X509; M_chain = Sk_x509_new_null (); Note that the order of the certificates in the certificate chain is not loaded here because//the certificates in the certificate chain are sorted in the X509_verify_cert () function for (int i = 0; i < num; i++) {temp = Load_certfi Le (Certchains[i].c_str ()); Sk_x509_push (M_chain, temp); } return 1; } int verifydcchain::verify (const char* certfile) {int ret = 0; X509_store *store=null; X509_store_ctx CTX; M_leaf = new X509 (); Create X509_store objects to store certificates, revocation lists, etc. store=x509_store_new (); Load Leaf Certificate M_leaf = load_certfile (CertFile); Set the validation token to verify that those items x509_v_flag_crl_check_all indicate all validation X509_store_set_flags (Store,x509_v_flag_crl_check_all); Initialize CTX This class is called the context this class collects the necessary information data can be verified//here X509_store_ctx_init the last parameter is NULL, indicating that the certificate revocation List cpl if (!) is not loaded. X509_store_ctx_init (&ctx,store, M_leaf,null)) {ret = 0; goto end;} if (M_chain = = NULL) {cout<< "Load certificate chain failed!/n" < ; using namespace Std; void Main (void) {Verifydcchain m_check;//Note the order in which the certificate file names are loaded in the certificate chain is not required,//because the//certificates in the certificate chain are sorted in the X509_verify_cert () function string CE Rtchains[4] = {"5.crt", "4.crt", "3.crt", "2.CRT"}; M_check. Init (Certchains, 4); if (1 = = M_check.verify ("1.CRT")) {cout<< "ok!" <
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.