Logo Search packages:      
Sourcecode: pam-pkcs11 version File versions  Download package

CERTVFY_EXTERN int verify_certificate ( X509 *  x509,
cert_policy *  policy 
)

Verify provided certificate, and if needed, CRL

Parameters:
x509 Certificate to check
ca_dir HashDir to retrieve CA Certificates
crl_dir HashDir to retrieve CRL's
policy CRL verify policy
Returns:
1 on cert vfy sucess, 0 on fail, -1 on process error

Definition at line 396 of file cert_vfy.c.

References CRLP_NONE.

{
  int rv;
  X509_STORE *store;
  X509_STORE_CTX *ctx;

  /* if neither ca nor crl check are requested skip */
  if ( (policy->ca_policy==0) && (policy->crl_policy==CRLP_NONE) ) {
      DBG("Neither CA nor CRL check requested. CertVrfy() skipped");
      return 1;
  }

  /* setup the x509 store to verify the certificate */
  store = setup_store(policy);
  if (store == NULL) {
    set_error("setup_store() failed: %s", ERR_error_string(ERR_get_error(), NULL));
    return -1;
  }

  ctx = X509_STORE_CTX_new();
  if (ctx == NULL) {
    X509_STORE_free(store);
    set_error("X509_STORE_CTX_new() failed: %s", ERR_error_string(ERR_get_error(), NULL));
    return -1;
  }
  X509_STORE_CTX_init(ctx, store, x509, NULL);
#if 0
  X509_STORE_CTX_set_purpose(ctx, purpose);
#endif
  if (policy->ca_policy) {
  rv = X509_verify_cert(ctx);
  if (rv != 1) {
    X509_STORE_CTX_free(ctx);
    X509_STORE_free(store); 
    set_error("certificate is invalid: %s", X509_verify_cert_error_string(ctx->error));
    return 0;  
  } else {
    DBG("certificate is valid");
  }
  }

  /* verify whether the certificate was revoked or not */
  rv = check_for_revocation(x509, ctx, policy->crl_policy);
  X509_STORE_CTX_free(ctx);
  X509_STORE_free(store);
  if (rv < 0) {
    set_error("check_for_revocation() failed: %s", get_error());
    return -1;
  } else if (rv == 0) {
    DBG("certificate has been revoked");
  } else {
    DBG("certificate has not been revoked");
  }
  return rv;
}


Generated by  Doxygen 1.6.0   Back to index