generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial OCSP certificate verify. Not complete,

Browse Source 
it just supports a "trusted OCSP global root CA".
This commit is contained in:
Dr. Stephen Henson
2001-01-17 01:31:34 +00:00
parent a068630a20
commit 81f169e95c
13 changed files with 204 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
apps/apps.c
View File

@@ -837,3 +837,32 @@ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
}
}
X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
{
X509_STORE *store;
X509_LOOKUP *lookup;
if(!(store = X509_STORE_new())) goto end;
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
if (lookup == NULL) goto end;
if (CAfile) {
if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
BIO_printf(bp, "Error loading file %s\n", CAfile);
goto end;
}
} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
if (lookup == NULL) goto end;
if (CApath) {
if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
BIO_printf(bp, "Error loading directory %s\n", CApath);
goto end;
}
} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
ERR_clear_error();
return store;
end:
X509_STORE_free(store);
return NULL;
}