Add verify() to CertificateChain.

author: Carl Hetherington <cth@carlh.net> 2014-07-17 15:04:11 +0100
committer: Carl Hetherington <cth@carlh.net> 2014-07-17 15:04:11 +0100
commit: a0c90120cb62cfbaf32eb32a7cb09891cb7c539a (patch)
tree: 5d4207e79953610e42c9a61ad1fb4a6a6a33e3db /src/certificates.cc
parent: 194f38bccf78e51de0a35367590c2133bb093020 (diff)
1 files changed, 49 insertions, 0 deletions
diff --git a/src/certificates.cc b/src/certificates.cc
index 0a0393c6..b6e45c0e 100644
--- a/src/certificates.cc
+++ b/src/certificates.cc
@@ -324,3 +324,52 @@ CertificateChain::add (shared_ptr<Certificate> c)
 {
 	_certificates.push_back (c);
 }
+
+/** Verify the chain.
+ *  @return true if it's ok, false if not.
+ */
+bool
+CertificateChain::verify () const
+{
+	X509_STORE* store = X509_STORE_new ();
+	if (!store) {
+		return false;
+	}
+	
+	for (list<shared_ptr<Certificate> >::const_iterator i = _certificates.begin(); i != _certificates.end(); ++i) {
+		list<shared_ptr<Certificate> >::const_iterator j = i;
+		++j;
+		if (j ==  _certificates.end ()) {
+			break;
+		}
+
+		if (!X509_STORE_add_cert (store, (*i)->x509 ())) {
+			X509_STORE_free (store);
+			return false;
+		}
+
+		X509_STORE_CTX* ctx = X509_STORE_CTX_new ();
+		if (!ctx) {
+			X509_STORE_free (store);
+			return false;
+		}
+
+		X509_STORE_set_flags (store, 0);
+		if (!X509_STORE_CTX_init (ctx, store, (*j)->x509 (), 0)) {
+			X509_STORE_CTX_free (ctx);
+			X509_STORE_free (store);
+			return false;
+		}
+
+		int v = X509_verify_cert (ctx);
+		X509_STORE_CTX_free (ctx);
+
+		if (v == 0) {
+			X509_STORE_free (store);
+			return false;
+		}
+	}
+
+	X509_STORE_free (store);
+	return true;
+}
author	Carl Hetherington <cth@carlh.net>	2014-07-17 15:04:11 +0100
committer	Carl Hetherington <cth@carlh.net>	2014-07-17 15:04:11 +0100
commit	a0c90120cb62cfbaf32eb32a7cb09891cb7c539a (patch)
tree	5d4207e79953610e42c9a61ad1fb4a6a6a33e3db /src/certificates.cc
parent	194f38bccf78e51de0a35367590c2133bb093020 (diff)