修改实体证书未匹配，显示问题

2019-08-26 17:03:04 +08:00
parent 8fa489316b
commit 9cf2e7be8f
1 changed files with 12 additions and 8 deletions
--- a/src/x509.c
+++ b/src/x509.c
@@ -64,7 +64,7 @@ static void help()
  printf("Welcome to x509 %s\n", "1.1.1");
  printf("x509 <-incert |-inkey | -incrl | -inlist> arg\n"
         "Usage:\n"
-         "  -incert     | input certificate file\n"
+         "  -incert     | input certificate file [url]\n"
         "  -inkey      | input private key file\n"
         "  -incrl      | input certificate revocation list\n"
         "  -inlist     | input certificate list file,format = pem\n"
@@ -511,7 +511,7 @@ int X509_check_valid_date(X509 *x509)
    return 0;
 }

-int x509_parse_cert(char *certfile)
+int x509_parse_cert(char *certfile, char *input_url)
 {
    int xret = -1;
    int informat = 0;
@@ -530,16 +530,19 @@ int x509_parse_cert(char *certfile)
 	constraints = x509_get_ExtBasicConstraints(x509);
    printf("Ca Constraints : %s\n", (constraints != NULL)?constraints: "NULL");
 	/*end-entity certificate san**/
-	if (STRSTR(constraints, "End Entity"))
+	if ((constraints != NULL && STRSTR(constraints, "End Entity")) ||
+		 constraints == NULL)
 	{
 		char *cn = x509_get_cn(x509);
-		if (!cn || X509_check_host(x509, cn, strlen(cn), 0, NULL) != 1)
+		if (!cn || X509_check_host(x509, cn, strlen(cn), 0, NULL) != 1 ||
+			input_url == NULL || X509_check_host(x509, input_url, strlen(input_url), 0, NULL) != 1)
 		{
-			printf("Match host name: %s\n", "ERR_CERT_COMMON_NAME_INVALID");
+			printf("Match host name: %s\n", "Matching failure");
 		}
 		kfree(cn);
 	}
-	kfree(constraints);
+	printf("Match host name: %s\n", "Successful matching");
+	if (constraints) kfree(constraints);
    if (informat == LOCAL_USER_P12 || informat == LOCAL_USER_PEN){
        if (stack_ca){
           printf("Chain Length   : %d\n", sk_X509_num(stack_ca) + 1);
@@ -726,6 +729,7 @@ decoder_argv_parser(int argc, char **argv, char **infile, char **infile2)
            if (--argc < 1)
                goto help;
            *infile = argv[i+1];
+			*infile2 = argv[i+2];
            iformat = INPUT_FILE_CERT;
            break;
        }
@@ -739,7 +743,7 @@ decoder_argv_parser(int argc, char **argv, char **infile, char **infile2)
        if (STRCMP(argv[i], "-inlist")== 0){
            if (--argc < 1)
                goto help;
-            *infile = argv[i+1];
+            *infile = argv[i+1];			
            iformat = INPUT_FILE_LIST;
            break;
        }
@@ -802,7 +806,7 @@ int x509_check_format(int argc, char **argv)
            x509_parse_key(infile);
            break;
        case INPUT_FILE_CERT:
-            x509_parse_cert(infile);
+            x509_parse_cert(infile, infile2);
            break;
        case INPUT_FILE_CRL:
            x509_parse_crl(infile);