gfwleak/tango-certstore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改实体证书未匹配,显示问题

Browse Source
This commit is contained in:
fengweihao
2019-08-26 17:03:04 +08:00
parent 8fa489316b
commit 9cf2e7be8f
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/x509.c
View File

@@ -64,7 +64,7 @@ static void help()
printf("Welcome to x509 %s\n", "1.1.1"); printf("Welcome to x509 %s\n", "1.1.1");
printf("x509 <-incert |-inkey | -incrl | -inlist> arg\n" printf("x509 <-incert |-inkey | -incrl | -inlist> arg\n"
"Usage:\n" "Usage:\n"
" -incert | input certificate file\n" " -incert | input certificate file [url]\n"
" -inkey | input private key file\n" " -inkey | input private key file\n"
" -incrl | input certificate revocation list\n" " -incrl | input certificate revocation list\n"
" -inlist | input certificate list file,format = pem\n" " -inlist | input certificate list file,format = pem\n"
@@ -511,7 +511,7 @@ int X509_check_valid_date(X509 *x509)
return 0; return 0;
} }
int x509_parse_cert(char *certfile) int x509_parse_cert(char *certfile, char *input_url)
{ {
int xret = -1; int xret = -1;
int informat = 0; int informat = 0;
@@ -530,16 +530,19 @@ int x509_parse_cert(char *certfile)
constraints = x509_get_ExtBasicConstraints(x509); constraints = x509_get_ExtBasicConstraints(x509);
printf("Ca Constraints : %s\n", (constraints != NULL)?constraints: "NULL"); printf("Ca Constraints : %s\n", (constraints != NULL)?constraints: "NULL");
/*end-entity certificate san**/ /*end-entity certificate san**/
if (STRSTR(constraints, "End Entity")) if ((constraints != NULL && STRSTR(constraints, "End Entity")) ||
constraints == NULL)
{ {
char *cn = x509_get_cn(x509); char *cn = x509_get_cn(x509);
if (!cn || X509_check_host(x509, cn, strlen(cn), 0, NULL) != 1) if (!cn || X509_check_host(x509, cn, strlen(cn), 0, NULL) != 1 ||
input_url == NULL || X509_check_host(x509, input_url, strlen(input_url), 0, NULL) != 1)
{ {
printf("Match host name: %s\n", "ERR_CERT_COMMON_NAME_INVALID"); printf("Match host name: %s\n", "Matching failure");
} }
kfree(cn); kfree(cn);
} }
kfree(constraints); printf("Match host name: %s\n", "Successful matching");
if (constraints) kfree(constraints);
if (informat == LOCAL_USER_P12 || informat == LOCAL_USER_PEN){ if (informat == LOCAL_USER_P12 || informat == LOCAL_USER_PEN){
if (stack_ca){ if (stack_ca){
printf("Chain Length : %d\n", sk_X509_num(stack_ca) + 1); printf("Chain Length : %d\n", sk_X509_num(stack_ca) + 1);
@@ -726,6 +729,7 @@ decoder_argv_parser(int argc, char **argv, char **infile, char **infile2)
if (--argc < 1) if (--argc < 1)
goto help; goto help;
*infile = argv[i+1]; *infile = argv[i+1];
*infile2 = argv[i+2];
iformat = INPUT_FILE_CERT; iformat = INPUT_FILE_CERT;
break; break;
} }
@@ -739,7 +743,7 @@ decoder_argv_parser(int argc, char **argv, char **infile, char **infile2)
if (STRCMP(argv[i], "-inlist")== 0){ if (STRCMP(argv[i], "-inlist")== 0){
if (--argc < 1) if (--argc < 1)
goto help; goto help;
*infile = argv[i+1]; *infile = argv[i+1];
iformat = INPUT_FILE_LIST; iformat = INPUT_FILE_LIST;
break; break;
} }
@@ -802,7 +806,7 @@ int x509_check_format(int argc, char **argv)
x509_parse_key(infile); x509_parse_key(infile);
break; break;
case INPUT_FILE_CERT: case INPUT_FILE_CERT:
x509_parse_cert(infile); x509_parse_cert(infile, infile2);
break; break;
case INPUT_FILE_CRL: case INPUT_FILE_CRL:
x509_parse_crl(infile); x509_parse_crl(infile);