| Paul Bakker | 4593aea | 2009-02-09 22:32:35 +0000 | [diff] [blame] | 1 | /* |
| 2 | * SSL certificate functionality tests |
| 3 | * |
| 4 | * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU General Public License as published by |
| 8 | * the Free Software Foundation; either version 2 of the License, or |
| 9 | * (at your option) any later version. |
| 10 | * |
| 11 | * This program is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | * GNU General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU General Public License along |
| 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 19 | */ |
| 20 | |
| 21 | #ifndef _CRT_SECURE_NO_DEPRECATE |
| 22 | #define _CRT_SECURE_NO_DEPRECATE 1 |
| 23 | #endif |
| 24 | |
| 25 | #include <string.h> |
| 26 | #include <stdio.h> |
| 27 | |
| 28 | #include "polarssl/certs.h" |
| 29 | #include "polarssl/x509.h" |
| 30 | |
| 31 | #define MAX_CLIENT_CERTS 6 |
| 32 | |
| 33 | char *client_certificates[MAX_CLIENT_CERTS] = |
| 34 | { |
| 35 | "client1.crt", |
| 36 | "client2.crt", |
| 37 | "cert_sha224.crt", |
| 38 | "cert_sha256.crt", |
| 39 | "cert_sha384.crt", |
| 40 | "cert_sha512.crt" |
| 41 | }; |
| 42 | |
| 43 | int main( void ) |
| 44 | { |
| 45 | int ret, i; |
| 46 | x509_cert cacert, clicert; |
| 47 | |
| 48 | /* |
| 49 | * 1.1. Load the trusted CA |
| 50 | */ |
| 51 | printf( "\n . Loading the CA root certificate ..." ); |
| 52 | fflush( stdout ); |
| 53 | |
| 54 | memset( &cacert, 0, sizeof( x509_cert ) ); |
| 55 | |
| 56 | /* |
| 57 | * Alternatively, you may load the CA certificates from a .pem or |
| 58 | * .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ). |
| 59 | */ |
| 60 | ret = x509parse_crtfile( &cacert, "ssl/test-ca/test-ca.crt" ); |
| 61 | if( ret != 0 ) |
| 62 | { |
| 63 | printf( " failed\n ! x509parse_crtfile returned %d\n\n", ret ); |
| 64 | goto exit; |
| 65 | } |
| 66 | |
| 67 | printf( " ok\n" ); |
| 68 | |
| 69 | for( i = 0; i < MAX_CLIENT_CERTS; i++ ) |
| 70 | { |
| 71 | /* |
| 72 | * 1.2. Load own certificate and private key |
| 73 | */ |
| 74 | char name[512]; |
| 75 | snprintf(name, 512, "ssl/test-ca/%s", client_certificates[i]); |
| 76 | |
| 77 | printf( " . Loading the client certificatei %s...", name ); |
| 78 | fflush( stdout ); |
| 79 | |
| 80 | memset( &clicert, 0, sizeof( x509_cert ) ); |
| 81 | |
| 82 | ret = x509parse_crtfile( &clicert, name ); |
| 83 | if( ret != 0 ) |
| 84 | { |
| 85 | printf( " failed\n ! x509parse_crt returned %d\n\n", ret ); |
| 86 | goto exit; |
| 87 | } |
| 88 | |
| 89 | printf( " ok\n" ); |
| 90 | |
| 91 | /* |
| 92 | * 1.3. Verify certificate validity |
| 93 | */ |
| 94 | printf( " . Verify the client certificate..." ); |
| 95 | fflush( stdout ); |
| 96 | |
| 97 | int flags; |
| 98 | |
| 99 | ret = x509parse_verify( &clicert, &cacert, NULL, &flags ); |
| 100 | if( ret != 0 ) |
| 101 | { |
| 102 | printf( " failed\n ! x509parse_verify returned %d\n\n", ret ); |
| 103 | goto exit; |
| 104 | } |
| 105 | |
| 106 | printf( " ok\n" ); |
| 107 | } |
| 108 | |
| 109 | exit: |
| 110 | x509_free( &clicert ); |
| 111 | x509_free( &cacert ); |
| 112 | |
| 113 | #ifdef WIN32 |
| 114 | printf( " + Press Enter to exit this program.\n" ); |
| 115 | fflush( stdout ); getchar(); |
| 116 | #endif |
| 117 | |
| 118 | return( ret ); |
| 119 | } |