Crypt-OpenSSL-Verify
view release on metacpan or search on metacpan
store = (X509_STORE *) mg->mg_ptr;
X509_STORE_set_flags(store, 0);
if (!X509_STORE_CTX_init(csc, store, x509, NULL)) {
X509_STORE_CTX_free(csc);
croak("store ctx init: %s", ssl_error());
}
RETVAL = X509_verify_cert(csc);
//if (hv_exists(self, "strict_certs", strlen("strict_certs"))) {
// svp = hv_fetch(self, "strict_certs", strlen("strict_certs"), 0);
// if (SvIOKp(*svp)) {
// strict_certs = SvIV(*svp);
// }
//}
//if (hv_exists(self, "trust_expired", strlen("trust_expired"))) {
// svp = hv_fetch(self, "trust_expired", strlen("trust_expired"), 0);
// if (SvIOKp(*svp)) {
// trust_options.trust_expired = SvIV(*svp);
// }
//}
//if (hv_exists(self, "trust_onelogin", strlen("trust_onelogin"))) {
// svp = hv_fetch(self, "trust_onelogin", strlen("trust_onelogin"), 0);
// if (SvIOKp(*svp)) {
// trust_options.trust_onelogin = SvIV(*svp);
// }
//}
//if (hv_exists(self, "trust_no_local", strlen("trust_no_local"))) {
// svp = hv_fetch(self, "trust_no_local", strlen("trust_no_local"), 0);
// if (SvIOKp(*svp)) {
// trust_options.trust_no_local = SvIV(*svp);
// }
//}
//
//This actually does not accomplish what we want as it essentially
//checks only the last certificate not the chain that might have
//acceptable errors. Original code considered errors on this last
//certificate as real errors.
//if ( !RETVAL && !strict_certs ) {
// int cb = verify_cb(&trust_options, RETVAL, csc);
// RETVAL = cb;
//}
if (!RETVAL) {
char *err_str = savepv(ctx_error(csc)); // Save error before freeing csc
X509_STORE_CTX_free(csc);
croak("verify: %s", err_str);
}
X509_STORE_CTX_free(csc);
OUTPUT:
RETVAL
#if OPENSSL_VERSION_NUMBER >= 10100
void __X509_cleanup(void)
PPCODE:
/* deinitialisation is done automatically */
#else
void __X509_cleanup(void)
PPCODE:
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_state(0);
EVP_cleanup();
#endif
( run in 3.215 seconds using v1.01-cache-2.11-cpan-71847e10f99 )