view release on metacpan or  search on metacpan

VerifyX509.xs  view on Meta::CPAN

  /* load CA file given */
  lookup = X509_STORE_add_lookup(RETVAL, X509_LOOKUP_file());
  if (lookup == NULL)
    croak("failure to add file lookup to store: %s", ssl_error());

  cafile = SvPV(cafile_str, len);
  i = X509_LOOKUP_load_file(lookup, cafile, X509_FILETYPE_PEM);

  if (!i)
    croak("load CA cert: %s", ssl_error());

  /* default hash_dir lookup */
  lookup = X509_STORE_add_lookup(RETVAL,X509_LOOKUP_hash_dir());
  if (lookup == NULL)
    croak("failure to add hash_dir lookup to store: %s", ssl_error());

  X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);

  ERR_clear_error();

  OUTPUT:
  RETVAL

int
verify(store, x509)
  Crypt::OpenSSL::VerifyX509 store;
  Crypt::OpenSSL::X509 x509;

  PREINIT:

  X509_STORE_CTX *csc;

  CODE:

  if (x509 == NULL)
    croak("no cert to verify");

  csc = X509_STORE_CTX_new();
  if (csc == NULL)
    croak("csc new: %s", ssl_error());

  X509_STORE_set_flags(store, 0);

  if (!X509_STORE_CTX_init(csc,store,x509,NULL))
    croak("store ctx init: %s", ssl_error());

  RETVAL = X509_verify_cert(csc);

  if (!RETVAL)
    croak("verify: %s", ctx_error(csc));

  X509_STORE_CTX_free(csc);

  OUTPUT:
  RETVAL

void
DESTROY(store)
  Crypt::OpenSSL::VerifyX509 store;

  PPCODE:

  if (store) X509_STORE_free(store); store = 0;


#if OPENSSL_API_COMPAT >= 0x10100000L
void
__X509_cleanup(void)
  PPCODE:

  /* deinitialisation is done automatically */

#else
void
__X509_cleanup(void)
  PPCODE:

  CRYPTO_cleanup_all_ex_data();
  ERR_free_strings();
  ERR_remove_state(0);
  EVP_cleanup();

#endif