diff options
| author |  CodaFi <devteam.codafi@gmail.com> | 2014-03-02 23:12:14 -0700 |
|---|---|---|
| committer | CodaFi <devteam.codafi@gmail.com> | 2014-03-02 23:12:14 -0700 |
| commit | cfaa9a87fb1f28155a44bf4ba21912c254819ec9 (patch) | |
| tree | 9c9caf473fff0a3d8306ff06d2d9ff4faf17b089 /src/core/security | |
| parent | d163dd7b7b8798bad139a1c980f905c976e8bb99 (diff) | |
Cert Check
Diffstat (limited to 'src/core/security')
| -rw-r--r-- | src/core/security/MCCertificateUtils.cc | 66 |
1 files changed, 63 insertions, 3 deletions
diff --git a/src/core/security/MCCertificateUtils.cc b/src/core/security/MCCertificateUtils.cc index 00f4ed9e..de8bfe72 100644 --- a/src/core/security/MCCertificateUtils.cc +++ b/src/core/security/MCCertificateUtils.cc @@ -11,6 +11,10 @@ #if __APPLE__ #include <CoreFoundation/CoreFoundation.h> #include <Security/Security.h> +#else +#include <openssl/bio.h> +#include <openssl/x509.h> +#include <openssl/pem.h> #endif #include "MCLog.h" @@ -78,8 +82,64 @@ free_certs: err: return result; #else - //TODO check certificate - // for other platforms too. - return true; + bool result = false; + X509 *fCert = NULL; + MMAPString *fstr = NULL; + BIO *fBio = NULL; + X509_STORE *store = NULL; + X509_STORE_CTX *storectx = NULL; + STACK *certificates = NULL; + + carray * cCerts = mailstream_get_certificate_chain(stream); + if (cCerts == NULL) { + fprintf(stderr, "warning: No certificate chain retrieved"); + goto free_certs; + } + + store = X509_STORE_new(); + if (store == NULL) { + goto free_certs; + } + + X509_STORE_set_default_paths(store); + + storectx = X509_STORE_CTX_new(); + if (storectx == NULL) { + goto free_certs; + } + + fstr = (MMAPString *) carray_get(cCerts, 0); + fBio = BIO_new_mem_buf((void *) fstr->str, strlen(fstr->str)); + fCert = PEM_read_bio_X509(fBio, NULL, 0, NULL); + if (fCert == NULL) { + goto free_certs; + } + + certificates = (STACK *)sk_new(NULL); + for(unsigned int i = 1 ; i < carray_count(cCerts) ; i ++) { + MMAPString * str; + str = (MMAPString *) carray_get(cCerts, i); + BIO *bio = BIO_new_mem_buf((void *) fstr->str, fstr->len); + X509 *certificate = PEM_read_bio_X509(bio, NULL, 0, NULL); + sk_X509_push((STACK_OF(X509) *) certificates, certificate); + BIO_free(bio); + } + + if (X509_STORE_CTX_init(storectx, store, fCert, certificates) != 1) { + goto free_certs; + } + + result = X509_verify_cert(storectx); + + free_certs: + X509_STORE_free(store); + X509_STORE_CTX_free(storectx); + mailstream_certificate_chain_free(cCerts); + sk_X509_free((STACK_OF(X509) *) certificates); + X509_free(fCert); + BIO_free(fBio); + err: + return result; #endif + return true; } |