- Library Dependency
- libssl-dev
- CertVerifier
- usage with a binary file:
./CertVerifier [-p openssl trusted directory] <certificate payload> - usage with an integrated function:
int verify(unsigned char *, unsigned long, const char*)- parameters:
- payload of the tls certificate packet (only the payload of the tls handshake certificate but ot the entire handshake)
- length of the payload(bytes)
- openssl trusted directory
- parameters:
- Compilation command
gcc -o CertVerifier CertVerifier.c -lssl -lcrypto - More details are in the comment section of the code.
- usage with a binary file:
- Openssl
- How to get openssl trusted directory?
openssl version -d - How to add self-signed CA to the trusted directory?
- make sure the file is a crt file
- copy self-signed CA to /usr/local/share/ca-certificates/
- update the trusted directory (If the verify function is integrated, it should be reinitialized)
sudo update-ca-certificates
- How to get openssl trusted directory?
- Examples
- Success Case: Verifying the certificate of e3.nycu.edu.tw:443 (Certificate payload: cert1.bin)
The verification result is expected to be the same as the following openssl command. --> Verification success
./CertVerifier -p /etc/ssl/certs ./keys/cert1.binopenssl s_client -connect e3.nycu.edu.tw:443 -tls1_2 - Failure Case: Verifying a self-signed certificate (Certificate payload: cert2.bin)
Verification result --> Failure: Unable to get local issuer certificate
./CertVerifier -p /etc/ssl/certs ./keys/cert2.bin
- Success Case: Verifying the certificate of e3.nycu.edu.tw:443 (Certificate payload: cert1.bin)
-
Notifications
You must be signed in to change notification settings - Fork 0
KWChen1997/CertVerifier
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published