Particle Physics Group

Seminars

News

grst_x509.c File Reference


Functions

int GRSTx509KnownCriticalExts (X509 *cert)
 Check critical extensions. More...

time_t GRSTasn1TimeToTimeT (char *asn1time)
 ASN1 time string (in a char *) to time_t. More...

int GRSTx509IsCA (X509 *cert)
 Check if certificate can be used as a CA to sign standard X509 certs. More...

int GRSTx509CheckChain (X509_STORE_CTX *ctx)
 Check certificate chain for GSI proxy acceptability. More...

int GRSTx509VerifyCallback (int ok, X509_STORE_CTX *ctx)
 Example VerifyCallback routine. More...

int GRSTx509CheckVomsSig (unsigned char *sig, unsigned int siglen, unsigned char *data, unsigned int datalen, char *vomsdir, char *vo, char *vomsdn)
 Check VOMS signature. More...

int GRSTx509GetVomsCreds (int *lastcred, int maxcreds, size_t credlen, char *creds, X509 *cert, X509 *usercert)
 Get the VOMS attributes in the extensions to the given cert. More...

GRSTgaclCredGRSTx509CompactToCred (char *grst_cred)
 Turn a Compact Cred line into a GRSTgaclCred object. More...

int GRSTx509CompactCreds (int *lastcred, int maxcreds, size_t credlen, char *creds, STACK_OF(X509)*certstack)
 Get the credentials in an X509 cert/GSI proxy, including any VOMS. More...


Function Documentation

time_t GRSTasn1TimeToTimeT char *    asn1time
 

ASN1 time string (in a char *) to time_t.

(Use ASN1_STRING_data() to convert ASN1_GENERALIZEDTIME to char * if necessary)

int GRSTx509CheckChain X509_STORE_CTX *    ctx
 

Check certificate chain for GSI proxy acceptability.

Returns X509_V_OK/GRST_RET_OK if valid; OpenSSL X509 errors otherwise.

Adapted from GSIcheck written by Mike Jones, SVE, Manchester Computing, The University of Manchester.

The GridSite version handles old and new style Globus proxies, and proxies derived from user certificates issued with "X509v3 Basic Constraints: CA:FALSE" (eg UK e-Science CA)

TODO: we do not yet check ProxyCertInfo and ProxyCertPolicy extensions (although via GRSTx509KnownCriticalExts() we can accept them.) we do not yet check chain links between certs

int GRSTx509CheckVomsSig unsigned char *    sig,
unsigned int    siglen,
unsigned char *    data,
unsigned int    datalen,
char *    vomsdir,
char *    vo,
char *    vomsdn
 

Check VOMS signature.

Return GRST_RET_OK if signature starting at *sig matches *data and is from VOMS *vo; return GRST_RET_FAILED otherwise.

int GRSTx509CompactCreds int *    lastcred,
int    maxcreds,
size_t    credlen,
char *    creds,
STACK_OF(X509)*    certstack
 

Get the credentials in an X509 cert/GSI proxy, including any VOMS.

Credentials are placed in Compact Creds string array at *creds.

Function returns GRST_RET_OK on success, or GRST_RET_FAILED if some inconsistency found in certificate.

GRSTgaclCred* GRSTx509CompactToCred char *    grst_cred
 

Turn a Compact Cred line into a GRSTgaclCred object.

Returns pointer to created GRSTgaclCred or NULL or failure.

int GRSTx509GetVomsCreds int *    lastcred,
int    maxcreds,
size_t    credlen,
char *    creds,
X509 *    cert,
X509 *    usercert
 

Get the VOMS attributes in the extensions to the given cert.

int GRSTx509IsCA X509 *    cert
 

Check if certificate can be used as a CA to sign standard X509 certs.

int GRSTx509KnownCriticalExts X509 *    cert
 

Check critical extensions.

Returning GRST_RET_OK if all of extensions are known to us or OpenSSL; GRST_REF_FAILED otherwise.

Since this function relies on functionality (X509_supported_extension) introduced in 0.9.7, then we do nothing and report an error (GRST_RET_FAILED) if one of the associated defines (X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) is absent.

int GRSTx509VerifyCallback int    ok,
X509_STORE_CTX *    ctx
 

Example VerifyCallback routine.


Generated on Thu Nov 27 10:49:01 2003 by doxygen1.2.14 written by Dimitri van Heesch, © 1997-2002


Last modified Fri 28 November 2003 . View page history
Switch to HTTPS . Website Help . Print View . Built with GridSite 2.2.6

Top^