Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)
blob_len(cobj->cert[CERT_ATTR_PAYLOAD]));
if (!containertb[CERT_CT_ATTR_PAYLOAD]) {
ret = 1;
blob_len(cobj->cert[CERT_ATTR_PAYLOAD]));
if (!containertb[CERT_CT_ATTR_PAYLOAD]) {
ret = 1;
- fprintf(stderr, "no ucert in signed payload\n");
+ if (!quiet)
+ fprintf(stderr, "no ucert in signed payload\n");
goto clean_and_return;
}
blobmsg_parse(cert_payload_policy,
goto clean_and_return;
}
blobmsg_parse(cert_payload_policy,
!payloadtb[CERT_PL_ATTR_EXPIRETIME] ||
!payloadtb[CERT_PL_ATTR_PUBKEY]) {
ret = 1;
!payloadtb[CERT_PL_ATTR_EXPIRETIME] ||
!payloadtb[CERT_PL_ATTR_PUBKEY]) {
ret = 1;
- fprintf(stderr, "missing mandatory ucert attributes\n");
+ if (!quiet)
+ fprintf(stderr, "missing mandatory ucert attributes\n");
goto clean_and_return;
}
certtype = blobmsg_get_u32(payloadtb[CERT_PL_ATTR_CERTTYPE]);
goto clean_and_return;
}
certtype = blobmsg_get_u32(payloadtb[CERT_PL_ATTR_CERTTYPE]);
if (certtype != CERTTYPE_AUTH) {
ret = 2;
if (certtype != CERTTYPE_AUTH) {
ret = 2;
- fprintf(stderr, "wrong certificate type\n");
+ if (!quiet)
+ fprintf(stderr, "wrong certificate type\n");
if (tv.tv_sec < validfrom ||
tv.tv_sec >= expiresat) {
ret = 3;
if (tv.tv_sec < validfrom ||
tv.tv_sec >= expiresat) {
ret = 3;
- fprintf(stderr, "certificate expired\n");
+ if (!quiet)
+ fprintf(stderr, "certificate expired\n");
pubkeydir, extsigfile, quiet);
unlink(extsigfile);
} else {
pubkeydir, extsigfile, quiet);
unlink(extsigfile);
} else {
- fprintf(stderr, "stray trailing signature without anything to verify!\n");
+ if (!quiet)
+ fprintf(stderr, "stray trailing signature without anything to verify!\n");
+ if (checkmsg == -1 && !quiet)
fprintf(stderr, "missing signature to verify message!\n");
clean_and_return:
fprintf(stderr, "missing signature to verify message!\n");
clean_and_return:
unsigned int count = 0;
if (cert_load(certfile, &certchain)) {
unsigned int count = 0;
if (cert_load(certfile, &certchain)) {
- fprintf(stderr, "cannot parse cert\n");
+ if (!quiet)
+ fprintf(stderr, "cannot parse cert\n");
return 1;
}
list_for_each_entry(cobj, &certchain, list) {
return 1;
}
list_for_each_entry(cobj, &certchain, list) {
- fprintf(stderr, "=== CHAIN ELEMENT %02u ===\n", ++count);
+ fprintf(stdout, "=== CHAIN ELEMENT %02u ===\n", ++count);
cert_dump_blob(cobj->cert);
cert_dump_blob(cobj->cert);
- fprintf(stderr, "========================\n");
char pkfp[17];
char tmpdir[] = "/tmp/ucert-XXXXXX";
char pkfp[17];
char tmpdir[] = "/tmp/ucert-XXXXXX";
- if (stat(certfile, &st) == 0) {
- fprintf(stderr, "certfile %s exists, won't overwrite.\n", certfile);
- return -1;
- }
-
pkf = fopen(pubkeyfile, "r");
if (!pkf)
return -1;
pkf = fopen(pubkeyfile, "r");
if (!pkf)
return -1;
blob_put(&certbuf, CERT_ATTR_SIGNATURE, sigb, siglen);
blob_put(&certbuf, CERT_ATTR_PAYLOAD, blob_data(payloadbuf.head), blob_len(payloadbuf.head));
snprintf(fname, sizeof(fname) - 1, "%s%s", certfile, revoker?".revoke":"");
blob_put(&certbuf, CERT_ATTR_SIGNATURE, sigb, siglen);
blob_put(&certbuf, CERT_ATTR_PAYLOAD, blob_data(payloadbuf.head), blob_len(payloadbuf.head));
snprintf(fname, sizeof(fname) - 1, "%s%s", certfile, revoker?".revoke":"");
- write_file(fname, certbuf.head, blob_raw_len(certbuf.head), false);
+ write_file(fname, certbuf.head, blob_raw_len(certbuf.head), true);
blob_buf_free(&certbuf);
blob_buf_free(&payloadbuf);
blob_buf_free(&certbuf);
blob_buf_free(&payloadbuf);
int ret;
if (cert_load(certfile, &certchain)) {
int ret;
if (cert_load(certfile, &certchain)) {
- fprintf(stderr, "cannot parse cert\n");
+ if (!quiet)
+ fprintf(stderr, "cannot parse cert\n");
return 1;
}
list_for_each_entry(cobj, &certchain, list) {
return 1;
}
list_for_each_entry(cobj, &certchain, list) {
- /* blob has payload, verify that using signature */
if (!cobj->cert[CERT_ATTR_PAYLOAD])
return 2;
if (!cobj->cert[CERT_ATTR_PAYLOAD])
return 2;
+
+ /* blob has payload, verify that using signature */
ret = cert_verify_blob(cobj->cert, NULL, pubkeydir);
if (ret)
return ret;
ret = cert_verify_blob(cobj->cert, NULL, pubkeydir);
if (ret)
return ret;
blob_data(cobj->cert[CERT_ATTR_PAYLOAD]),
blob_len(cobj->cert[CERT_ATTR_PAYLOAD]));
if (!containertb[CERT_CT_ATTR_PAYLOAD]) {
blob_data(cobj->cert[CERT_ATTR_PAYLOAD]),
blob_len(cobj->cert[CERT_ATTR_PAYLOAD]));
if (!containertb[CERT_CT_ATTR_PAYLOAD]) {
- fprintf(stderr, "no ucert in signed payload\n");
+ if (!quiet)
+ fprintf(stderr, "no ucert in signed payload\n");
if (!payloadtb[CERT_PL_ATTR_CERTTYPE] ||
!payloadtb[CERT_PL_ATTR_VALIDFROMTIME] ||
!payloadtb[CERT_PL_ATTR_KEY_FINGERPRINT]) {
if (!payloadtb[CERT_PL_ATTR_CERTTYPE] ||
!payloadtb[CERT_PL_ATTR_VALIDFROMTIME] ||
!payloadtb[CERT_PL_ATTR_KEY_FINGERPRINT]) {
- fprintf(stderr, "missing mandatory ucert attributes\n");
+ if (!quiet)
+ fprintf(stderr, "missing mandatory ucert attributes\n");
fingerprint = blobmsg_get_string(payloadtb[CERT_PL_ATTR_KEY_FINGERPRINT]);
if (certtype != CERTTYPE_REVOKE) {
fingerprint = blobmsg_get_string(payloadtb[CERT_PL_ATTR_KEY_FINGERPRINT]);
if (certtype != CERTTYPE_REVOKE) {
- fprintf(stderr, "wrong certificate type\n");
+ if (!quiet)
+ fprintf(stderr, "wrong certificate type\n");
static LIST_HEAD(certchain);
if (cert_load(certfile, &certchain)) {
static LIST_HEAD(certchain);
if (cert_load(certfile, &certchain)) {
- fprintf(stderr, "cannot parse cert\n");
+ if (!quiet)
+ fprintf(stderr, "cannot parse cert\n");
projects / oweals / ucert.git / commitdiff