Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>As others mentioned, you can use <code>openssl verify</code>. According to the <a href="http://www.openssl.org/docs/apps/verify.html#VERIFY_OPERATION" rel="noreferrer">documentation</a>, it also checks the validity period.</p> <p>Programmatically, it could mean hours of searching for kinda bad (or missing) documentation, reading code examples all over the web, and probably a headache.</p> <p>To properly validate a certificate, you need to inform all the intermediate certificates. Normally you'd also inform the revocation list (CRL), but it's not required.</p> <p>So, here's what you need to do in terms of code (OpenSSL):</p> <ol> <li><code>X509_STORE_new</code> - Create a certificate store;</li> <li><code>X509_STORE_CTX_new</code> - Create a store context;</li> <li><code>X509_STORE_add_cert</code> - Add the CA (and all intermediary) certificate(s) to the trusted list of your certificate store (note: there's a function to lookup/load a list);</li> <li><code>X509_STORE_add_crl</code> - Add the revoked certificates to the CRL of your certificate store (note: same as above);</li> <li><code>X509_STORE_CTX_init</code> - Initialize your store context informing your certificate store;</li> <li><code>X509_STORE_CTX_set_purpose</code> - Define the purpose if you need so;</li> <li><code>X509_STORE_CTX_set_cert</code>- Tell the context which certificate you're going to validate;</li> <li><code>X509_verify_cert</code> - Finally, validate it;</li> <li><code>X509_STORE_CTX_cleanup</code> - If you want to reuse the context to validate another certificate, you clean it up and jump back to (5);</li> <li>Last but not least, deallocate (1) and (2);</li> </ol> <p>Alternatively, a quick validation can be done with <code>X509_verify</code>. However, be aware that it compares signatures solely.</p> <p>When I needed it, took me a day of searching, reading and testing. Then I figured out everything I needed was right in the OpenSSL source-code. So, if you need an example, go straight to <em>openssl-xxx/apps/verify.c</em>.</p> <p><strong>IMPORTANT:</strong> NEVER use MD5. To understand the reason, read <a href="http://www.phreedom.org/research/rogue-ca/" rel="noreferrer">Creating a rogue CA certificate</a>.</p>
    singulars
    1. This table or related slice is empty.
    1. POvalidating X.509 certificate on linux
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USjweyrich
    1. USjweyrich
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COcan you tell me how to use lookup/load list
      singulars
      1. PO
      1. USBalamurugan
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload