Cryptography Reference
In-Depth Information
while ( ( ptr - buffer ) < pdu_length )
{
// TODO this won't work on a big-endian machine
certificate_length = ( *ptr << 16 ) | ( *( ptr + 1 ) << 8 ) |
( *( ptr + 2 ) );
ptr += 3;
init_x509_certificate( &certificate );
parse_x509_certificate( ( void * ) ptr, certificate_length, &certificate );
if ( !pos++ )
{
server_public_key->algorithm =
certificate.tbsCertificate.subjectPublicKeyInfo.algorithm;
switch ( server_public_key->algorithm )
{
case rsa:
server_public_key->rsa_public_key.modulus = ( huge * ) malloc( sizeof(
huge ) );
server_public_key->rsa_public_key.exponent = ( huge * ) malloc(
sizeof( huge ) );
set_huge( server_public_key->rsa_public_key.modulus, 0 );
set_huge( server_public_key->rsa_public_key.exponent, 0 );
copy_huge( server_public_key-> rsa_public_key.modulus,
certificate.tbsCertificate.subjectPublicKeyInfo.
rsa_public_key.modulus );
copy_huge( server_public_key-> rsa_public_key.exponent,
certificate.tbsCertificate.subjectPublicKeyInfo.
rsa_public_key.exponent );
break;
default:
break;
}
}
ptr += certificate_length;
// TODO compute the hash of the certificate so that it can be validated by
// the next one
free_x509_certificate( &certificate );
}
return ptr;
}
This blindly accepts whatever certifi cate is presented by the server. It doesn't
check the domain name parameter of the subject name, doesn't check to see
that it's signed by a trusted certifi cate authority, and doesn't even verify that the
Search WWH ::




Custom Search