c++ openssl 验证 ssl 证书并读取其中的字段

来源：chatGPT

#include <iostream>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/x509_vfy.h>

bool verifyCertificate(X509* cert, X509_STORE* caStore) {
    X509_STORE_CTX* ctx = X509_STORE_CTX_new();
    if (!ctx) {
        std::cerr << "Failed to create X509_STORE_CTX" << std::endl;
        return false;
    }

    if (X509_STORE_CTX_init(ctx, caStore, cert, nullptr) != 1) {
        std::cerr << "Failed to initialize X509_STORE_CTX" << std::endl;
        X509_STORE_CTX_free(ctx);
        return false;
    }

    if (X509_verify_cert(ctx) != 1) {
        std::cerr << "Certificate verification failed" << std::endl;
        X509_STORE_CTX_free(ctx);
        return false;
    }

    X509_STORE_CTX_free(ctx);
    return true;
}

std::string getCommonName(X509* cert) {
    X509_NAME* subject = X509_get_subject_name(cert);
    if (subject) {
        int index = X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
        if (index != -1) {
            X509_NAME_ENTRY* entry = X509_NAME_get_entry(subject, index);
            if (entry) {
                ASN1_STRING* cn = X509_NAME_ENTRY_get_data(entry);
                if (cn) {
                    return std::string(reinterpret_cast<const char*>(ASN1_STRING_get0_data(cn)), ASN1_STRING_length(cn));
                }
            }
        }
    }
    return "";
}

int main() {
    std::string caCertPath = "path/to/ca/cert.pem";
    std::string sslCertPath = "path/to/ssl/cert.pem";

    // Load CA certificate
    X509_STORE* caStore = X509_STORE_new();
    if (!caStore) {
        std::cerr << "Failed to create X509_STORE" << std::endl;
        return 1;
    }

    if (X509_STORE_load_locations(caStore, caCertPath.c_str(), nullptr) != 1) {
        std::cerr << "Failed to load CA certificate" << std::endl;
        X509_STORE_free(caStore);
        return 1;
    }

    // Load SSL certificate
    FILE* sslCertFile = fopen(sslCertPath.c_str(), "r");
    if (!sslCertFile) {
        std::cerr << "Failed to open SSL certificate file" << std::endl;
        X509_STORE_free(caStore);
        return 1;
    }

    X509* sslCert = PEM_read_X509(sslCertFile, nullptr, nullptr, nullptr);
    fclose(sslCertFile);
    if (!sslCert) {
        std::cerr << "Failed to read SSL certificate" << std::endl;
        X509_STORE_free(caStore);
        return 1;
    }

    // Verify SSL certificate using CA public key
    if (verifyCertificate(sslCert, caStore)) {
        // Get the common name (CN) field from the SSL certificate
        std::string commonName = getCommonName(sslCert);
        if (!commonName.empty()) {
            std::cout << "Common Name (CN): " << commonName << std::endl;
        } else {
            std::cerr << "Failed to retrieve Common Name (CN)" << std::endl;
        }
    } else {
        std::cerr << "SSL certificate verification failed" << std::endl;
    }

    // Cleanup resources
    X509_free(sslCert);
    X509_STORE_free(caStore);

    return 0;
}