'grid-proxy-verify' utility

On this page you will find the 'grid-proxy-verify' utility, a command that I sometimes sorely miss in the Globus grid middleware toolkit.
This utility The source can be found here and can be compiled using
  gcc -o grid-proxy-verify grid-proxy-verify.c -lssl -lcrypto
or more generally
  gcc -o grid-proxy-verify grid-proxy-verify.c \
      -I<OPENSSL-INCLUDE> -L<OPENSSL-LIB> -lssl -lcrypto


Usage is as follows:
  # ./grid-proxy-verify --help
    grid-proxy-verify [-h|--help] [-d|--debug] [-q||--quiet] [-v|--version] [proxy]
  Repeat -d/--debug multiple times to get more debugging output.
  If no proxy is specified then /tmp/x509up_u`id -u` is used.
To verify the validity of the proxy a trusted CA directory is necessary. The 'grid-proxy-verify' tool tries these (in order):

Previous version

The previous version of this program, v1.17 is still available: grid-proxy-verify-1.17.c This version can be compiled and linked against OpenSSL 0.9.7, 0.9.8 and 1.0x.


1.0    Original version
1.3    Fix bug: limited proxies from limited proxies are allowed. 
       Regular proxies from limited proxies are not.
1.4    Check serial numbers for old style proxies.
1.5    Fix warning on expired proxies.
1.7    Fix for limited-proxies derived from old proxies on RHEL5.
1.11   valgrind+pedantic clean version; added --version option.
1.12   Fix invalid free if proxy is given on the command line
1.13   Added fix for hardwired certificate depth.
1.14   Fix bug where multiple sub-CAs are involved.
1.15   Addedwarning if the key strength < 512 bits.
1.16   Fix double free when input is garbage.
1.17   valgrind clean again; remove strcat/strcpy usage.
2.00   Update to support (only) OpenSSL 1.0.x and 1.1.x.
2.01   valgrind clean again; remove strcat/strcpy usage.

Version 2.00+ of this tool was tested on CentOS 6/7 64bit, Fedora Core 28 and Windows 7 using Cygwin.

Version 1.17 of this tool was tested on CentOS 3/4/5/6/7 32bit and 64bit, Fedora Core 5 and Windows XP using Cygwin. YMMV. Use at your own risk.

How to generate proxy certificates

The genproxy script can be used to generate a globus-style proxy. This script Usage is as follows:
  ./genproxy --help

  genproxy version 2.01
  This script will generate a GSI proxy credential pretty much like globus' grid-proxy-init
    [--help]          Displays usage.
    [--version]       Displays version.
    [--debug]         Enables extra debug output (you can specify it multiple times).
    [--quiet]         Quiet mode, minimal output.
    [--limited]       Creates a limited proxy.
    [--independent]   Creates a independent proxy.
    [--draft|--gt3]   Creates a draft (GSI-3) proxy.
    [--old]           Creates a legacy proxy.
    [--rfc]           Creates a RFC3820 compliant proxy (default).
    [--days=N]        Number of days the proxy is valid (default=1).
    [--path-length=N] Allow a chain of at most N proxies to be generated
                      from this one (default=2).
    [--bits=N]        Number of bits in key (512, 1024, 2048, default=1024).
    [--shaNUM]        SHA hashing strength to use (default=sha256).
    [--cert=certfile] Non-standard location of user certificate or PKCS#12 file.
    [--key=keyfile]   Non-standard location of user key.
    [--out=proxyfile] Non-standard location of new proxy cert.

This script was tested on CentOS 6 and 7, Fedora Core 20 and Windows XP+7 using Cygwin. YMMV. Use at your own risk.

Share and enjoy....
Comments to Jan Just Keijser