diff options
| author | beck <> | 2015-09-13 10:32:46 +0000 |
|---|---|---|
| committer | beck <> | 2015-09-13 10:32:46 +0000 |
| commit | df0931f786c1fc48e0afbcb8af46540728db3397 (patch) | |
| tree | aab2e062ca9f5654643e90c10a858b88227429bb | |
| parent | 83f57d181d785f30f940e80aab02506a0ccdffb8 (diff) | |
| download | openbsd-df0931f786c1fc48e0afbcb8af46540728db3397.tar.gz openbsd-df0931f786c1fc48e0afbcb8af46540728db3397.tar.bz2 openbsd-df0931f786c1fc48e0afbcb8af46540728db3397.zip | |
add visibility of ciper and connection version strings
ok jsing@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libtls/tls.h | 4 | ||||
| -rw-r--r-- | src/lib/libtls/tls_conninfo.c | 28 | ||||
| -rw-r--r-- | src/lib/libtls/tls_init.3 | 26 | ||||
| -rw-r--r-- | src/lib/libtls/tls_internal.h | 4 |
4 files changed, 56 insertions, 6 deletions
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h index 2f91ea68ba..442fe35064 100644 --- a/src/lib/libtls/tls.h +++ b/src/lib/libtls/tls.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.h,v 1.22 2015/09/12 21:00:38 beck Exp $ */ | 1 | /* $OpenBSD: tls.h,v 1.23 2015/09/13 10:32:46 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -105,6 +105,8 @@ int tls_peer_cert_contains_name(struct tls *ctx, const char *name); | |||
| 105 | const char * tls_peer_cert_hash(struct tls *_ctx); | 105 | const char * tls_peer_cert_hash(struct tls *_ctx); |
| 106 | const char * tls_peer_cert_issuer(struct tls *ctx); | 106 | const char * tls_peer_cert_issuer(struct tls *ctx); |
| 107 | const char * tls_peer_cert_subject(struct tls *ctx); | 107 | const char * tls_peer_cert_subject(struct tls *ctx); |
| 108 | const char * tls_conn_version(struct tls *ctx); | ||
| 109 | const char * tls_conn_cipher(struct tls *ctx); | ||
| 108 | 110 | ||
| 109 | uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password); | 111 | uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password); |
| 110 | 112 | ||
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c index 267a8747c9..0c99741b63 100644 --- a/src/lib/libtls/tls_conninfo.c +++ b/src/lib/libtls/tls_conninfo.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_conninfo.c,v 1.1 2015/09/12 21:00:38 beck Exp $ */ | 1 | /* $OpenBSD: tls_conninfo.c,v 1.2 2015/09/13 10:32:46 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2015 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2015 Bob Beck <beck@openbsd.org> |
| @@ -130,6 +130,12 @@ tls_get_conninfo(struct tls *ctx) { | |||
| 130 | goto err; | 130 | goto err; |
| 131 | if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1) | 131 | if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1) |
| 132 | goto err; | 132 | goto err; |
| 133 | ctx->conninfo->version = strdup(SSL_get_version(ctx->ssl_conn)); | ||
| 134 | if (ctx->conninfo->version == NULL) | ||
| 135 | goto err; | ||
| 136 | ctx->conninfo->cipher = strdup(SSL_get_cipher(ctx->ssl_conn)); | ||
| 137 | if (ctx->conninfo->cipher == NULL) | ||
| 138 | goto err; | ||
| 133 | } | 139 | } |
| 134 | rv = 0; | 140 | rv = 0; |
| 135 | err: | 141 | err: |
| @@ -145,5 +151,25 @@ tls_free_conninfo(struct tls_conninfo *conninfo) { | |||
| 145 | conninfo->subject = NULL; | 151 | conninfo->subject = NULL; |
| 146 | free(conninfo->issuer); | 152 | free(conninfo->issuer); |
| 147 | conninfo->issuer = NULL; | 153 | conninfo->issuer = NULL; |
| 154 | free(conninfo->version); | ||
| 155 | conninfo->version = NULL; | ||
| 156 | free(conninfo->cipher); | ||
| 157 | conninfo->cipher = NULL; | ||
| 148 | } | 158 | } |
| 149 | } | 159 | } |
| 160 | |||
| 161 | const char * | ||
| 162 | tls_conn_cipher(struct tls *ctx) | ||
| 163 | { | ||
| 164 | if (ctx->conninfo) | ||
| 165 | return (ctx->conninfo->cipher); | ||
| 166 | return NULL; | ||
| 167 | } | ||
| 168 | |||
| 169 | const char * | ||
| 170 | tls_conn_version(struct tls *ctx) | ||
| 171 | { | ||
| 172 | if (ctx->conninfo) | ||
| 173 | return (ctx->conninfo->version); | ||
| 174 | return NULL; | ||
| 175 | } | ||
diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3 index 90cbdb3f3b..ead2a8095d 100644 --- a/src/lib/libtls/tls_init.3 +++ b/src/lib/libtls/tls_init.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: tls_init.3,v 1.43 2015/09/12 21:00:38 beck Exp $ | 1 | .\" $OpenBSD: tls_init.3,v 1.44 2015/09/13 10:32:46 beck Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> | 3 | .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> |
| 4 | .\" | 4 | .\" |
| @@ -14,7 +14,7 @@ | |||
| 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 16 | .\" | 16 | .\" |
| 17 | .Dd $Mdocdate: September 12 2015 $ | 17 | .Dd $Mdocdate: September 13 2015 $ |
| 18 | .Dt TLS_INIT 3 | 18 | .Dt TLS_INIT 3 |
| 19 | .Os | 19 | .Os |
| 20 | .Sh NAME | 20 | .Sh NAME |
| @@ -127,6 +127,10 @@ | |||
| 127 | .Fn tls_peer_cert_subject "struct tls *ctx" | 127 | .Fn tls_peer_cert_subject "struct tls *ctx" |
| 128 | .Ft "const char *" | 128 | .Ft "const char *" |
| 129 | .Fn tls_peer_cert_hash "struct tls *ctx" | 129 | .Fn tls_peer_cert_hash "struct tls *ctx" |
| 130 | .Ft "const char *" | ||
| 131 | .Fn tls_conn_version "struct tls *ctx" | ||
| 132 | .Ft "const char *" | ||
| 133 | .Fn tls_conn_cipher "struct tls *ctx" | ||
| 130 | .Ft "uint8_t *" | 134 | .Ft "uint8_t *" |
| 131 | .Fn tls_load_file "const char *file" "size_t *len" "char *password" | 135 | .Fn tls_load_file "const char *file" "size_t *len" "char *password" |
| 132 | .Ft "struct tls *" | 136 | .Ft "struct tls *" |
| @@ -416,7 +420,23 @@ h=$(openssl x509 -outform der -in mycert.crt | sha256) | |||
| 416 | printf "SHA256:${h}\\n" | 420 | printf "SHA256:${h}\\n" |
| 417 | .Ed | 421 | .Ed |
| 418 | .Pp | 422 | .Pp |
| 419 | .Fn tls_peer_cert_subject | 423 | .It |
| 424 | .Fn tls_conn_version | ||
| 425 | returns a string | ||
| 426 | corresponding to a TLS version negotiated with the peer | ||
| 427 | connected to | ||
| 428 | .Ar ctx | ||
| 429 | .It | ||
| 430 | .Fn tls_conn_version | ||
| 431 | will only succeed after the handshake is complete. | ||
| 432 | .It | ||
| 433 | .Fn tls_conn_cipher | ||
| 434 | returns a string | ||
| 435 | corresponding to a the cipher suite negotated with the peer | ||
| 436 | connected to | ||
| 437 | .Ar ctx | ||
| 438 | .It | ||
| 439 | .Fn tls_conn_cipher | ||
| 420 | will only succeed after the handshake is complete. | 440 | will only succeed after the handshake is complete. |
| 421 | .Em (Server and client) | 441 | .Em (Server and client) |
| 422 | .It | 442 | .It |
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index e31c39a135..d7878a75e3 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_internal.h,v 1.21 2015/09/12 21:00:38 beck Exp $ */ | 1 | /* $OpenBSD: tls_internal.h,v 1.22 2015/09/13 10:32:46 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> |
| 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| @@ -54,6 +54,8 @@ struct tls_conninfo { | |||
| 54 | char *hash; | 54 | char *hash; |
| 55 | char *serial; | 55 | char *serial; |
| 56 | char *fingerprint; | 56 | char *fingerprint; |
| 57 | char *version; | ||
| 58 | char *cipher; | ||
| 57 | }; | 59 | }; |
| 58 | 60 | ||
| 59 | #define TLS_CLIENT (1 << 0) | 61 | #define TLS_CLIENT (1 << 0) |