Provide tls_peer_cert_hash() which returns a hash of the raw certificate

that was presented by the peer. The hash used is currently SHA256, however since we prefix the result with the hash name, we can change this in the future as the need arises. The same output can be generated by using: h=$(openssl x509 -outform der -in mycert.crt | sha256) printf "SHA256:${h}\n" ok beck@
author: jsing <> 2015-09-11 11:28:01 +0000
committer: jsing <> 2015-09-11 11:28:01 +0000
commit: 368b501095ffe62862d468562cfaf9d1012ca99c (patch)
tree: 122bc4c787f76caf0f4eb0c1dd4c691818a0adca /src/lib/libtls/tls.h
parent: 42bff14389893c2dd1a5b78696866d589b5aac93 (diff)
download: openbsd-368b501095ffe62862d468562cfaf9d1012ca99c.tar.gz
openbsd-368b501095ffe62862d468562cfaf9d1012ca99c.tar.bz2
openbsd-368b501095ffe62862d468562cfaf9d1012ca99c.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index f7c12920e0..3cb24f0ee5 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.18 2015/09/10 10:26:49 beck Exp $ */
+/* $OpenBSD: tls.h,v 1.19 2015/09/11 11:28:01 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -99,6 +99,8 @@ ssize_t tls_read(struct tls *_ctx, void *_buf, size_t _buflen);
 ssize_t tls_write(struct tls *_ctx, const void *_buf, size_t _buflen);
 int tls_close(struct tls *_ctx);
+int tls_peer_cert_hash(struct tls *_ctx, char **_hash);
 uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
 #ifdef __cplusplus
author	jsing <>	2015-09-11 11:28:01 +0000
committer	jsing <>	2015-09-11 11:28:01 +0000
commit	368b501095ffe62862d468562cfaf9d1012ca99c (patch)
tree	122bc4c787f76caf0f4eb0c1dd4c691818a0adca /src/lib/libtls/tls.h
parent	42bff14389893c2dd1a5b78696866d589b5aac93 (diff)
download	openbsd-368b501095ffe62862d468562cfaf9d1012ca99c.tar.gz openbsd-368b501095ffe62862d468562cfaf9d1012ca99c.tar.bz2 openbsd-368b501095ffe62862d468562cfaf9d1012ca99c.zip