add tls_peer functions for checking names and issuers of peer certificates.

ok jsing@
author: beck <> 2015-09-11 12:56:55 +0000
committer: beck <> 2015-09-11 12:56:55 +0000
commit: 27e5e00bb80457049b7e7613f43e8f1165402316 (patch)
tree: 6080d52d99050fc94d1bd00cdb70fd607c96d262 /src/lib/libtls/tls_peer.c
parent: eafebfdd3adba0417a72d6cc8a75f367fc2fbbdb (diff)
download: openbsd-27e5e00bb80457049b7e7613f43e8f1165402316.tar.gz
openbsd-27e5e00bb80457049b7e7613f43e8f1165402316.tar.bz2
openbsd-27e5e00bb80457049b7e7613f43e8f1165402316.zip
1 files changed, 49 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c
index e2a2c7b141..39a9d90cab 100644
--- a/src/lib/libtls/tls_peer.c
+++ b/src/lib/libtls/tls_peer.c
@@ -1,6 +1,7 @@
-/* $OpenBSD: tls_peer.c,v 1.1 2015/09/11 11:28:01 jsing Exp $ */
+/* $OpenBSD: tls_peer.c,v 1.2 2015/09/11 12:56:55 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+ * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -85,3 +86,50 @@ err:
        return (rv);
 }
+int
+tls_peer_cert_provided(struct tls *ctx)
+{
+        return (ctx->ssl_peer_cert != NULL);
+}
+int
+tls_peer_cert_contains_name(struct tls *ctx, const char *name)
+{
+        if (ctx->ssl_peer_cert == NULL)
+                return (0);
+        return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0);
+}
+int
+tls_peer_cert_issuer(struct tls *ctx,  char **issuer)
+{
+        X509_NAME *name = NULL;
+        *issuer = NULL;
+        if (ctx->ssl_peer_cert != NULL)
+                return (-1);
+        if ((name = X509_get_issuer_name(ctx->ssl_peer_cert)) == NULL)
+                return (-1);
+        *issuer = X509_NAME_oneline(name, 0, 0);
+        if (*issuer == NULL)
+                return (-1);
+        return (0);
+}
+int
+tls_peer_cert_subject(struct tls *ctx, char **subject)
+{
+        X509_NAME *name = NULL;
+        *subject = NULL;
+        if (ctx->ssl_peer_cert == NULL)
+                return (-1);
+        if ((name = X509_get_subject_name(ctx->ssl_peer_cert)) == NULL)
+                return (-1);
+        *subject = X509_NAME_oneline(name, 0, 0);
+        if (*subject == NULL)
+                return (-1);
+        return (0);
+}
author	beck <>	2015-09-11 12:56:55 +0000
committer	beck <>	2015-09-11 12:56:55 +0000
commit	27e5e00bb80457049b7e7613f43e8f1165402316 (patch)
tree	6080d52d99050fc94d1bd00cdb70fd607c96d262 /src/lib/libtls/tls_peer.c
parent	eafebfdd3adba0417a72d6cc8a75f367fc2fbbdb (diff)
download	openbsd-27e5e00bb80457049b7e7613f43e8f1165402316.tar.gz openbsd-27e5e00bb80457049b7e7613f43e8f1165402316.tar.bz2 openbsd-27e5e00bb80457049b7e7613f43e8f1165402316.zip

diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c index e2a2c7b141..39a9d90cab 100644 --- a/src/lib/libtls/tls_peer.c +++ b/src/lib/libtls/tls_peer.c
@@ -1,6 +1,7 @@
1	/* $OpenBSD: tls_peer.c,v 1.1 2015/09/11 11:28:01 jsing Exp $ */	1	/* $OpenBSD: tls_peer.c,v 1.2 2015/09/11 12:56:55 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
		4	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
4	*	5	*
5	* Permission to use, copy, modify, and distribute this software for any	6	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above	7	* purpose with or without fee is hereby granted, provided that the above
@@ -85,3 +86,50 @@ err:
85		86
86	return (rv);	87	return (rv);
87	}	88	}
		89
		90	int
		91	tls_peer_cert_provided(struct tls *ctx)
		92	{
		93	return (ctx->ssl_peer_cert != NULL);
		94	}
		95
		96	int
		97	tls_peer_cert_contains_name(struct tls ctx, const char name)
		98	{
		99	if (ctx->ssl_peer_cert == NULL)
		100	return (0);
		101
		102	return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0);
		103	}
		104
		105	int
		106	tls_peer_cert_issuer(struct tls ctx, char *issuer)
		107	{
		108	X509_NAME *name = NULL;
		109
		110	*issuer = NULL;
		111	if (ctx->ssl_peer_cert != NULL)
		112	return (-1);
		113	if ((name = X509_get_issuer_name(ctx->ssl_peer_cert)) == NULL)
		114	return (-1);
		115	*issuer = X509_NAME_oneline(name, 0, 0);
		116	if (*issuer == NULL)
		117	return (-1);
		118	return (0);
		119	}
		120
		121	int
		122	tls_peer_cert_subject(struct tls ctx, char *subject)
		123	{
		124	X509_NAME *name = NULL;
		125
		126	*subject = NULL;
		127	if (ctx->ssl_peer_cert == NULL)
		128	return (-1);
		129	if ((name = X509_get_subject_name(ctx->ssl_peer_cert)) == NULL)
		130	return (-1);
		131	*subject = X509_NAME_oneline(name, 0, 0);
		132	if (*subject == NULL)
		133	return (-1);
		134	return (0);
		135	}