Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer certificate

validity times for tls connections. ok jsing@
author: beck <> 2015-10-07 23:33:38 +0000
committer: beck <> 2015-10-07 23:33:38 +0000
commit: 5d82be7da232ba0ac24e658d65265454ddebf89c (patch)
tree: 92254ea2710731c9a0faaf9eedfc6dd971a01640 /src/lib/libtls/tls_peer.c
parent: 545a111ef6b8cf1b16a35cc82a9a9015dc28c7fb (diff)
download: openbsd-5d82be7da232ba0ac24e658d65265454ddebf89c.tar.gz
openbsd-5d82be7da232ba0ac24e658d65265454ddebf89c.tar.bz2
openbsd-5d82be7da232ba0ac24e658d65265454ddebf89c.zip
1 files changed, 21 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c
index 3145e500c4..8a74613ef8 100644
--- a/src/lib/libtls/tls_peer.c
+++ b/src/lib/libtls/tls_peer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_peer.c,v 1.4 2015/09/12 21:00:38 beck Exp $ */
+/* $OpenBSD: tls_peer.c,v 1.5 2015/10/07 23:33:38 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -61,3 +61,23 @@ tls_peer_cert_contains_name(struct tls *ctx, const char *name)
        return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0);
 }
+time_t
+tls_peer_cert_notbefore(struct tls *ctx)
+{
+        if (ctx->ssl_peer_cert == NULL)
+                return (-1);
+        if (ctx->conninfo == NULL)
+                return (-1);
+        return (ctx->conninfo->notbefore);
+}
+time_t
+tls_peer_cert_notafter(struct tls *ctx)
+{
+        if (ctx->ssl_peer_cert == NULL)
+                return (-1);
+        if (ctx->conninfo == NULL)
+                return (-1);
+        return (ctx->conninfo->notafter);
+}
author	beck <>	2015-10-07 23:33:38 +0000
committer	beck <>	2015-10-07 23:33:38 +0000
commit	5d82be7da232ba0ac24e658d65265454ddebf89c (patch)
tree	92254ea2710731c9a0faaf9eedfc6dd971a01640 /src/lib/libtls/tls_peer.c
parent	545a111ef6b8cf1b16a35cc82a9a9015dc28c7fb (diff)
download	openbsd-5d82be7da232ba0ac24e658d65265454ddebf89c.tar.gz openbsd-5d82be7da232ba0ac24e658d65265454ddebf89c.tar.bz2 openbsd-5d82be7da232ba0ac24e658d65265454ddebf89c.zip

diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c index 3145e500c4..8a74613ef8 100644 --- a/src/lib/libtls/tls_peer.c +++ b/src/lib/libtls/tls_peer.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_peer.c,v 1.4 2015/09/12 21:00:38 beck Exp $ */	1	/* $OpenBSD: tls_peer.c,v 1.5 2015/10/07 23:33:38 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -61,3 +61,23 @@ tls_peer_cert_contains_name(struct tls ctx, const char name)
61	return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0);	61	return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0);
62	}	62	}
63		63
		64	time_t
		65	tls_peer_cert_notbefore(struct tls *ctx)
		66	{
		67	if (ctx->ssl_peer_cert == NULL)
		68	return (-1);
		69	if (ctx->conninfo == NULL)
		70	return (-1);
		71	return (ctx->conninfo->notbefore);
		72	}
		73
		74	time_t
		75	tls_peer_cert_notafter(struct tls *ctx)
		76	{
		77	if (ctx->ssl_peer_cert == NULL)
		78	return (-1);
		79	if (ctx->conninfo == NULL)
		80	return (-1);
		81	return (ctx->conninfo->notafter);
		82	}
		83