summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libtls/tls.c')
-rw-r--r--src/lib/libtls/tls.c33
1 files changed, 29 insertions, 4 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 0e206e2c7e..8f2c7dde05 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls.c,v 1.74 2018/02/08 10:19:31 jsing Exp $ */ 1/* $OpenBSD: tls.c,v 1.75 2018/02/10 04:57:35 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -291,6 +291,34 @@ tls_cert_hash(X509 *cert, char **hash)
291} 291}
292 292
293int 293int
294tls_cert_pubkey_hash(X509 *cert, char **hash)
295{
296 char d[EVP_MAX_MD_SIZE], *dhex = NULL;
297 int dlen, rv = -1;
298
299 free(*hash);
300 *hash = NULL;
301
302 if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1)
303 goto err;
304
305 if (tls_hex_string(d, dlen, &dhex, NULL) != 0)
306 goto err;
307
308 if (asprintf(hash, "SHA256:%s", dhex) == -1) {
309 *hash = NULL;
310 goto err;
311 }
312
313 rv = 0;
314
315 err:
316 free(dhex);
317
318 return (rv);
319}
320
321int
294tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, 322tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
295 struct tls_keypair *keypair, int required) 323 struct tls_keypair *keypair, int required)
296{ 324{
@@ -313,9 +341,6 @@ tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
313 tls_set_errorx(ctx, "failed to load certificate"); 341 tls_set_errorx(ctx, "failed to load certificate");
314 goto err; 342 goto err;
315 } 343 }
316 if (tls_keypair_pubkey_hash(keypair, &ctx->error,
317 &keypair->pubkey_hash) == -1)
318 goto err;
319 } 344 }
320 345
321 if (keypair->key_mem != NULL) { 346 if (keypair->key_mem != NULL) {