diff options
Diffstat (limited to 'src/lib/libtls/tls_conninfo.c')
| -rw-r--r-- | src/lib/libtls/tls_conninfo.c | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c index 1e134bfe59..93526fceeb 100644 --- a/src/lib/libtls/tls_conninfo.c +++ b/src/lib/libtls/tls_conninfo.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_conninfo.c,v 1.5 2015/10/07 23:33:38 beck Exp $ */ | 1 | /* $OpenBSD: tls_conninfo.c,v 1.6 2016/08/01 17:32:19 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2015 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2015 Bob Beck <beck@openbsd.org> |
| @@ -150,6 +150,26 @@ tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, time_t *notafter) | |||
| 150 | return (rv); | 150 | return (rv); |
| 151 | } | 151 | } |
| 152 | 152 | ||
| 153 | static int | ||
| 154 | tls_conninfo_alpn_proto(struct tls *ctx) | ||
| 155 | { | ||
| 156 | const unsigned char *p; | ||
| 157 | unsigned int len; | ||
| 158 | |||
| 159 | free(ctx->conninfo->alpn); | ||
| 160 | ctx->conninfo->alpn = NULL; | ||
| 161 | |||
| 162 | SSL_get0_alpn_selected(ctx->ssl_conn, &p, &len); | ||
| 163 | if (len > 0) { | ||
| 164 | if ((ctx->conninfo->alpn = malloc(len + 1)) == NULL) | ||
| 165 | return (-1); | ||
| 166 | memcpy(ctx->conninfo->alpn, p, len); | ||
| 167 | ctx->conninfo->alpn[len] = '\0'; | ||
| 168 | } | ||
| 169 | |||
| 170 | return (0); | ||
| 171 | } | ||
| 172 | |||
| 153 | int | 173 | int |
| 154 | tls_get_conninfo(struct tls *ctx) { | 174 | tls_get_conninfo(struct tls *ctx) { |
| 155 | const char * tmp; | 175 | const char * tmp; |
| @@ -175,6 +195,9 @@ tls_get_conninfo(struct tls *ctx) { | |||
| 175 | ctx->conninfo->cipher = strdup(tmp); | 195 | ctx->conninfo->cipher = strdup(tmp); |
| 176 | if (ctx->conninfo->cipher == NULL) | 196 | if (ctx->conninfo->cipher == NULL) |
| 177 | goto err; | 197 | goto err; |
| 198 | if (tls_conninfo_alpn_proto(ctx) == -1) | ||
| 199 | goto err; | ||
| 200 | |||
| 178 | return (0); | 201 | return (0); |
| 179 | err: | 202 | err: |
| 180 | tls_free_conninfo(ctx->conninfo); | 203 | tls_free_conninfo(ctx->conninfo); |
| @@ -184,6 +207,8 @@ err: | |||
| 184 | void | 207 | void |
| 185 | tls_free_conninfo(struct tls_conninfo *conninfo) { | 208 | tls_free_conninfo(struct tls_conninfo *conninfo) { |
| 186 | if (conninfo != NULL) { | 209 | if (conninfo != NULL) { |
| 210 | free(conninfo->alpn); | ||
| 211 | conninfo->alpn = NULL; | ||
| 187 | free(conninfo->hash); | 212 | free(conninfo->hash); |
| 188 | conninfo->hash = NULL; | 213 | conninfo->hash = NULL; |
| 189 | free(conninfo->subject); | 214 | free(conninfo->subject); |
| @@ -198,6 +223,14 @@ tls_free_conninfo(struct tls_conninfo *conninfo) { | |||
| 198 | } | 223 | } |
| 199 | 224 | ||
| 200 | const char * | 225 | const char * |
| 226 | tls_conn_alpn_selected(struct tls *ctx) | ||
| 227 | { | ||
| 228 | if (ctx->conninfo == NULL) | ||
| 229 | return (NULL); | ||
| 230 | return (ctx->conninfo->alpn); | ||
| 231 | } | ||
| 232 | |||
| 233 | const char * | ||
| 201 | tls_conn_cipher(struct tls *ctx) | 234 | tls_conn_cipher(struct tls *ctx) |
| 202 | { | 235 | { |
| 203 | if (ctx->conninfo == NULL) | 236 | if (ctx->conninfo == NULL) |