summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_peer.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libtls/tls_peer.c')
-rw-r--r--src/lib/libtls/tls_peer.c108
1 files changed, 18 insertions, 90 deletions
diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c
index cd1984f215..3145e500c4 100644
--- a/src/lib/libtls/tls_peer.c
+++ b/src/lib/libtls/tls_peer.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_peer.c,v 1.3 2015/09/11 13:22:39 beck Exp $ */ 1/* $OpenBSD: tls_peer.c,v 1.4 2015/09/12 21:00:38 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2015 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -23,68 +23,27 @@
23#include <tls.h> 23#include <tls.h>
24#include "tls_internal.h" 24#include "tls_internal.h"
25 25
26static int 26const char *
27tls_hex_string(const unsigned char *in, size_t inlen, char **out, 27tls_peer_cert_hash(struct tls *ctx)
28 size_t *outlen)
29{ 28{
30 static const char hex[] = "0123456789abcdef"; 29 if (ctx->conninfo)
31 size_t i, len; 30 return (ctx->conninfo->hash);
32 char *p; 31 return NULL;
33
34 if (outlen != NULL)
35 *outlen = 0;
36
37 if (inlen >= SIZE_MAX)
38 return (-1);
39 if ((*out = reallocarray(NULL, inlen + 1, 2)) == NULL)
40 return (-1);
41
42 p = *out;
43 len = 0;
44 for (i = 0; i < inlen; i++) {
45 p[len++] = hex[(in[i] >> 4) & 0x0f];
46 p[len++] = hex[in[i] & 0x0f];
47 }
48 p[len++] = 0;
49
50 if (outlen != NULL)
51 *outlen = len;
52
53 return (0);
54} 32}
55 33const char *
56int 34tls_peer_cert_issuer(struct tls *ctx)
57tls_peer_cert_hash(struct tls *ctx, char **hash)
58{ 35{
59 char d[EVP_MAX_MD_SIZE], *dhex = NULL; 36 if (ctx->conninfo)
60 int dlen, rv = -1; 37 return (ctx->conninfo->issuer);
61 38 return NULL;
62 *hash = NULL; 39}
63 if (ctx->ssl_peer_cert == NULL)
64 return (0);
65
66 if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) {
67 tls_set_errorx(ctx, "digest failed");
68 goto err;
69 }
70
71 if (tls_hex_string(d, dlen, &dhex, NULL) != 0) {
72 tls_set_errorx(ctx, "digest hex string failed");
73 goto err;
74 }
75
76 if (asprintf(hash, "SHA256:%s", dhex) == -1) {
77 tls_set_errorx(ctx, "out of memory");
78 *hash = NULL;
79 goto err;
80 }
81
82 rv = 0;
83
84err:
85 free(dhex);
86 40
87 return (rv); 41const char *
42tls_peer_cert_subject(struct tls *ctx)
43{
44 if (ctx->conninfo)
45 return (ctx->conninfo->subject);
46 return NULL;
88} 47}
89 48
90int 49int
@@ -102,34 +61,3 @@ tls_peer_cert_contains_name(struct tls *ctx, const char *name)
102 return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0); 61 return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0);
103} 62}
104 63
105int
106tls_peer_cert_issuer(struct tls *ctx, char **issuer)
107{
108 X509_NAME *name = NULL;
109
110 *issuer = NULL;
111 if (ctx->ssl_peer_cert == NULL)
112 return (-1);
113 if ((name = X509_get_issuer_name(ctx->ssl_peer_cert)) == NULL)
114 return (-1);
115 *issuer = X509_NAME_oneline(name, 0, 0);
116 if (*issuer == NULL)
117 return (-1);
118 return (0);
119}
120
121int
122tls_peer_cert_subject(struct tls *ctx, char **subject)
123{
124 X509_NAME *name = NULL;
125
126 *subject = NULL;
127 if (ctx->ssl_peer_cert == NULL)
128 return (-1);
129 if ((name = X509_get_subject_name(ctx->ssl_peer_cert)) == NULL)
130 return (-1);
131 *subject = X509_NAME_oneline(name, 0, 0);
132 if (*subject == NULL)
133 return (-1);
134 return (0);
135}