diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libtls/tls.c | 11 | ||||
| -rw-r--r-- | src/lib/libtls/tls_conninfo.c | 25 |
2 files changed, 21 insertions, 15 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index f841271754..0a7c958369 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.33 2015/09/29 10:17:04 deraadt Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.34 2015/10/07 23:25:45 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -400,10 +400,11 @@ tls_handshake(struct tls *ctx) | |||
| 400 | else if ((ctx->flags & TLS_SERVER_CONN) != 0) | 400 | else if ((ctx->flags & TLS_SERVER_CONN) != 0) |
| 401 | rv = tls_handshake_server(ctx); | 401 | rv = tls_handshake_server(ctx); |
| 402 | 402 | ||
| 403 | if (rv == 0 && | 403 | if (rv == 0) { |
| 404 | (ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn)) && | 404 | ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn); |
| 405 | (tls_get_conninfo(ctx) == -1)) | 405 | if (tls_get_conninfo(ctx) == -1) |
| 406 | rv = -1; | 406 | rv = -1; |
| 407 | } | ||
| 407 | out: | 408 | out: |
| 408 | /* Prevent callers from performing incorrect error handling */ | 409 | /* Prevent callers from performing incorrect error handling */ |
| 409 | errno = 0; | 410 | errno = 0; |
diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c index 86fca2337d..48bb89fe63 100644 --- a/src/lib/libtls/tls_conninfo.c +++ b/src/lib/libtls/tls_conninfo.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_conninfo.c,v 1.3 2015/09/28 15:18:08 jsing Exp $ */ | 1 | /* $OpenBSD: tls_conninfo.c,v 1.4 2015/10/07 23:25:45 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2015 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2015 Bob Beck <beck@openbsd.org> |
| @@ -121,7 +121,7 @@ tls_get_peer_cert_subject(struct tls *ctx, char **subject) | |||
| 121 | 121 | ||
| 122 | int | 122 | int |
| 123 | tls_get_conninfo(struct tls *ctx) { | 123 | tls_get_conninfo(struct tls *ctx) { |
| 124 | int rv = -1; | 124 | const char * tmp; |
| 125 | if (ctx->ssl_peer_cert != NULL) { | 125 | if (ctx->ssl_peer_cert != NULL) { |
| 126 | if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1) | 126 | if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1) |
| 127 | goto err; | 127 | goto err; |
| @@ -130,16 +130,21 @@ tls_get_conninfo(struct tls *ctx) { | |||
| 130 | goto err; | 130 | goto err; |
| 131 | if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1) | 131 | if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1) |
| 132 | goto err; | 132 | goto err; |
| 133 | ctx->conninfo->version = strdup(SSL_get_version(ctx->ssl_conn)); | ||
| 134 | if (ctx->conninfo->version == NULL) | ||
| 135 | goto err; | ||
| 136 | ctx->conninfo->cipher = strdup(SSL_get_cipher(ctx->ssl_conn)); | ||
| 137 | if (ctx->conninfo->cipher == NULL) | ||
| 138 | goto err; | ||
| 139 | } | 133 | } |
| 140 | rv = 0; | 134 | if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL) |
| 135 | goto err; | ||
| 136 | ctx->conninfo->version = strdup(tmp); | ||
| 137 | if (ctx->conninfo->version == NULL) | ||
| 138 | goto err; | ||
| 139 | if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL) | ||
| 140 | goto err; | ||
| 141 | ctx->conninfo->cipher = strdup(tmp); | ||
| 142 | if (ctx->conninfo->cipher == NULL) | ||
| 143 | goto err; | ||
| 144 | return (0); | ||
| 141 | err: | 145 | err: |
| 142 | return (rv); | 146 | tls_free_conninfo(ctx->conninfo); |
| 147 | return (-1); | ||
| 143 | } | 148 | } |
| 144 | 149 | ||
| 145 | void | 150 | void |