summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_peer.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Rework name verification code so that a match is indicated via an argument,jsing2017-04-101-2/+7
| | | | | | | | | | rather than return codes. More strictly follow RFC 6125, in particular only check the CN if there are no SAN identifiers present in the certificate (per section 6.4.4). Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>. ok beck@ jca@
* Add tls_peer_cert_chain_pem - To retreive the peer certificate and chainbeck2017-04-051-1/+12
| | | | | | | as PEM format. This allows for it to be used or examined with tools external to libtls bump minor ok jsing@
* Stick with the usual 'if NULL return NULL' idiom.jsing2016-08-221-10/+10
| | | | ok beck@
* Add tls_peer_cert_notbefore and tls_peer_cert_notafter to expose peer ↵beck2015-10-071-1/+21
| | | | | | | certificate validity times for tls connections. ok jsing@
* Move connection info into it's own private structure allocated and filled inbeck2015-09-121-90/+18
| | | | | | at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
* != -> == that I broke while bikesheddingbeck2015-09-111-2/+2
|
* add tls_peer functions for checking names and issuers of peer certificates.beck2015-09-111-1/+49
| | | | ok jsing@
* Provide tls_peer_cert_hash() which returns a hash of the raw certificatejsing2015-09-111-0/+87
that was presented by the peer. The hash used is currently SHA256, however since we prefix the result with the hash name, we can change this in the future as the need arises. The same output can be generated by using: h=$(openssl x509 -outform der -in mycert.crt | sha256) printf "SHA256:${h}\n" ok beck@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 07:20:22 +0000