Check-in [8e446cb0bb]
Overview
Comment:Added unique ids and signature value to status
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | status_x509
Files: files | file ages | folders
SHA3-256: 8e446cb0bbec1c0015460744e4f6fb288277df3cd0156ccca864ec09492c0355
User & Date: bohagan on 2023-07-15 23:00:51
Other Links: branch diff | manifest | tags
Context
2023-07-16
00:24
Added X509 authorityKeyIdentifier and OCSP URL parameters Fixed subjectKeyIdentifier Moved extension parameters to end of Tls_NewX509Obj check-in: a7be3ce74d user: bohagan tags: status_x509
2023-07-15
23:00
Added unique ids and signature value to status check-in: 8e446cb0bb user: bohagan tags: status_x509
21:37
Better grouped status and connection parameters in doc. check-in: c7828a9fcc user: bohagan tags: status_x509
Changes

Modified doc/tls.html from [5abce369e5] to [4994e38911].

277
278
279
280
281
282
283




284
285
286
287
288
289
290
291
292
293
294
295
296
297




298
299
300
301
302
303
304
        <dd>The begin date for the validity of the certificate.</dd>
        <dt><strong>notAfter</strong> <em>date</em></dt>
        <dd>The expiration date for the certificate.</dd>
        <dt><strong>subject</strong> <em>dn</em></dt>
        <dd>The distinguished name (DN) of the certificate subject.
	    Fields include: Common Name (CN), Organization (O), Locality
	    or City (L), State or Province (S), and Country Name (C).</dd>





        <dt><strong>num_extensions</strong> <em>n</em></dt>
        <dd>Number of certificate extensions.</dd>
        <dt><strong>extensions</strong> <em>list</em></dt>
        <dd>List of certificate extension names.</dd>
        <dt><strong>subjectKeyIdentifier</strong> <em>string</em></dt>
        <dd>Hash of the public key inside the certificate.</dd>
        <dt><strong>subjectAltName</strong> <em>list</em></dt>
        <dd>List of all of the alternative domain names, sub domains,
	    and IP addresses that are secured by the certificate.</dd>

	<dt><strong>certificate</strong> <em>cert</em></dt>
        <dd>The PEM encoded certificate.</dd>





        <dt><strong>signatureDigest</strong> <em>version</em></dt>
        <dd>Certificate signing digest.</dd>
        <dt><strong>publicKeyAlgorithm</strong> <em>algorithm</em></dt>
        <dd>Certificate signature public key algorithm.</dd>
        <dt><strong>publicKey</strong> <em>string</em></dt>
        <dd>Certificate signature public key as hex string.</dd>
        <dt><strong>bits</strong> <em>n</em></dt>







>
>
>
>














>
>
>
>







277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
        <dd>The begin date for the validity of the certificate.</dd>
        <dt><strong>notAfter</strong> <em>date</em></dt>
        <dd>The expiration date for the certificate.</dd>
        <dt><strong>subject</strong> <em>dn</em></dt>
        <dd>The distinguished name (DN) of the certificate subject.
	    Fields include: Common Name (CN), Organization (O), Locality
	    or City (L), State or Province (S), and Country Name (C).</dd>
        <dt><strong>issuerUniqueID</strong> <em>string</em></dt>
        <dd>The issuer unique id.</dd>
        <dt><strong>subjectUniqueID</strong> <em>string</em></dt>
        <dd>The subject unique id.</dd>

        <dt><strong>num_extensions</strong> <em>n</em></dt>
        <dd>Number of certificate extensions.</dd>
        <dt><strong>extensions</strong> <em>list</em></dt>
        <dd>List of certificate extension names.</dd>
        <dt><strong>subjectKeyIdentifier</strong> <em>string</em></dt>
        <dd>Hash of the public key inside the certificate.</dd>
        <dt><strong>subjectAltName</strong> <em>list</em></dt>
        <dd>List of all of the alternative domain names, sub domains,
	    and IP addresses that are secured by the certificate.</dd>

	<dt><strong>certificate</strong> <em>cert</em></dt>
        <dd>The PEM encoded certificate.</dd>

        <dt><strong>signatureAlgorithm</strong> <em>algorithm</em></dt>
        <dd>Cipher algorithm used for certificate signature.</dd>
        <dt><strong>signatureValue</strong> <em>string</em></dt>
        <dd>Certificate signature as hex string.</dd>
        <dt><strong>signatureDigest</strong> <em>version</em></dt>
        <dd>Certificate signing digest.</dd>
        <dt><strong>publicKeyAlgorithm</strong> <em>algorithm</em></dt>
        <dd>Certificate signature public key algorithm.</dd>
        <dt><strong>publicKey</strong> <em>string</em></dt>
        <dd>Certificate signature public key as hex string.</dd>
        <dt><strong>bits</strong> <em>n</em></dt>

Modified generic/tlsX509.c from [0a4513fb4b] to [ea7d376422].

223
224
225
226
227
228
229



















230
231
232
233
234
235
236
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKey", -1));
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len));
	
	/* Check if cert was issued by CA cert issuer or self signed */
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1));
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK));
    }




















    /* Alias  */
    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("alias", -1));
    len = 0;
    bstring = X509_alias_get0(cert, &len);
    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(bstring, len));








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKey", -1));
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len));
	
	/* Check if cert was issued by CA cert issuer or self signed */
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1));
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK));
    }

    /* Unique Ids */
    {
	const ASN1_BIT_STRING *iuid, *suid;
        X509_get0_uids(cert, &iuid, &suid);
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1));
	if (iuid != NULL) {
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, iuid->length));
	} else {
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
	}

	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectUniqueId", -1));
	if (suid != NULL) {
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, suid->length));
	} else {
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
	}
    }

    /* Alias  */
    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("alias", -1));
    len = 0;
    bstring = X509_alias_get0(cert, &len);
    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(bstring, len));

312
313
314
315
316
317
318






















319
320
321
		}
	    }
	}
	sk_GENERAL_NAME_pop_free(san, GENERAL_NAME_free);
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectAltName", -1));
	Tcl_ListObjAppendElement(interp, certPtr, namesPtr);
    }























    return certPtr;
}







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
		}
	    }
	}
	sk_GENERAL_NAME_pop_free(san, GENERAL_NAME_free);
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectAltName", -1));
	Tcl_ListObjAppendElement(interp, certPtr, namesPtr);
    }

    /* Signature algorithm and value */
    {
	const X509_ALGOR *sig_alg;
	const ASN1_BIT_STRING *sig;
	int sig_nid;

	X509_get0_signature(&sig, &sig_alg, cert);
	/* sig_nid = X509_get_signature_nid(cert) */
	sig_nid = OBJ_obj2nid(sig_alg->algorithm);

	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signatureAlgorithm", -1));
	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(sig_nid),-1));

	Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signatureValue", -1));
	if (sig_nid != NID_undef) {
	    len = String_to_Hex(sig->data, sig->length, publicKey, BUFSIZ);
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len));
	} else {
	    Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1));
	}
    }

    return certPtr;
}