Check-in [46cae05dcb]
Bounty program for improvements to Tcl and certain Tcl packages.
Overview
Comment:Improvements to certificate conversion. Distinguished Names subject and issuer now UTF-8 per RFC 3280, RFC 2253. Serial numbers now hexadecimal per RFC 3280.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 46cae05dcb062051eea6d2a8876687fd9148c74f
User & Date: razzell on 2004-03-17 17:53:57
Other Links: manifest | tags
Context
2004-03-19
21:05
* tls.c (Tls_Init): replaced older TEA config with newer * config/* (removed): * pkgIndex.tcl.in, strncasecmp.c (removed): * Makefile.in, aclocal.m4, configure, configure.in: * tclconfig/README.txt, tclconfig/install-sh, tclconfig/tcl.m4: check-in: bf83205ca8 user: hobbs tags: trunk
2004-03-17
17:53
Improvements to certificate conversion. Distinguished Names subject and issuer now UTF-8 per RFC 3280, RFC 2253. Serial numbers now hexadecimal per RFC 3280. check-in: 46cae05dcb user: razzell tags: trunk
2004-02-17
21:27
TLS 1.5.0 RELEASED check-in: ba5a968fc6 user: razzell tags: trunk, tls-1-5-0
Changes

Modified ChangeLog from [0e9024f29c] to [bfc5627b80].











1
2
3
4
5
6
7









2004-02-17  Dan Razzell <[email protected]>

	TLS 1.5.0 RELEASE

2004-02-12  Dan Razzell	<[email protected]>

	* tls.c:	Allow verify callback to return empty result.
>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2004-03-17  Dan Razzell <[email protected]>

	* tlsX509.c:	Add support for long serial numbers per RFC 3280.
			Format is now hexadecimal. 
			[Request #915313]
			Correctly convert certificate Distinguished Names
			to Tcl string representation.  Eliminates use of
			deprecated OpenSSL function.  Format is now compliant
			with RFC 2253.  [Request #915315]

2004-02-17  Dan Razzell <[email protected]>

	TLS 1.5.0 RELEASE

2004-02-12  Dan Razzell	<[email protected]>

	* tls.c:	Allow verify callback to return empty result.

Modified tlsX509.c from [7e1554b19e] to [041db9e6e3].

1
2
3
4
5
6
7










8
9
10
11
12
13
14
..
67
68
69
70
71
72
73

74

75
76

77
78
79
80
81
82
83
84




















85
86
87







88
89
90
91
92
93
94
...
120
121
122
123
124
125
126
127
128
129
130
/*
 * Copyright (C) 1997-2000 Sensus Consulting Ltd.
 * Matt Newman <[email protected]>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsX509.c,v 1.3 2003/07/07 20:24:49 hobbs Exp $
 */
#include "tlsInt.h"











/*
 * ASN1_UTCTIME_tostr --
 */
static char *
ASN1_UTCTIME_tostr(ASN1_UTCTIME *tm)
{
................................................................................

Tcl_Obj*
Tls_NewX509Obj( interp, cert)
    Tcl_Interp *interp;
    X509 *cert;
{
    Tcl_Obj *certPtr = Tcl_NewListObj( 0, NULL);

    int serial;

    char subject[BUFSIZ];
    char issuer[BUFSIZ];

    char notBefore[BUFSIZ];
    char notAfter[BUFSIZ];
#ifndef NO_SSL_SHA
    int shai;
    char sha_hash[SHA_DIGEST_LENGTH*2];
    const char *shachars="0123456789ABCDEF";
#endif





















    serial = ASN1_INTEGER_get(X509_get_serialNumber(cert));
    X509_NAME_oneline(X509_get_subject_name(cert),subject,sizeof(subject));
    X509_NAME_oneline(X509_get_issuer_name(cert),issuer,sizeof(issuer));








    strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
    strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));

#ifndef NO_SSL_SHA
    for (shai=0;shai<SHA_DIGEST_LENGTH;shai++)
    {
................................................................................
	    Tcl_NewStringObj( "notAfter", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( notAfter, -1) );

    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "serial", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewIntObj( serial) );

    return certPtr;
}



|


>
>
>
>
>
>
>
>
>
>







 







>
|
>


>








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
>
>
>
>
>
>
>







 







|



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
..
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118


119
120
121
122
123
124
125
126
127
128
129
130
131
132
...
158
159
160
161
162
163
164
165
166
167
168
/*
 * Copyright (C) 1997-2000 Sensus Consulting Ltd.
 * Matt Newman <[email protected]>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsX509.c,v 1.4 2004/03/17 17:53:57 razzell Exp $
 */
#include "tlsInt.h"

static int min(int a, int b)
{
    return (a < b) ? a : b;
}

static int max(int a, int b)
{
    return (a > b) ? a : b;
}

/*
 * ASN1_UTCTIME_tostr --
 */
static char *
ASN1_UTCTIME_tostr(ASN1_UTCTIME *tm)
{
................................................................................

Tcl_Obj*
Tls_NewX509Obj( interp, cert)
    Tcl_Interp *interp;
    X509 *cert;
{
    Tcl_Obj *certPtr = Tcl_NewListObj( 0, NULL);
    BIO *bio;
    int n;
    unsigned long flags;
    char subject[BUFSIZ];
    char issuer[BUFSIZ];
    char serial[BUFSIZ];
    char notBefore[BUFSIZ];
    char notAfter[BUFSIZ];
#ifndef NO_SSL_SHA
    int shai;
    char sha_hash[SHA_DIGEST_LENGTH*2];
    const char *shachars="0123456789ABCDEF";
#endif

    if ((bio = BIO_new(BIO_s_mem())) == NULL) {
	subject[0] = 0;
	issuer[0]  = 0;
	serial[0]  = 0;
    } else {
	flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
	flags &= ~ASN1_STRFLGS_ESC_MSB;

	X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags); 
	n = BIO_read(bio, subject, min(BIO_pending(bio), BUFSIZ - 1));
	n = max(n, 0);
	subject[n] = 0;
	BIO_flush(bio);

	X509_NAME_print_ex(bio, X509_get_issuer_name(cert), 0, flags);
	n = BIO_read(bio, issuer, min(BIO_pending(bio), BUFSIZ - 1));
	n = max(n, 0);
	issuer[n] = 0;
	BIO_flush(bio);

	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));


	n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
	n = max(n, 0);
	serial[n] = 0;
	BIO_flush(bio);

	BIO_free(bio);
    }

    strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
    strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));

#ifndef NO_SSL_SHA
    for (shai=0;shai<SHA_DIGEST_LENGTH;shai++)
    {
................................................................................
	    Tcl_NewStringObj( "notAfter", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( notAfter, -1) );

    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "serial", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( serial, -1) );

    return certPtr;
}