Overview
Comment: | Added unique ids and signature value to status |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | status_x509 |
Files: | files | file ages | folders |
SHA3-256: |
8e446cb0bbec1c0015460744e4f6fb28 |
User & Date: | bohagan on 2023-07-15 23:00:51 |
Other Links: | branch diff | manifest | tags |
Context
2023-07-16
| ||
00:24 | Added X509 authorityKeyIdentifier and OCSP URL parameters Fixed subjectKeyIdentifier Moved extension parameters to end of Tls_NewX509Obj check-in: a7be3ce74d user: bohagan tags: status_x509 | |
2023-07-15
| ||
23:00 | Added unique ids and signature value to status check-in: 8e446cb0bb user: bohagan tags: status_x509 | |
21:37 | Better grouped status and connection parameters in doc. check-in: c7828a9fcc user: bohagan tags: status_x509 | |
Changes
Modified doc/tls.html
from [5abce369e5]
to [4994e38911].
︙ | ︙ | |||
277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 | <dd>The begin date for the validity of the certificate.</dd> <dt><strong>notAfter</strong> <em>date</em></dt> <dd>The expiration date for the certificate.</dd> <dt><strong>subject</strong> <em>dn</em></dt> <dd>The distinguished name (DN) of the certificate subject. Fields include: Common Name (CN), Organization (O), Locality or City (L), State or Province (S), and Country Name (C).</dd> <dt><strong>num_extensions</strong> <em>n</em></dt> <dd>Number of certificate extensions.</dd> <dt><strong>extensions</strong> <em>list</em></dt> <dd>List of certificate extension names.</dd> <dt><strong>subjectKeyIdentifier</strong> <em>string</em></dt> <dd>Hash of the public key inside the certificate.</dd> <dt><strong>subjectAltName</strong> <em>list</em></dt> <dd>List of all of the alternative domain names, sub domains, and IP addresses that are secured by the certificate.</dd> <dt><strong>certificate</strong> <em>cert</em></dt> <dd>The PEM encoded certificate.</dd> <dt><strong>signatureDigest</strong> <em>version</em></dt> <dd>Certificate signing digest.</dd> <dt><strong>publicKeyAlgorithm</strong> <em>algorithm</em></dt> <dd>Certificate signature public key algorithm.</dd> <dt><strong>publicKey</strong> <em>string</em></dt> <dd>Certificate signature public key as hex string.</dd> <dt><strong>bits</strong> <em>n</em></dt> | > > > > > > > > | 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 | <dd>The begin date for the validity of the certificate.</dd> <dt><strong>notAfter</strong> <em>date</em></dt> <dd>The expiration date for the certificate.</dd> <dt><strong>subject</strong> <em>dn</em></dt> <dd>The distinguished name (DN) of the certificate subject. Fields include: Common Name (CN), Organization (O), Locality or City (L), State or Province (S), and Country Name (C).</dd> <dt><strong>issuerUniqueID</strong> <em>string</em></dt> <dd>The issuer unique id.</dd> <dt><strong>subjectUniqueID</strong> <em>string</em></dt> <dd>The subject unique id.</dd> <dt><strong>num_extensions</strong> <em>n</em></dt> <dd>Number of certificate extensions.</dd> <dt><strong>extensions</strong> <em>list</em></dt> <dd>List of certificate extension names.</dd> <dt><strong>subjectKeyIdentifier</strong> <em>string</em></dt> <dd>Hash of the public key inside the certificate.</dd> <dt><strong>subjectAltName</strong> <em>list</em></dt> <dd>List of all of the alternative domain names, sub domains, and IP addresses that are secured by the certificate.</dd> <dt><strong>certificate</strong> <em>cert</em></dt> <dd>The PEM encoded certificate.</dd> <dt><strong>signatureAlgorithm</strong> <em>algorithm</em></dt> <dd>Cipher algorithm used for certificate signature.</dd> <dt><strong>signatureValue</strong> <em>string</em></dt> <dd>Certificate signature as hex string.</dd> <dt><strong>signatureDigest</strong> <em>version</em></dt> <dd>Certificate signing digest.</dd> <dt><strong>publicKeyAlgorithm</strong> <em>algorithm</em></dt> <dd>Certificate signature public key algorithm.</dd> <dt><strong>publicKey</strong> <em>string</em></dt> <dd>Certificate signature public key as hex string.</dd> <dt><strong>bits</strong> <em>n</em></dt> |
︙ | ︙ |
Modified generic/tlsX509.c
from [0a4513fb4b]
to [ea7d376422].
︙ | ︙ | |||
223 224 225 226 227 228 229 230 231 232 233 234 235 236 | Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKey", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len)); /* Check if cert was issued by CA cert issuer or self signed */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK)); } /* Alias */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("alias", -1)); len = 0; bstring = X509_alias_get0(cert, &len); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(bstring, len)); | > > > > > > > > > > > > > > > > > > > | 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 | Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKey", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len)); /* Check if cert was issued by CA cert issuer or self signed */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK)); } /* Unique Ids */ { const ASN1_BIT_STRING *iuid, *suid; X509_get0_uids(cert, &iuid, &suid); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuerUniqueId", -1)); if (iuid != NULL) { Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)iuid->data, iuid->length)); } else { Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1)); } Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectUniqueId", -1)); if (suid != NULL) { Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)suid->data, suid->length)); } else { Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1)); } } /* Alias */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("alias", -1)); len = 0; bstring = X509_alias_get0(cert, &len); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(bstring, len)); |
︙ | ︙ | |||
312 313 314 315 316 317 318 319 320 321 | } } } sk_GENERAL_NAME_pop_free(san, GENERAL_NAME_free); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectAltName", -1)); Tcl_ListObjAppendElement(interp, certPtr, namesPtr); } return certPtr; } | > > > > > > > > > > > > > > > > > > > > > > | 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 | } } } sk_GENERAL_NAME_pop_free(san, GENERAL_NAME_free); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectAltName", -1)); Tcl_ListObjAppendElement(interp, certPtr, namesPtr); } /* Signature algorithm and value */ { const X509_ALGOR *sig_alg; const ASN1_BIT_STRING *sig; int sig_nid; X509_get0_signature(&sig, &sig_alg, cert); /* sig_nid = X509_get_signature_nid(cert) */ sig_nid = OBJ_obj2nid(sig_alg->algorithm); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signatureAlgorithm", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(sig_nid),-1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signatureValue", -1)); if (sig_nid != NID_undef) { len = String_to_Hex(sig->data, sig->length, publicKey, BUFSIZ); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len)); } else { Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("", -1)); } } return certPtr; } |