Overview
| Comment: | Added Subject Alternate Name (SAN) to X509 status. Source: https://core.tcl-lang.org/tcltls/tktview/3c42b2ba11 |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | status_x509 |
| Files: | files | file ages | folders |
| SHA3-256: |
a5843e5983d1be0b0adcc22ed1c71a5b |
| User & Date: | bohagan on 2023-06-21 23:37:02 |
| Other Links: | branch diff | manifest | tags |
Context
|
2023-07-09
| ||
| 22:46 | Changed to pass verify ok results string to callback. Renamed certificate status signature_hash to signatureHashAlgorithm. check-in: a5858c387a user: bohagan tags: status_x509 | |
|
2023-06-21
| ||
| 23:37 | Added Subject Alternate Name (SAN) to X509 status. Source: https://core.tcl-lang.org/tcltls/tktview/3c42b2ba11 check-in: a5843e5983 user: bohagan tags: status_x509 | |
|
2023-06-20
| ||
| 03:42 | Added Subject Key Identifier (SKI) to X509 status check-in: 3a3000bc1e user: bohagan tags: status_x509 | |
Changes
Modified generic/tlsX509.c from [1151fc789c] to [2da96756ed].
| ︙ | ︙ | |||
108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH];
char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
const char *shachars="0123456789ABCDEF";
int nid, pknid, bits, num_of_exts, len;
uint32_t xflags;
unsigned char *bstring;
sha1_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0';
certStr[0] = 0;
if ((bio = BIO_new(BIO_s_mem())) == NULL) {
subject[0] = 0;
| > | 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 |
unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH];
char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
const char *shachars="0123456789ABCDEF";
int nid, pknid, bits, num_of_exts, len;
uint32_t xflags;
unsigned char *bstring;
STACK_OF(GENERAL_NAME) *san;
sha1_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0';
certStr[0] = 0;
if ((bio = BIO_new(BIO_s_mem())) == NULL) {
subject[0] = 0;
|
| ︙ | ︙ | |||
255 256 257 258 259 260 261 262 263 264 |
ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
unsigned nid2 = OBJ_obj2nid(obj);
Tcl_ListObjAppendElement(interp, extsPtr, Tcl_NewStringObj(OBJ_nid2ln(nid2), -1));
}
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extensions", -1));
Tcl_ListObjAppendElement(interp, certPtr, extsPtr);
}
return certPtr;
}
| > > > > > > > > > > > > > > > > > > > > > > > > > > | 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 |
ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
unsigned nid2 = OBJ_obj2nid(obj);
Tcl_ListObjAppendElement(interp, extsPtr, Tcl_NewStringObj(OBJ_nid2ln(nid2), -1));
}
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extensions", -1));
Tcl_ListObjAppendElement(interp, certPtr, extsPtr);
}
/* Subject Alternative Name (SAN) extension. Additional host names for a single SSL certificate. */
san = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
if (san) {
Tcl_Obj *namesPtr = Tcl_NewListObj(0, NULL);
for (int i=0; i < sk_GENERAL_NAME_num(san); i++) {
const GENERAL_NAME *name = sk_GENERAL_NAME_value(san, i);
size_t len2;
if (name) {
if (name->type == GEN_DNS) {
char *dns_name;
if ((len2 = ASN1_STRING_to_UTF8(&dns_name, name->d.dNSName)) > 0) {
Tcl_ListObjAppendElement(interp, namesPtr, Tcl_NewStringObj(dns_name, (int)len2));
OPENSSL_free (dns_name);
}
} else if (name->type == GEN_IPADD) {
/* name->d.iPAddress */
}
}
}
sk_GENERAL_NAME_pop_free(san, GENERAL_NAME_free);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subject_alt_names", -1));
Tcl_ListObjAppendElement(interp, certPtr, namesPtr);
}
return certPtr;
}
|