Overview
Comment: | Replaced custom X509 ASN1_UTCTIME_tostr function with OpenSSL function ASN1_TIME_print. Added catch errors returned from get certificate functions. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | status_x509 |
Files: | files | file ages | folders |
SHA3-256: |
b50520df51a4df721f33c1f627bc7f74 |
User & Date: | bohagan on 2023-07-30 22:25:09 |
Other Links: | branch diff | manifest | tags |
Context
2023-07-31
| ||
02:17 | Added verify depth and mode status to connection status, renamed signatureType and signatureType check-in: 87010ba1d9 user: bohagan tags: status_x509 | |
2023-07-30
| ||
22:25 | Replaced custom X509 ASN1_UTCTIME_tostr function with OpenSSL function ASN1_TIME_print. Added catch errors returned from get certificate functions. check-in: b50520df51 user: bohagan tags: status_x509 | |
03:39 | Merged master into branch check-in: 739742d3d4 user: bohagan tags: status_x509 | |
Changes
Modified generic/tlsX509.c
from [4adcfb41ce]
to [b50e8f8920].
︙ | ︙ | |||
29 30 31 32 33 34 35 | } static int max(int a, int b) { return (a > b) ? a : b; } | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | } static int max(int a, int b) { return (a > b) ? a : b; } /* * Binary string to hex string */ int String_to_Hex(char* input, int len, char *output, int max) { int count = 0; for (int i = 0; i < len && count < max - 1; i++, count += 2) { |
︙ | ︙ | |||
88 89 90 91 92 93 94 | * * Tls_NewX509Obj -- * * ------------------------------------------------* * Converts a X509 certificate into a Tcl_Obj * ------------------------------------------------* * | | | 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 | * * Tls_NewX509Obj -- * * ------------------------------------------------* * Converts a X509 certificate into a Tcl_Obj * ------------------------------------------------* * * Side effects: * None * * Result: * A Tcl List Object representing the provided * X509 certificate. * *------------------------------------------------------* |
︙ | ︙ | |||
120 121 122 123 124 125 126 | int certStr_len, toRead; unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH]; unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH]; int nid, pknid, bits, num_of_exts, len; uint32_t xflags; STACK_OF(GENERAL_NAME) *san; | | < | | | > | > > | | < | | | > > | | | < | | > > | | | < | > | 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 | int certStr_len, toRead; unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH]; unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH]; int nid, pknid, bits, num_of_exts, len; uint32_t xflags; STACK_OF(GENERAL_NAME) *san; certStr[0] = 0; subject[0] = 0; issuer[0] = 0; serial[0] = 0; notBefore[0] = 0; notAfter[0] = 0; if ((bio = BIO_new(BIO_s_mem())) != NULL) { flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT; flags &= ~ASN1_STRFLGS_ESC_MSB; /* Get subject name */ if (X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags) > 0) { n = BIO_read(bio, subject, min(BIO_pending(bio), BUFSIZ - 1)); subject[max(n, 0)] = 0; (void)BIO_flush(bio); } /* Get issuer name */ if (X509_NAME_print_ex(bio, X509_get_issuer_name(cert), 0, flags) > 0) { n = BIO_read(bio, issuer, min(BIO_pending(bio), BUFSIZ - 1)); issuer[max(n, 0)] = 0; (void)BIO_flush(bio); } /* Get serial number */ if (i2a_ASN1_INTEGER(bio, X509_get0_serialNumber(cert)) > 0) { n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1)); serial[max(n, 0)] = 0; (void)BIO_flush(bio); } /* Get certificate */ if (PEM_write_bio_X509(bio, cert)) { certStr_p = certStr; certStr_len = 0; while (1) { toRead = min(BIO_pending(bio), CERT_STR_SIZE - certStr_len - 1); |
︙ | ︙ | |||
169 170 171 172 173 174 175 | certStr_len += n; certStr_p += n; } *certStr_p = '\0'; (void)BIO_flush(bio); } | | | < > > > > > > > > > > > > > > < < < | | 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 | certStr_len += n; certStr_p += n; } *certStr_p = '\0'; (void)BIO_flush(bio); } /* Get all cert info */ if (X509_print_ex(bio, cert, flags, 0)) { char all[65536]; n = BIO_read(bio, all, min(BIO_pending(bio), 65535)); all[max(n, 0)] = 0; (void)BIO_flush(bio); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("all", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(all, n)); } /* Get Validity - Not Before */ if (ASN1_TIME_print(bio, X509_get_notBefore(cert))) { n = BIO_read(bio, notBefore, min(BIO_pending(bio), BUFSIZ - 1)); notBefore[max(n, 0)] = 0; (void)BIO_flush(bio); } /* Get Validity - Not After */ if (ASN1_TIME_print(bio, X509_get_notAfter(cert))) { n = BIO_read(bio, notAfter, min(BIO_pending(bio), BUFSIZ - 1)); notAfter[max(n, 0)] = 0; (void)BIO_flush(bio); } BIO_free(bio); } /* Version */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("version", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewLongObj(X509_get_version(cert)+1)); /* Signature algorithm */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signature", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(X509_get_signature_nid(cert)),-1)); /* SHA1 Fingerprint of cert - DER representation */ X509_digest(cert, EVP_sha1(), sha1_hash_binary, &len); len = String_to_Hex(sha1_hash_binary, len, buffer, BUFSIZ); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha1_hash", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(buffer, len)); /* SHA256 Fingerprint of cert - DER representation */ |
︙ | ︙ | |||
240 241 242 243 244 245 246 | Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(nid),-1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKeyAlgorithm", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(pknid),-1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("bits", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(bits)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extension_flags", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(xflags)); | | | | 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 | Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(nid),-1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKeyAlgorithm", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(pknid),-1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("bits", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(bits)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extension_flags", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(xflags)); /* Public key - X509_get0_pubkey */ key = X509_get0_pubkey_bitstr(cert); len = String_to_Hex(key->data, key->length, buffer, BUFSIZ); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKey", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(buffer, len)); /* Check if cert was issued by CA cert issuer or self signed */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK)); } /* Unique Ids */ { |
︙ | ︙ |