Overview
| Comment: | Added Subject Key Identifier (SKI) to X509 status |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | status_x509 |
| Files: | files | file ages | folders |
| SHA3-256: |
3a3000bc1ed059860a10abc2b6537c3d |
| User & Date: | bohagan on 2023-06-20 03:42:27 |
| Other Links: | branch diff | manifest | tags |
Context
|
2023-06-21
| ||
| 23:37 | Added Subject Alternate Name (SAN) to X509 status. Source: https://core.tcl-lang.org/tcltls/tktview/3c42b2ba11 check-in: a5843e5983 user: bohagan tags: status_x509 | |
|
2023-06-20
| ||
| 03:42 | Added Subject Key Identifier (SKI) to X509 status check-in: 3a3000bc1e user: bohagan tags: status_x509 | |
|
2023-06-18
| ||
| 21:47 | Added post handshake cert request option check-in: fec0e414e9 user: bohagan tags: status_x509 | |
Changes
Modified generic/tlsX509.c from [22c3621c28] to [1151fc789c].
| ︙ | ︙ | |||
105 106 107 108 109 110 111 |
char certStr[CERT_STR_SIZE], *certStr_p;
int certStr_len, toRead;
char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH];
char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
const char *shachars="0123456789ABCDEF";
| | > | 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
char certStr[CERT_STR_SIZE], *certStr_p;
int certStr_len, toRead;
char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH];
char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
const char *shachars="0123456789ABCDEF";
int nid, pknid, bits, num_of_exts, len;
uint32_t xflags;
unsigned char *bstring;
sha1_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0';
certStr[0] = 0;
if ((bio = BIO_new(BIO_s_mem())) == NULL) {
subject[0] = 0;
|
| ︙ | ︙ | |||
194 195 196 197 198 199 200 201 202 203 204 205 206 207 |
}
/* Check if cert was issued by CA cert issuer or self signed */
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK));
}
/* SHA1 - DER representation*/
X509_digest(cert, EVP_sha1(), sha1_hash_binary, NULL);
for (int n = 0; n < SHA_DIGEST_LENGTH; n++) {
sha1_hash_ascii[n*2] = shachars[(sha1_hash_binary[n] & 0xF0) >> 4];
sha1_hash_ascii[n*2+1] = shachars[(sha1_hash_binary[n] & 0x0F)];
}
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha1_hash", -1));
| > > > > > | 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 |
}
/* Check if cert was issued by CA cert issuer or self signed */
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK));
}
/* Subject Key Identifier */
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectKeyIdentifier", -1));
bstring = X509_keyid_get0(cert, &len);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(bstring, len));
/* SHA1 - DER representation*/
X509_digest(cert, EVP_sha1(), sha1_hash_binary, NULL);
for (int n = 0; n < SHA_DIGEST_LENGTH; n++) {
sha1_hash_ascii[n*2] = shachars[(sha1_hash_binary[n] & 0xF0) >> 4];
sha1_hash_ascii[n*2+1] = shachars[(sha1_hash_binary[n] & 0x0F)];
}
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha1_hash", -1));
|
| ︙ | ︙ |