Overview
| Comment: | Added CA Issuers URL to X509 status |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | status_x509 |
| Files: | files | file ages | folders |
| SHA3-256: |
3b068ff2f6d394ebdbe628ad01d545b0 |
| User & Date: | bohagan on 2023-08-19 22:14:31 |
| Other Links: | branch diff | manifest | tags |
Context
|
2023-08-20
| ||
| 19:45 | Moved X509 functions to separate procedures. check-in: 2186b86385 user: bohagan tags: status_x509 | |
|
2023-08-19
| ||
| 22:14 | Added CA Issuers URL to X509 status check-in: 3b068ff2f6 user: bohagan tags: status_x509 | |
| 20:30 | Updated ConnectionInfoObjCmd to localize variables check-in: 070af72ccb user: bohagan tags: status_x509 | |
Changes
Modified generic/tlsX509.c from [2bf827806d] to [fd21ef0332].
| ︙ | ︙ | |||
91 92 93 94 95 96 97 |
Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL), *listPtr;
BIO *bio = BIO_new(BIO_s_mem());
int mdnid, pknid, bits, len;
uint32_t xflags, usage;
char buffer[BUFSIZ];
unsigned char md[EVP_MAX_MD_SIZE];
STACK_OF(GENERAL_NAME) *names;
| < | 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL), *listPtr;
BIO *bio = BIO_new(BIO_s_mem());
int mdnid, pknid, bits, len;
uint32_t xflags, usage;
char buffer[BUFSIZ];
unsigned char md[EVP_MAX_MD_SIZE];
STACK_OF(GENERAL_NAME) *names;
STACK_OF(OPENSSL_STRING) *ocsp;
unsigned long flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
flags &= ~ASN1_STRFLGS_ESC_MSB;
if (bio == NULL || certPtr == NULL) {
return NULL;
}
|
| ︙ | ︙ | |||
425 426 427 428 429 430 431 |
Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Any Extended Key Usage", -1));
}
}
LAPPEND_LIST(interp, certPtr, "extendedKeyUsage", listPtr);
/* CRL Distribution Points identifies where CRL information can be obtained.
RFC 5280 section 4.2.1.13*/
| > > | > | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | > > > | > | | | | | | > | | | > | > > > > > > > > > > > > > > > > > > > > > > > | 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 |
Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj("Any Extended Key Usage", -1));
}
}
LAPPEND_LIST(interp, certPtr, "extendedKeyUsage", listPtr);
/* CRL Distribution Points identifies where CRL information can be obtained.
RFC 5280 section 4.2.1.13*/
{
STACK_OF(DIST_POINT) *crl;
listPtr = Tcl_NewListObj(0, NULL);
if (crl = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL)) {
Tcl_Obj *namesPtr = Tcl_NewListObj(0, NULL);
for (int i=0; i < sk_DIST_POINT_num(crl); i++) {
DIST_POINT *dp = sk_DIST_POINT_value(crl, i);
DIST_POINT_NAME *distpoint = dp->distpoint;
if (distpoint->type == 0) {
/* fullname GENERALIZEDNAME */
for (int j = 0; j < sk_GENERAL_NAME_num(distpoint->name.fullname); j++) {
GENERAL_NAME *gen = sk_GENERAL_NAME_value(distpoint->name.fullname, j);
int type;
ASN1_STRING *uri = GENERAL_NAME_get0_value(gen, &type);
if (type == GEN_URI) {
Tcl_ListObjAppendElement(interp, listPtr,
Tcl_NewStringObj((char*)ASN1_STRING_get0_data(uri), ASN1_STRING_length(uri)));
}
}
} else if (distpoint->type == 1) {
/* relativename X509NAME */
STACK_OF(X509_NAME_ENTRY) *sk_relname = distpoint->name.relativename;
for (int j = 0; j < sk_X509_NAME_ENTRY_num(sk_relname); j++) {
X509_NAME_ENTRY *e = sk_X509_NAME_ENTRY_value(sk_relname, j);
ASN1_STRING *d = X509_NAME_ENTRY_get_data(e);
Tcl_ListObjAppendElement(interp, listPtr,
Tcl_NewStringObj((char*)ASN1_STRING_data(d), ASN1_STRING_length(d)));
}
}
}
CRL_DIST_POINTS_free(crl);
}
LAPPEND_LIST(interp, certPtr, "crlDistributionPoints", listPtr);
}
/* Freshest CRL extension */
if (xflags & EXFLAG_FRESHEST) {
}
/* Authority Information Access indicates how to access info and services
for the certificate issuer. RFC 5280 section 4.2.2.1, NID_info_access */
/* Get On-line Certificate Status Protocol (OSCP) URL */
{
STACK_OF(OPENSSL_STRING) *ocsp;
listPtr = Tcl_NewListObj(0, NULL);
if (ocsp = X509_get1_ocsp(cert)) {
for (int i = 0; i < sk_OPENSSL_STRING_num(ocsp); i++) {
Tcl_ListObjAppendElement(interp, listPtr,
Tcl_NewStringObj(sk_OPENSSL_STRING_value(ocsp, i), -1));
}
X509_email_free(ocsp);
/* sk_OPENSSL_STRING_free(ocsp); */
}
LAPPEND_LIST(interp, certPtr, "ocsp", listPtr);
}
/* CA Issuers URL, caIssuers */
{
STACK_OF(ACCESS_DESCRIPTION) *ads;
listPtr = Tcl_NewListObj(0, NULL);
if (ads = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL)) {
for (int i = 0; i < sk_ACCESS_DESCRIPTION_num(ads); i++) {
ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(ads, i);
if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location) {
if (ad->location->type == GEN_URI) {
unsigned char *buf;
len = ASN1_STRING_to_UTF8(&buf, ad->location->d.uniformResourceIdentifier);
Tcl_ListObjAppendElement(interp, listPtr, Tcl_NewStringObj(buf, len));
OPENSSL_free(buf);
break;
}
}
}
/* sk_ACCESS_DESCRIPTION_pop_free(ads, ACCESS_DESCRIPTION_free); */
AUTHORITY_INFO_ACCESS_free(ads);
}
LAPPEND_LIST(interp, certPtr, "caIssuers", listPtr);
}
/* Subject Information Access - RFC 5280 section 4.2.2.2, NID_sinfo_access */
/* Certificate Alias. If uses a PKCS#12 structure, alias will reflect the
friendlyName attribute (RFC 2985). */
len = 0;
LAPPEND_STR(interp, certPtr, "alias", X509_alias_get0(cert, &len), len);
|
| ︙ | ︙ |