Overview
| Comment: | Optimized get X509 certificate extensions |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | status_x509 |
| Files: | files | file ages | folders |
| SHA3-256: |
eccad70fa9131c7505965acbfb86b504 |
| User & Date: | bohagan on 2023-06-11 20:12:53 |
| Other Links: | branch diff | manifest | tags |
Context
|
2023-06-11
| ||
| 23:26 | Use client or server methods instead of generic methods for protocol version selection check-in: f9da715266 user: bohagan tags: status_x509 | |
| 20:12 | Optimized get X509 certificate extensions check-in: eccad70fa9 user: bohagan tags: status_x509 | |
| 02:27 | Added more X509 certificate status info, show algorithm names, list used extensions, etc. check-in: 7265279af2 user: bohagan tags: status_x509 | |
Changes
Modified generic/tls.c from [fb9e2c2ae2] to [65ec9cb148].
| ︙ | ︙ | |||
2545 2546 2547 2548 2549 2550 2551 |
locks = malloc(sizeof(*locks) * num_locks);
memset(locks, 0, sizeof(*locks) * num_locks);
#endif
/* Initialize BOTH libcrypto and libssl. */
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
| OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
| < | 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 |
locks = malloc(sizeof(*locks) * num_locks);
memset(locks, 0, sizeof(*locks) * num_locks);
#endif
/* Initialize BOTH libcrypto and libssl. */
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS
| OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
BIO_new_tcl(NULL, 0);
#if 0
/*
* XXX:TODO: Remove this code and replace it with a check
* for enough entropy and do not try to create our own
|
| ︙ | ︙ |
Modified generic/tlsX509.c from [52e74984a2] to [7a553a48a5].
| ︙ | ︙ | |||
89 90 91 92 93 94 95 |
*/
#define CERT_STR_SIZE 16384
Tcl_Obj*
Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert) {
Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL);
| < < | 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
*/
#define CERT_STR_SIZE 16384
Tcl_Obj*
Tls_NewX509Obj(Tcl_Interp *interp, X509 *cert) {
Tcl_Obj *certPtr = Tcl_NewListObj(0, NULL);
BIO *bio;
int n;
unsigned long flags;
char subject[BUFSIZ];
char issuer[BUFSIZ];
char serial[BUFSIZ];
char notBefore[BUFSIZ];
char notAfter[BUFSIZ];
char certStr[CERT_STR_SIZE], *certStr_p;
int certStr_len, toRead;
char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH];
char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
const char *shachars="0123456789ABCDEF";
int nid, pknid, bits, num_of_exts;
uint32_t xflags;
sha1_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0';
certStr[0] = 0;
if ((bio = BIO_new(BIO_s_mem())) == NULL) {
subject[0] = 0;
|
| ︙ | ︙ | |||
139 140 141 142 143 144 145 146 147 148 149 150 151 152 |
i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
n = max(n, 0);
serial[n] = 0;
(void)BIO_flush(bio);
if (PEM_write_bio_X509(bio, cert)) {
certStr_p = certStr;
certStr_len = 0;
while (1) {
toRead = min(BIO_pending(bio), CERT_STR_SIZE - certStr_len - 1);
toRead = min(toRead, BUFSIZ);
if (toRead == 0) {
| > | 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 |
i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
n = max(n, 0);
serial[n] = 0;
(void)BIO_flush(bio);
/* Get certificate */
if (PEM_write_bio_X509(bio, cert)) {
certStr_p = certStr;
certStr_len = 0;
while (1) {
toRead = min(BIO_pending(bio), CERT_STR_SIZE - certStr_len - 1);
toRead = min(toRead, BUFSIZ);
if (toRead == 0) {
|
| ︙ | ︙ | |||
235 236 237 238 239 240 241 |
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj( certStr, -1));
num_of_exts = X509_get_ext_count(cert);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("num_extensions", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(num_of_exts));
/* Get extensions */
| > | > | > | | | | | | > | > | 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 |
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj( certStr, -1));
num_of_exts = X509_get_ext_count(cert);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("num_extensions", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(num_of_exts));
/* Get extensions */
if (num_of_exts > 0) {
Tcl_Obj *extsPtr = Tcl_NewListObj(0, NULL);
const STACK_OF(X509_EXTENSION) *exts;
exts = X509_get0_extensions(cert);
for (int i=0; i < num_of_exts; i++) {
X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i);
ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
unsigned nid2 = OBJ_obj2nid(obj);
Tcl_ListObjAppendElement(interp, extsPtr, Tcl_NewStringObj(OBJ_nid2ln(nid2), -1));
}
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extensions", -1));
Tcl_ListObjAppendElement(interp, certPtr, extsPtr);
}
return certPtr;
}
|