Index: generic/tlsX509.c
==================================================================
--- generic/tlsX509.c
+++ generic/tlsX509.c
@@ -67,10 +67,23 @@
sprintf(bp,"%s %2d %02d:%02d:%02d %d%s", mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"");
return bp;
err:
return "Bad time value";
}
+�
+/*
+ * Binary string to hex string
+ */
+int String_to_Hex(char* input, int len, char *output, int max) {
+ int count = 0;
+
+ for (int i = 0; i < len && count < max - 1; i++, count += 2) {
+ sprintf(output + count, "%02X", input[i] & 0xff);
+ }
+ output[count] = 0;
+ return count;
+}
�
/*
*------------------------------------------------------*
*
* Tls_NewX509Obj --
@@ -100,17 +113,17 @@
char subject[BUFSIZ];
char issuer[BUFSIZ];
char serial[BUFSIZ];
char notBefore[BUFSIZ];
char notAfter[BUFSIZ];
+ char publicKey[BUFSIZ];
char certStr[CERT_STR_SIZE], *certStr_p;
int certStr_len, toRead;
char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH];
char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH];
- const char *shachars="0123456789ABCDEF";
int nid, pknid, bits, num_of_exts, len;
uint32_t xflags;
unsigned char *bstring;
STACK_OF(GENERAL_NAME) *san;
@@ -186,34 +199,31 @@
/* Version */
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("version", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewLongObj(X509_get_version(cert)+1));
/* Signature algorithm */
- Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signatureAlgorithm", -1));
+ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signature", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(X509_get_signature_nid(cert)),-1));
/* Information about the signature of certificate cert */
if (X509_get_signature_info(cert, &nid, &pknid, &bits, &xflags) == 1) {
ASN1_BIT_STRING *key;
- Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("digest", -1));
+ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signingDigest", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(nid),-1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKeyAlgorithm", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(pknid),-1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("bits", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(bits));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extension_flags", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(xflags));
- if (pknid == NID_rsaEncryption || pknid == NID_dsa) {
- EVP_PKEY *pkey = X509_get_pubkey(cert);
- }
-
- /* X509_get0_pubkey_bitstr returns the BIT STRING portion of |x509|'s public key. */
+ /* Public key - X509_get0_pubkey */
key = X509_get0_pubkey_bitstr(cert);
+ len = String_to_Hex(key->data, key->length, publicKey, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKey", -1));
- Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj((char *)key->data, key->length);
+ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len));
/* Check if cert was issued by CA cert issuer or self signed */
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK));
}
@@ -231,23 +241,17 @@
bstring = X509_keyid_get0(cert, &len);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(bstring, len));
/* SHA1 Fingerprint of cert - DER representation */
X509_digest(cert, EVP_sha1(), sha1_hash_binary, &len);
- for (int n = 0; n < SHA_DIGEST_LENGTH; n++) {
- sha1_hash_ascii[n*2] = shachars[(sha1_hash_binary[n] & 0xF0) >> 4];
- sha1_hash_ascii[n*2+1] = shachars[(sha1_hash_binary[n] & 0x0F)];
- }
+ len = String_to_Hex(sha1_hash_binary, len, sha1_hash_ascii, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha1_hash", -1));
- Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(sha1_hash_ascii, SHA_DIGEST_LENGTH * 2));
+ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(sha1_hash_ascii, len));
/* SHA256 Fingerprint of cert - DER representation */
X509_digest(cert, EVP_sha256(), sha256_hash_binary, &len);
- for (int n = 0; n < SHA256_DIGEST_LENGTH; n++) {
- sha256_hash_ascii[n*2] = shachars[(sha256_hash_binary[n] & 0xF0) >> 4];
- sha256_hash_ascii[n*2+1] = shachars[(sha256_hash_binary[n] & 0x0F)];
- }
+ len = String_to_Hex(sha256_hash_binary, len, sha256_hash_ascii, BUFSIZ);
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha256_hash", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj( sha256_hash_ascii, SHA256_DIGEST_LENGTH * 2));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subject", -1));
Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj( subject, -1));