1 |
|
|
/* $OpenBSD: tls_peer.c,v 1.8 2017/04/10 17:11:13 jsing Exp $ */ |
2 |
|
|
/* |
3 |
|
|
* Copyright (c) 2015 Joel Sing <jsing@openbsd.org> |
4 |
|
|
* Copyright (c) 2015 Bob Beck <beck@openbsd.org> |
5 |
|
|
* |
6 |
|
|
* Permission to use, copy, modify, and distribute this software for any |
7 |
|
|
* purpose with or without fee is hereby granted, provided that the above |
8 |
|
|
* copyright notice and this permission notice appear in all copies. |
9 |
|
|
* |
10 |
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
11 |
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
12 |
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
13 |
|
|
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
14 |
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
15 |
|
|
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
16 |
|
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
17 |
|
|
*/ |
18 |
|
|
|
19 |
|
|
#include <stdio.h> |
20 |
|
|
|
21 |
|
|
#include <openssl/x509.h> |
22 |
|
|
|
23 |
|
|
#include <tls.h> |
24 |
|
|
#include "tls_internal.h" |
25 |
|
|
|
26 |
|
|
const char * |
27 |
|
|
tls_peer_cert_hash(struct tls *ctx) |
28 |
|
|
{ |
29 |
|
|
if (ctx->conninfo == NULL) |
30 |
|
|
return (NULL); |
31 |
|
|
return (ctx->conninfo->hash); |
32 |
|
|
} |
33 |
|
|
const char * |
34 |
|
|
tls_peer_cert_issuer(struct tls *ctx) |
35 |
|
|
{ |
36 |
|
|
if (ctx->conninfo == NULL) |
37 |
|
|
return (NULL); |
38 |
|
|
return (ctx->conninfo->issuer); |
39 |
|
|
} |
40 |
|
|
|
41 |
|
|
const char * |
42 |
|
|
tls_peer_cert_subject(struct tls *ctx) |
43 |
|
|
{ |
44 |
|
|
if (ctx->conninfo == NULL) |
45 |
|
|
return (NULL); |
46 |
|
|
return (ctx->conninfo->subject); |
47 |
|
|
} |
48 |
|
|
|
49 |
|
|
int |
50 |
|
|
tls_peer_cert_provided(struct tls *ctx) |
51 |
|
|
{ |
52 |
|
|
return (ctx->ssl_peer_cert != NULL); |
53 |
|
|
} |
54 |
|
|
|
55 |
|
|
int |
56 |
|
|
tls_peer_cert_contains_name(struct tls *ctx, const char *name) |
57 |
|
|
{ |
58 |
|
|
int match; |
59 |
|
|
|
60 |
|
|
if (ctx->ssl_peer_cert == NULL) |
61 |
|
|
return (0); |
62 |
|
|
|
63 |
|
|
if (tls_check_name(ctx, ctx->ssl_peer_cert, name, &match) == -1) |
64 |
|
|
return (0); |
65 |
|
|
|
66 |
|
|
return (match); |
67 |
|
|
} |
68 |
|
|
|
69 |
|
|
time_t |
70 |
|
|
tls_peer_cert_notbefore(struct tls *ctx) |
71 |
|
|
{ |
72 |
|
|
if (ctx->ssl_peer_cert == NULL) |
73 |
|
|
return (-1); |
74 |
|
|
if (ctx->conninfo == NULL) |
75 |
|
|
return (-1); |
76 |
|
|
return (ctx->conninfo->notbefore); |
77 |
|
|
} |
78 |
|
|
|
79 |
|
|
time_t |
80 |
|
|
tls_peer_cert_notafter(struct tls *ctx) |
81 |
|
|
{ |
82 |
|
|
if (ctx->ssl_peer_cert == NULL) |
83 |
|
|
return (-1); |
84 |
|
|
if (ctx->conninfo == NULL) |
85 |
|
|
return (-1); |
86 |
|
|
return (ctx->conninfo->notafter); |
87 |
|
|
} |
88 |
|
|
|
89 |
|
|
const uint8_t * |
90 |
|
|
tls_peer_cert_chain_pem(struct tls *ctx, size_t *size) |
91 |
|
|
{ |
92 |
|
|
if (ctx->ssl_peer_cert == NULL) |
93 |
|
|
return (NULL); |
94 |
|
|
if (ctx->conninfo == NULL) |
95 |
|
|
return (NULL); |
96 |
|
|
*size = ctx->conninfo->peer_cert_len; |
97 |
|
|
return (ctx->conninfo->peer_cert); |
98 |
|
|
} |
99 |
|
|
|