Changeset 5238


Ignore:
Timestamp:
Jan 27, 2016 9:55:13 AM (5 years ago)
Author:
riza
Message:

Misc (Re #1882): Add raw certificate information to pj_ssl_cert_info data. Thanks to Peter Koletzki for the suggestion.

Location:
pjproject/trunk/pjlib
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjlib/include/pj/ssl_sock.h

    r5214 r5238  
    181181    } subj_alt_name;                /**< Subject alternative 
    182182                                         name extension         */ 
     183 
     184    pj_str_t raw;                   /**< Raw certificate in PEM format, only 
     185                                         available for remote certificate. */ 
    183186 
    184187} pj_ssl_cert_info; 
  • pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

    r5220 r5238  
    984984 * to be updated by inspecting the issuer and the serial number. 
    985985 */ 
    986 static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x) 
     986static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x, 
     987                          pj_bool_t get_pem) 
    987988{ 
    988989    pj_bool_t update_needed; 
    989990    char buf[512]; 
    990991    pj_uint8_t serial_no[64] = {0}; /* should be >= sizeof(ci->serial_no) */ 
    991     pj_uint8_t *p; 
     992    pj_uint8_t *q; 
    992993    unsigned len; 
    993994    GENERAL_NAMES *names = NULL; 
     
    9991000 
    10001001    /* Get serial no */ 
    1001     p = (pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x)); 
     1002    q = (pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x)); 
    10021003    len = M_ASN1_STRING_length(X509_get_serialNumber(x)); 
    10031004    if (len > sizeof(ci->serial_no))  
    10041005        len = sizeof(ci->serial_no); 
    1005     pj_memcpy(serial_no + sizeof(ci->serial_no) - len, p, len); 
     1006    pj_memcpy(serial_no + sizeof(ci->serial_no) - len, q, len); 
    10061007 
    10071008    /* Check if the contents need to be updated. */ 
     
    10971098        } 
    10981099    } 
     1100 
     1101    if (get_pem) { 
     1102        /* Update raw Certificate info in PEM format. */ 
     1103        BIO *bio;        
     1104        BUF_MEM *ptr; 
     1105         
     1106        bio = BIO_new(BIO_s_mem()); 
     1107        if (!PEM_write_bio_X509(bio, x)) { 
     1108            PJ_LOG(3,(THIS_FILE, "Error retrieving raw certificate info")); 
     1109            ci->raw.ptr = NULL; 
     1110            ci->raw.slen = 0; 
     1111        } else { 
     1112            BIO_write(bio, "\0", 1); 
     1113            BIO_get_mem_ptr(bio, &ptr); 
     1114            pj_strdup2(pool, &ci->raw, ptr->data);       
     1115        }        
     1116        BIO_free(bio);       
     1117    }     
    10991118} 
    11001119 
     
    11121131    x = SSL_get_certificate(ssock->ossl_ssl); 
    11131132    if (x) { 
    1114         get_cert_info(ssock->pool, &ssock->local_cert_info, x); 
     1133        get_cert_info(ssock->pool, &ssock->local_cert_info, x, PJ_FALSE); 
    11151134        /* Don't free local's X509! */ 
    11161135    } else { 
     
    11211140    x = SSL_get_peer_certificate(ssock->ossl_ssl); 
    11221141    if (x) { 
    1123         get_cert_info(ssock->pool, &ssock->remote_cert_info, x); 
     1142        get_cert_info(ssock->pool, &ssock->remote_cert_info, x, PJ_TRUE); 
    11241143        /* Free peer's X509 */ 
    11251144        X509_free(x); 
Note: See TracChangeset for help on using the changeset viewer.