Changeset 5238

Timestamp:

Jan 27, 2016 9:55:13 AM (8 years ago)

Author:

riza

Message:

Misc (Re #1882): Add raw certificate information to pj_ssl_cert_info data. Thanks to Peter Koletzki for the suggestion.

Location:

pjproject/trunk/pjlib

Files:

• include/pj/ssl_sock.h (modified) (1 diff)
• src/pj/ssl_sock_ossl.c (modified) (5 diffs)

pjproject/trunk/pjlib/include/pj/ssl_sock.h

@@ -181 +181 @@
     } subj_alt_name;                /**< Subject alternative
                                          name extension         */
+
+    pj_str_t raw;                   /**< Raw certificate in PEM format, only
+                                         available for remote certificate. */
 
 } pj_ssl_cert_info;

pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

@@ -984 +984 @@
  * to be updated by inspecting the issuer and the serial number.
  */
-static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x)
+static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x,
+                          pj_bool_t get_pem)
 {
     pj_bool_t update_needed;
     char buf[512];
     pj_uint8_t serial_no[64] = {0}; /* should be >= sizeof(ci->serial_no) */
-    pj_uint8_t *p;
+    pj_uint8_t *q;
     unsigned len;
     GENERAL_NAMES *names = NULL;
@@ -999 +1000 @@
 
     /* Get serial no */
-    p = (pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x));
+    q = (pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x));
     len = M_ASN1_STRING_length(X509_get_serialNumber(x));
     if (len > sizeof(ci->serial_no)) 
         len = sizeof(ci->serial_no);
-    pj_memcpy(serial_no + sizeof(ci->serial_no) - len, p, len);
+    pj_memcpy(serial_no + sizeof(ci->serial_no) - len, q, len);
 
     /* Check if the contents need to be updated. */
@@ -1097 +1098 @@
         }
     }
+
+    if (get_pem) {
+        /* Update raw Certificate info in PEM format. */
+        BIO *bio;       
+        BUF_MEM *ptr;
+        
+        bio = BIO_new(BIO_s_mem());
+        if (!PEM_write_bio_X509(bio, x)) {
+            PJ_LOG(3,(THIS_FILE, "Error retrieving raw certificate info"));
+            ci->raw.ptr = NULL;
+            ci->raw.slen = 0;
+        } else {
+            BIO_write(bio, "\0", 1);
+            BIO_get_mem_ptr(bio, &ptr);
+            pj_strdup2(pool, &ci->raw, ptr->data);      
+        }       
+        BIO_free(bio);      
+    }    
 }
 
@@ -1112 +1131 @@
     x = SSL_get_certificate(ssock->ossl_ssl);
     if (x) {
-        get_cert_info(ssock->pool, &ssock->local_cert_info, x);
+        get_cert_info(ssock->pool, &ssock->local_cert_info, x, PJ_FALSE);
         /* Don't free local's X509! */
     } else {
@@ -1121 +1140 @@
     x = SSL_get_peer_certificate(ssock->ossl_ssl);
     if (x) {
-        get_cert_info(ssock->pool, &ssock->remote_cert_info, x);
+        get_cert_info(ssock->pool, &ssock->remote_cert_info, x, PJ_TRUE);
         /* Free peer's X509 */
         X509_free(x);