- Timestamp:
- Jan 27, 2016 9:55:13 AM (9 years ago)
- Location:
- pjproject/trunk/pjlib
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
pjproject/trunk/pjlib/include/pj/ssl_sock.h
r5214 r5238 181 181 } subj_alt_name; /**< Subject alternative 182 182 name extension */ 183 184 pj_str_t raw; /**< Raw certificate in PEM format, only 185 available for remote certificate. */ 183 186 184 187 } pj_ssl_cert_info; -
pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c
r5220 r5238 984 984 * to be updated by inspecting the issuer and the serial number. 985 985 */ 986 static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x) 986 static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x, 987 pj_bool_t get_pem) 987 988 { 988 989 pj_bool_t update_needed; 989 990 char buf[512]; 990 991 pj_uint8_t serial_no[64] = {0}; /* should be >= sizeof(ci->serial_no) */ 991 pj_uint8_t * p;992 pj_uint8_t *q; 992 993 unsigned len; 993 994 GENERAL_NAMES *names = NULL; … … 999 1000 1000 1001 /* Get serial no */ 1001 p= (pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x));1002 q = (pj_uint8_t*) M_ASN1_STRING_data(X509_get_serialNumber(x)); 1002 1003 len = M_ASN1_STRING_length(X509_get_serialNumber(x)); 1003 1004 if (len > sizeof(ci->serial_no)) 1004 1005 len = sizeof(ci->serial_no); 1005 pj_memcpy(serial_no + sizeof(ci->serial_no) - len, p, len);1006 pj_memcpy(serial_no + sizeof(ci->serial_no) - len, q, len); 1006 1007 1007 1008 /* Check if the contents need to be updated. */ … … 1097 1098 } 1098 1099 } 1100 1101 if (get_pem) { 1102 /* Update raw Certificate info in PEM format. */ 1103 BIO *bio; 1104 BUF_MEM *ptr; 1105 1106 bio = BIO_new(BIO_s_mem()); 1107 if (!PEM_write_bio_X509(bio, x)) { 1108 PJ_LOG(3,(THIS_FILE, "Error retrieving raw certificate info")); 1109 ci->raw.ptr = NULL; 1110 ci->raw.slen = 0; 1111 } else { 1112 BIO_write(bio, "\0", 1); 1113 BIO_get_mem_ptr(bio, &ptr); 1114 pj_strdup2(pool, &ci->raw, ptr->data); 1115 } 1116 BIO_free(bio); 1117 } 1099 1118 } 1100 1119 … … 1112 1131 x = SSL_get_certificate(ssock->ossl_ssl); 1113 1132 if (x) { 1114 get_cert_info(ssock->pool, &ssock->local_cert_info, x );1133 get_cert_info(ssock->pool, &ssock->local_cert_info, x, PJ_FALSE); 1115 1134 /* Don't free local's X509! */ 1116 1135 } else { … … 1121 1140 x = SSL_get_peer_certificate(ssock->ossl_ssl); 1122 1141 if (x) { 1123 get_cert_info(ssock->pool, &ssock->remote_cert_info, x );1142 get_cert_info(ssock->pool, &ssock->remote_cert_info, x, PJ_TRUE); 1124 1143 /* Free peer's X509 */ 1125 1144 X509_free(x);
Note: See TracChangeset
for help on using the changeset viewer.