Changeset 72c5b0be5471b0ebbb782fba28a4f6f1cd00a6f1 for src
- Timestamp:
- 09/13/09 03:46:12 (4 years ago)
- git-parent:
- Files:
-
- src/eventer/Makefile.in (modified) (1 diff)
- src/eventer/OETS_asn1_helper.c (added)
- src/eventer/OETS_asn1_helper.h (added)
- src/eventer/eventer_SSL_fd_opset.c (modified) (8 diffs)
- src/eventer/eventer_SSL_fd_opset.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
src/eventer/Makefile.in
ra504323 r72c5b0b 13 13 @EVENTER_OBJS@ \ 14 14 eventer_POSIX_fd_opset.o \ 15 eventer_SSL_fd_opset.o \15 eventer_SSL_fd_opset.o OETS_asn1_helper.o \ 16 16 eventer_jobq.o 17 17 src/eventer/eventer_SSL_fd_opset.c
r9488f45 r72c5b0b 35 35 #include "utils/noit_log.h" 36 36 #include "eventer/eventer_SSL_fd_opset.h" 37 #include "eventer/OETS_asn1_helper.h" 37 38 38 39 #include <sys/socket.h> … … 50 51 char *issuer; 51 52 char *subject; 53 time_t start_time; 54 time_t end_time; 55 char *cert_error; 52 56 eventer_ssl_verify_func_t verify_cb; 53 57 void *verify_cb_closure; … … 108 112 X509_STORE_CTX *x509ctx, void *closure) { 109 113 time_t now; 114 int err; 110 115 X509 *peer; 116 ASN1_TIME *t; 111 117 if(!x509ctx) return -1; 112 118 peer = X509_STORE_CTX_get_current_cert(x509ctx); 113 119 time(&now); 114 if(X509_cmp_time(X509_get_notBefore(peer), &now) > 0) return -1; 115 if(X509_cmp_time(X509_get_notAfter(peer), &now) < 0) return 1; 120 t = X509_get_notBefore(peer); 121 ctx->start_time = OETS_ASN1_TIME_get(t, &err); 122 if(X509_cmp_time(t, &now) > 0) return -1; 123 t = X509_get_notAfter(peer); 124 ctx->end_time = OETS_ASN1_TIME_get(t, &err); 125 if(X509_cmp_time(t, &now) < 0) return 1; 116 126 return 0; 117 127 } … … 134 144 ignore_dates = "false"; 135 145 146 if(options == NULL) { 147 /* Don't care about anything */ 148 opt_no_ca = "true"; 149 ignore_dates = "true"; 150 } 136 151 ssl = X509_STORE_CTX_get_ex_data(x509ctx, 137 152 SSL_get_ex_data_X509_STORE_CTX_idx()); … … 143 158 (v_res == X509_V_ERR_CERT_UNTRUSTED) || 144 159 (v_res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) { 160 ctx->cert_error = strdup(X509_verify_cert_error_string(v_res)); 145 161 if(!strcmp(opt_no_ca, "true")) ok = 1; 146 162 else { … … 176 192 ctx->type = strdup(buffer); \ 177 193 } \ 178 c har * \194 const char * \ 179 195 eventer_ssl_get_peer_##type(eventer_ssl_ctx_t *ctx) { \ 180 196 return ctx->type; \ … … 183 199 GET_SET_X509_NAME(issuer) 184 200 GET_SET_X509_NAME(subject) 201 202 time_t 203 eventer_ssl_get_peer_start_time(eventer_ssl_ctx_t *ctx) { 204 return ctx->start_time; 205 } 206 time_t 207 eventer_ssl_get_peer_end_time(eventer_ssl_ctx_t *ctx) { 208 return ctx->end_time; 209 } 210 const char * 211 eventer_ssl_get_peer_error(eventer_ssl_ctx_t *ctx) { 212 return ctx->cert_error; 213 } 185 214 186 215 static int … … 208 237 if(ctx->issuer) free(ctx->issuer); 209 238 if(ctx->subject) free(ctx->subject); 239 if(ctx->cert_error) free(ctx->cert_error); 210 240 free(ctx); 211 241 } src/eventer/eventer_SSL_fd_opset.h
r88a7178 r72c5b0b 92 92 X509_STORE_CTX *x509ctx, void *closure); 93 93 94 /* These are all helper functions to expose information 95 * gleaned in the cert verfication process. 96 */ 94 97 #define GET_SET_X509_NAME_PROTO(type) \ 95 API_EXPORT(c har *) \98 API_EXPORT(const char *) \ 96 99 eventer_ssl_get_peer_##type(eventer_ssl_ctx_t *ctx) 97 100 GET_SET_X509_NAME_PROTO(issuer); 98 101 GET_SET_X509_NAME_PROTO(subject); 102 GET_SET_X509_NAME_PROTO(error); 103 API_EXPORT(time_t) 104 eventer_ssl_get_peer_start_time(eventer_ssl_ctx_t *ctx); 105 API_EXPORT(time_t) 106 eventer_ssl_get_peer_end_time(eventer_ssl_ctx_t *ctx); 99 107 100 108 #endif