Code to get nicknames from peer certs

svn:r627
This commit is contained in:
Nick Mathewson 2003-10-19 00:46:51 +00:00
parent ec96419109
commit 0ec2a34a1d
2 changed files with 34 additions and 3 deletions

View File

@ -12,6 +12,9 @@
#include "./util.h" #include "./util.h"
#include "./log.h" #include "./log.h"
/* Copied from or.h */
#define LEGAL_NICKNAME_CHARACTERS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
#include <assert.h> #include <assert.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -132,7 +135,6 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
X509 *x509 = NULL; X509 *x509 = NULL;
X509_NAME *name = NULL; X509_NAME *name = NULL;
BIO *out = NULL;
int nid; int nid;
int err; int err;
@ -178,8 +180,6 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
error: error:
err = 1; err = 1;
done: done:
if (out)
BIO_free(out);
if (x509 && err) if (x509 && err)
X509_free(x509); X509_free(x509);
if (pkey) if (pkey)
@ -461,6 +461,36 @@ tor_tls_peer_has_cert(tor_tls *tls)
return 1; return 1;
} }
int
tor_tls_get_peer_cert_nickname(tor_tls *tls, char *buf, int buflen)
{
X509 *cert = NULL;
X509_NAME *name = NULL;
int nid;
int lenout;
int i;
if (!(cert = SSL_get_peer_certificate(tls->ssl))) {
log_fn(LOG_ERR, "Peer has no certificate");
return -1;
}
if (!(name = X509_get_subject_name(cert))) {
log_fn(LOG_ERR, "Peer certificate has no subject name");
return -1;
}
if ((nid = OBJ_txt2nid("commonName")) == NID_undef)
return -1;
lenout = X509_NAME_get_text_by_NID(name, nid, buf, buflen);
if (lenout == -1)
return -1;
if (strspn(buf, LEGAL_NICKNAME_CHARACTERS) != lenout) {
log_fn(LOG_ERR, "Peer certificate nickname has illegal characters.");
return -1;
}
return 0;
}
/* If the provided tls connection is authenticated and has a /* If the provided tls connection is authenticated and has a
* certificate that is currently valid and is correctly self-signed, * certificate that is currently valid and is correctly self-signed,
* return its public key. Otherwise return NULL. * return its public key. Otherwise return NULL.

View File

@ -21,6 +21,7 @@ int tor_tls_context_new(crypto_pk_env_t *rsa, int isServer, const char *nickname
tor_tls *tor_tls_new(int sock, int isServer); tor_tls *tor_tls_new(int sock, int isServer);
void tor_tls_free(tor_tls *tls); void tor_tls_free(tor_tls *tls);
int tor_tls_peer_has_cert(tor_tls *tls); int tor_tls_peer_has_cert(tor_tls *tls);
int tor_tls_get_peer_cert_nickname(tor_tls *tls, char *buf, int buflen);
crypto_pk_env_t *tor_tls_verify(tor_tls *tls); crypto_pk_env_t *tor_tls_verify(tor_tls *tls);
int tor_tls_read(tor_tls *tls, char *cp, int len); int tor_tls_read(tor_tls *tls, char *cp, int len);
int tor_tls_write(tor_tls *tls, char *cp, int n); int tor_tls_write(tor_tls *tls, char *cp, int n);