Skip to content

Commit

Permalink
Add openconnect_get_cert_details() function
Browse files Browse the repository at this point in the history 
Another aspect of the certificate handling becomes ssl-library-agnostic.

This is marked OPENCONNECT_PRIVATE for now. It probably *won't* be private,
but there are other changes to come and probably an soname bump, so there's
no point in exporting it for now.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed May 29, 2012
1 parent 6edabd7 commit e57861d
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 1 deletion.
1 change: 1 addition & 0 deletions libopenconnect.map.in
View file
Expand Up @@ -53,4 +53,5 @@ OPENCONNECT_PRIVATE {
openconnect_version_str;
openconnect_create_useragent;
openconnect_report_ssl_errors;
openconnect_get_cert_details;
};
5 changes: 4 additions & 1 deletion main.c
View file
Expand Up @@ -903,6 +903,7 @@ static int validate_peer_cert(void *_vpninfo, X509 *peer_cert,
UI *ui;
char buf[6];
int ret;
char *details;

fprintf(stderr,
_("\nCertificate from VPN server \"%s\" failed verification.\n"
Expand Down Expand Up @@ -940,7 +941,9 @@ static int validate_peer_cert(void *_vpninfo, X509 *peer_cert,
if (!strcasecmp(buf, _("no")))
return -EINVAL;

X509_print_fp(stderr, peer_cert);
details = openconnect_get_cert_details(vpninfo, peer_cert);
fputs(details, stderr);
free(details);
fprintf(stderr, _("SHA1 fingerprint: %s\n"), fingerprint);
}

Expand Down
2 changes: 2 additions & 0 deletions openconnect.h
View file
Expand Up @@ -128,6 +128,8 @@ struct x509_st;
and should free them later in openconnect_vpninfo_free() */
int openconnect_get_cert_sha1(struct openconnect_info *vpninfo,
struct x509_st *cert, char *buf);
char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
struct x509_st *cert);
int openconnect_set_http_proxy(struct openconnect_info *vpninfo, char *proxy);
int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo);
int openconnect_obtain_cookie(struct openconnect_info *vpninfo);
Expand Down
17 changes: 17 additions & 0 deletions ssl.c
View file
Expand Up @@ -1330,6 +1330,23 @@ void openconnect_init_openssl(void)
OpenSSL_add_all_algorithms ();
}

char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
struct x509_st *cert)
{
BIO *bp = BIO_new(BIO_s_mem());
BUF_MEM *certinfo;
char zero = 0;
char *ret;

X509_print_ex(bp, cert, 0, 0);
BIO_write(bp, &zero, 1);
BIO_get_mem_ptr(bp, &certinfo);

ret = strdup(certinfo->data);
BIO_free(bp);
return ret;
}

#if defined(__sun__) || defined(__NetBSD__) || defined(__DragonFly__)
int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo)
{
Expand Down

0 comments on commit e57861d

Please sign in to comment.