summaryrefslogtreecommitdiffstats
path: root/ssl_verify_openssl.c
diff options
context:
space:
mode:
authorAdriaan de Jong <dejong@fox-it.com>2011-07-01 14:39:13 +0200
committerDavid Sommerseth <davids@redhat.com>2011-10-22 11:44:36 +0200
commitfceecbab9ddd58ccec28aeafa7be39c65f313458 (patch)
treee8f261d594931caa3587f77d122e6be547f27326 /ssl_verify_openssl.c
parenta4da1fe776b774670948f00898d370da614960f5 (diff)
downloadopenvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.tar.gz
openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.tar.xz
openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.zip
Final cleanup before PolarSSL addition:
- Remove stray X509 entries - Remove unnecessary USE_OPENSSL ifdefs - Normalised x509_get_sha1_hash to look similar to x509_get_* functions Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify_openssl.c')
-rw-r--r--ssl_verify_openssl.c25
1 files changed, 21 insertions, 4 deletions
diff --git a/ssl_verify_openssl.c b/ssl_verify_openssl.c
index f6d27b1..1d32255 100644
--- a/ssl_verify_openssl.c
+++ b/ssl_verify_openssl.c
@@ -37,6 +37,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
{
struct tls_session *session;
SSL *ssl;
+ unsigned char *sha1_hash = NULL;
/* get the tls_session pointer */
ssl = X509_STORE_CTX_get_ex_data (ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
@@ -44,14 +45,15 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
session = (struct tls_session *) SSL_get_ex_data (ssl, mydata_index);
ASSERT (session);
- cert_hash_remember (session, ctx->error_depth, ctx->current_cert->sha1_hash);
+ sha1_hash = x509_get_sha1_hash(ctx->current_cert);
+ cert_hash_remember (session, ctx->error_depth, sha1_hash);
+ x509_free_sha1_hash(sha1_hash);
/* did peer present cert which was signed by our root cert? */
if (!preverify_ok)
{
/* get the X509 name */
- char *subject = X509_NAME_oneline (
- X509_get_subject_name (ctx->current_cert), NULL, 0);
+ char *subject = x509_get_serial(ctx->current_cert);
if (subject)
{
@@ -60,7 +62,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
ctx->error_depth,
X509_verify_cert_error_string (ctx->error),
subject);
- free (subject);
+ x509_free_subject(subject);
}
ERR_clear_error();
@@ -222,6 +224,21 @@ x509_free_serial (char *serial)
OPENSSL_free(serial);
}
+unsigned char *
+x509_get_sha1_hash (X509 *cert)
+{
+ char *hash = malloc(SHA_DIGEST_LENGTH);
+ memcpy(hash, cert->sha1_hash, SHA_DIGEST_LENGTH);
+ return cert->sha1_hash;
+}
+
+void
+x509_free_sha1_hash (unsigned char *hash)
+{
+ if (hash)
+ free(hash);
+}
+
char *
x509_get_subject (X509 *cert)
{
generated by cgit (git 2.34.1) at 2024-05-27 10:02:07 +0000