Add kore_tls_x509_data(). - kore - Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.

commit feb90208ef01faa1e585b938614d006b5c9988d4
parent 169a4e7c5df6d858c4bd8c57572995d1bd61ce31
Author: Joris Vink <joris@coders.se>
Date:   Fri, 18 Feb 2022 09:14:30 +0100

Add kore_tls_x509_data().

Use it in the Python code, which requires it.

Diffstat:
include/kore/kore.h  | 1 +
src/python.c  | 36 +++++++++++++++---------------------
src/tls_none.c  | 6 ++++++
src/tls_openssl.c  | 40 ++++++++++++++++++++++++++++++++++++++--

4 files changed, 60 insertions(+), 23 deletions(-)
diff --git a/include/kore/kore.h b/include/kore/kore.h
@@ -824,6 +824,7 @@ void		kore_tls_domain_setup(struct kore_domain *,
 void		*kore_tls_rsakey_load(const char *);
 void		*kore_tls_rsakey_generate(const char *);
 
+int		kore_tls_x509_data(struct connection *, u_int8_t **, size_t *);
 void		*kore_tls_x509_issuer_name(struct connection *);
 void		*kore_tls_x509_subject_name(struct connection *);
 int		kore_tls_x509name_foreach(void *, int, void *,
diff --git a/src/python.c b/src/python.c
@@ -29,6 +29,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <stdarg.h>
+#include <stddef.h>
 
 #include "kore.h"
 #include "http.h"
@@ -2904,25 +2905,17 @@ pyconnection_get_addr(struct pyconnection *pyc, void *closure)
 static PyObject *
 pyconnection_get_peer_x509(struct pyconnection *pyc, void *closure)
 {
-	int			len;
-	PyObject		*bytes;
-	u_int8_t		*der, *pp;
+	size_t		len;
+	u_int8_t	*der;
+	PyObject	*bytes;
 
 	if (pyc->c->cert == NULL) {
 		Py_RETURN_NONE;
 	}
 
-	if ((len = i2d_X509(pyc->c->cert, NULL)) <= 0) {
-		PyErr_SetString(PyExc_RuntimeError, "i2d_X509 failed");
-		return (NULL);
-	}
-
-	der = kore_calloc(1, len);
-	pp = der;
-
-	if (i2d_X509(pyc->c->cert, &pp) <= 0) {
-		kore_free(der);
-		PyErr_SetString(PyExc_RuntimeError, "i2d_X509 failed");
+	if (!kore_tls_x509_data(pyc->c, &der, &len)) {
+		PyErr_SetString(PyExc_RuntimeError,
+		    "failed to obtain certificate data");
 		return (NULL);
 	}
 
@@ -2935,7 +2928,7 @@ pyconnection_get_peer_x509(struct pyconnection *pyc, void *closure)
 static PyObject *
 pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure)
 {
-	X509_NAME	*name;
+	void		*name;
 	PyObject	*dict, *issuer, *subject, *ret;
 
 	ret = NULL;
@@ -2963,13 +2956,13 @@ pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure)
 
 	PyErr_Clear();
 
-	if ((name = X509_get_issuer_name(pyc->c->cert)) == NULL) {
+	if ((name = kore_tls_x509_subject_name(pyc->c->cert)) == NULL) {
 		PyErr_Format(PyExc_RuntimeError,
-		    "X509_get_issuer_name: %s", ssl_errno_s);
+		    "failed to obtain x509 subjectName");
 		goto out;
 	}
 
-	if (!kore_x509name_foreach(name, 0, issuer, pyconnection_x509_cb)) {
+	if (!kore_tls_x509name_foreach(name, 0, issuer, pyconnection_x509_cb)) {
 		if (PyErr_Occurred() == NULL) {
 			PyErr_Format(PyExc_RuntimeError,
 			    "failed to add issuer name to dictionary");
@@ -2977,13 +2970,14 @@ pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure)
 		goto out;
 	}
 
-	if ((name = X509_get_subject_name(pyc->c->cert)) == NULL) {
+	if ((name = kore_tls_x509_issuer_name(pyc->c->cert)) == NULL) {
 		PyErr_Format(PyExc_RuntimeError,
-		    "X509_get_subject_name: %s", ssl_errno_s);
+		    "failed to obtain x509 issuerName");
 		goto out;
 	}
 
-	if (!kore_x509name_foreach(name, 0, subject, pyconnection_x509_cb)) {
+	if (!kore_tls_x509name_foreach(name, 0, subject,
+	    pyconnection_x509_cb)) {
 		if (PyErr_Occurred() == NULL) {
 			PyErr_Format(PyExc_RuntimeError,
 			    "failed to add subject name to dictionary");
diff --git a/src/tls_none.c b/src/tls_none.c
@@ -159,3 +159,9 @@ kore_tls_x509name_foreach(void *name, int flags, void *udata,
 {
 	fatal("%s: not supported", __func__);
 }
+
+int
+kore_tls_x509_data(struct connection *c, u_int8_t **ptr, size_t *olen)
+{
+	fatal("%s: not supported", __func__);
+}
diff --git a/src/tls_openssl.c b/src/tls_openssl.c
@@ -654,13 +654,23 @@ kore_tls_rsakey_generate(const char *path)
 void *
 kore_tls_x509_subject_name(struct connection *c)
 {
-	return (X509_get_subject_name(c->cert));
+	X509_NAME	*name;
+
+	if ((name = X509_get_subject_name(c->cert)) == NULL)
+		kore_log(LOG_NOTICE, "X509_get_subject_name: %s", ssl_errno_s);
+
+	return (name);
 }
 
 void *
 kore_tls_x509_issuer_name(struct connection *c)
 {
-	return (X509_get_issuer_name(c->cert));
+	X509_NAME	*name;
+
+	if ((name = X509_get_issuer_name(c->cert)) == NULL)
+		kore_log(LOG_NOTICE, "X509_get_issuer_name: %s", ssl_errno_s);
+
+	return (name);
 }
 
 int
@@ -724,6 +734,32 @@ cleanup:
 	return (ret);
 }
 
+int
+kore_tls_x509_data(struct connection *c, u_int8_t **ptr, size_t *olen)
+{
+	int		len;
+	u_int8_t	*der, *pp;
+
+	if ((len = i2d_X509(c->cert, NULL)) <= 0) {
+		kore_log(LOG_NOTICE, "i2d_X509: %s", ssl_errno_s);
+		return (KORE_RESULT_ERROR);
+	}
+
+	der = kore_calloc(1, len);
+	pp = der;
+
+	if (i2d_X509(c->cert, &pp) <= 0) {
+		kore_free(der);
+		kore_log(LOG_NOTICE, "i2d_X509: %s", ssl_errno_s);
+		return (KORE_RESULT_ERROR);
+	}
+
+	*ptr = der;
+	*olen = len;
+
+	return (KORE_RESULT_OK);
+}
+
 void
 kore_tls_seed(const void *data, size_t len)
 {

	kore Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
	Commits \| Files \| Refs \| README \| LICENSE \| git clone https://git.kore.io/kore.git

include/kore/kore.h	\|	1	+
src/python.c	\|	36	+++++++++++++++---------------------
src/tls_none.c	\|	6	++++++
src/tls_openssl.c	\|	40	++++++++++++++++++++++++++++++++++++++--