kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

commit feb90208ef01faa1e585b938614d006b5c9988d4
parent 169a4e7c5df6d858c4bd8c57572995d1bd61ce31
Author: Joris Vink <joris@coders.se>
Date:   Fri, 18 Feb 2022 09:14:30 +0100

Add kore_tls_x509_data().

Use it in the Python code, which requires it.

Diffstat:
include/kore/kore.h | 1+
src/python.c | 36+++++++++++++++---------------------
src/tls_none.c | 6++++++
src/tls_openssl.c | 40++++++++++++++++++++++++++++++++++++++--
4 files changed, 60 insertions(+), 23 deletions(-)

diff --git a/include/kore/kore.h b/include/kore/kore.h @@ -824,6 +824,7 @@ void kore_tls_domain_setup(struct kore_domain *, void *kore_tls_rsakey_load(const char *); void *kore_tls_rsakey_generate(const char *); +int kore_tls_x509_data(struct connection *, u_int8_t **, size_t *); void *kore_tls_x509_issuer_name(struct connection *); void *kore_tls_x509_subject_name(struct connection *); int kore_tls_x509name_foreach(void *, int, void *, diff --git a/src/python.c b/src/python.c @@ -29,6 +29,7 @@ #include <fcntl.h> #include <unistd.h> #include <stdarg.h> +#include <stddef.h> #include "kore.h" #include "http.h" @@ -2904,25 +2905,17 @@ pyconnection_get_addr(struct pyconnection *pyc, void *closure) static PyObject * pyconnection_get_peer_x509(struct pyconnection *pyc, void *closure) { - int len; - PyObject *bytes; - u_int8_t *der, *pp; + size_t len; + u_int8_t *der; + PyObject *bytes; if (pyc->c->cert == NULL) { Py_RETURN_NONE; } - if ((len = i2d_X509(pyc->c->cert, NULL)) <= 0) { - PyErr_SetString(PyExc_RuntimeError, "i2d_X509 failed"); - return (NULL); - } - - der = kore_calloc(1, len); - pp = der; - - if (i2d_X509(pyc->c->cert, &pp) <= 0) { - kore_free(der); - PyErr_SetString(PyExc_RuntimeError, "i2d_X509 failed"); + if (!kore_tls_x509_data(pyc->c, &der, &len)) { + PyErr_SetString(PyExc_RuntimeError, + "failed to obtain certificate data"); return (NULL); } @@ -2935,7 +2928,7 @@ pyconnection_get_peer_x509(struct pyconnection *pyc, void *closure) static PyObject * pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure) { - X509_NAME *name; + void *name; PyObject *dict, *issuer, *subject, *ret; ret = NULL; @@ -2963,13 +2956,13 @@ pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure) PyErr_Clear(); - if ((name = X509_get_issuer_name(pyc->c->cert)) == NULL) { + if ((name = kore_tls_x509_subject_name(pyc->c->cert)) == NULL) { PyErr_Format(PyExc_RuntimeError, - "X509_get_issuer_name: %s", ssl_errno_s); + "failed to obtain x509 subjectName"); goto out; } - if (!kore_x509name_foreach(name, 0, issuer, pyconnection_x509_cb)) { + if (!kore_tls_x509name_foreach(name, 0, issuer, pyconnection_x509_cb)) { if (PyErr_Occurred() == NULL) { PyErr_Format(PyExc_RuntimeError, "failed to add issuer name to dictionary"); @@ -2977,13 +2970,14 @@ pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure) goto out; } - if ((name = X509_get_subject_name(pyc->c->cert)) == NULL) { + if ((name = kore_tls_x509_issuer_name(pyc->c->cert)) == NULL) { PyErr_Format(PyExc_RuntimeError, - "X509_get_subject_name: %s", ssl_errno_s); + "failed to obtain x509 issuerName"); goto out; } - if (!kore_x509name_foreach(name, 0, subject, pyconnection_x509_cb)) { + if (!kore_tls_x509name_foreach(name, 0, subject, + pyconnection_x509_cb)) { if (PyErr_Occurred() == NULL) { PyErr_Format(PyExc_RuntimeError, "failed to add subject name to dictionary"); diff --git a/src/tls_none.c b/src/tls_none.c @@ -159,3 +159,9 @@ kore_tls_x509name_foreach(void *name, int flags, void *udata, { fatal("%s: not supported", __func__); } + +int +kore_tls_x509_data(struct connection *c, u_int8_t **ptr, size_t *olen) +{ + fatal("%s: not supported", __func__); +} diff --git a/src/tls_openssl.c b/src/tls_openssl.c @@ -654,13 +654,23 @@ kore_tls_rsakey_generate(const char *path) void * kore_tls_x509_subject_name(struct connection *c) { - return (X509_get_subject_name(c->cert)); + X509_NAME *name; + + if ((name = X509_get_subject_name(c->cert)) == NULL) + kore_log(LOG_NOTICE, "X509_get_subject_name: %s", ssl_errno_s); + + return (name); } void * kore_tls_x509_issuer_name(struct connection *c) { - return (X509_get_issuer_name(c->cert)); + X509_NAME *name; + + if ((name = X509_get_issuer_name(c->cert)) == NULL) + kore_log(LOG_NOTICE, "X509_get_issuer_name: %s", ssl_errno_s); + + return (name); } int @@ -724,6 +734,32 @@ cleanup: return (ret); } +int +kore_tls_x509_data(struct connection *c, u_int8_t **ptr, size_t *olen) +{ + int len; + u_int8_t *der, *pp; + + if ((len = i2d_X509(c->cert, NULL)) <= 0) { + kore_log(LOG_NOTICE, "i2d_X509: %s", ssl_errno_s); + return (KORE_RESULT_ERROR); + } + + der = kore_calloc(1, len); + pp = der; + + if (i2d_X509(c->cert, &pp) <= 0) { + kore_free(der); + kore_log(LOG_NOTICE, "i2d_X509: %s", ssl_errno_s); + return (KORE_RESULT_ERROR); + } + + *ptr = der; + *olen = len; + + return (KORE_RESULT_OK); +} + void kore_tls_seed(const void *data, size_t len) {