Overview
Comment: | Improvements to certificate conversion. Distinguished Names subject and issuer now UTF-8 per RFC 3280, RFC 2253. Serial numbers now hexadecimal per RFC 3280. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
46cae05dcb062051eea6d2a8876687fd |
User & Date: | razzell on 2004-03-17 17:53:57 |
Other Links: | manifest | tags |
Context
2004-03-19
| ||
21:05 | * tls.c (Tls_Init): replaced older TEA config with newer * config/* (removed): * pkgIndex.tcl.in, strncasecmp.c (removed): * Makefile.in, aclocal.m4, configure, configure.in: * tclconfig/README.txt, tclconfig/install-sh, tclconfig/tcl.m4: check-in: bf83205ca8 user: hobbs tags: trunk | |
2004-03-17
| ||
17:53 | Improvements to certificate conversion. Distinguished Names subject and issuer now UTF-8 per RFC 3280, RFC 2253. Serial numbers now hexadecimal per RFC 3280. check-in: 46cae05dcb user: razzell tags: trunk | |
2004-02-17
| ||
21:27 | TLS 1.5.0 RELEASED check-in: ba5a968fc6 user: razzell tags: trunk, tls-1-5-0 | |
Changes
Modified ChangeLog
from [0e9024f29c]
to [bfc5627b80].
1 2 3 4 5 6 7 | 2004-02-17 Dan Razzell <research@starfishsystems.ca> TLS 1.5.0 RELEASE 2004-02-12 Dan Razzell <research@starfishsystems.ca> * tls.c: Allow verify callback to return empty result. | > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | 2004-03-17 Dan Razzell <research@starfishsystems.ca> * tlsX509.c: Add support for long serial numbers per RFC 3280. Format is now hexadecimal. [Request #915313] Correctly convert certificate Distinguished Names to Tcl string representation. Eliminates use of deprecated OpenSSL function. Format is now compliant with RFC 2253. [Request #915315] 2004-02-17 Dan Razzell <research@starfishsystems.ca> TLS 1.5.0 RELEASE 2004-02-12 Dan Razzell <research@starfishsystems.ca> * tls.c: Allow verify callback to return empty result. |
︙ | ︙ |
Modified tlsX509.c
from [7e1554b19e]
to [041db9e6e3].
1 2 3 4 | /* * Copyright (C) 1997-2000 Sensus Consulting Ltd. * Matt Newman <matt@sensus.org> * | | > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | /* * Copyright (C) 1997-2000 Sensus Consulting Ltd. * Matt Newman <matt@sensus.org> * * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsX509.c,v 1.4 2004/03/17 17:53:57 razzell Exp $ */ #include "tlsInt.h" static int min(int a, int b) { return (a < b) ? a : b; } static int max(int a, int b) { return (a > b) ? a : b; } /* * ASN1_UTCTIME_tostr -- */ static char * ASN1_UTCTIME_tostr(ASN1_UTCTIME *tm) { |
︙ | ︙ | |||
67 68 69 70 71 72 73 | Tcl_Obj* Tls_NewX509Obj( interp, cert) Tcl_Interp *interp; X509 *cert; { Tcl_Obj *certPtr = Tcl_NewListObj( 0, NULL); | > | > > > > > > > > > | | > > > > > | > > > > > > > > > > > > > | 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 | Tcl_Obj* Tls_NewX509Obj( interp, cert) Tcl_Interp *interp; X509 *cert; { Tcl_Obj *certPtr = Tcl_NewListObj( 0, NULL); BIO *bio; int n; unsigned long flags; char subject[BUFSIZ]; char issuer[BUFSIZ]; char serial[BUFSIZ]; char notBefore[BUFSIZ]; char notAfter[BUFSIZ]; #ifndef NO_SSL_SHA int shai; char sha_hash[SHA_DIGEST_LENGTH*2]; const char *shachars="0123456789ABCDEF"; #endif if ((bio = BIO_new(BIO_s_mem())) == NULL) { subject[0] = 0; issuer[0] = 0; serial[0] = 0; } else { flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT; flags &= ~ASN1_STRFLGS_ESC_MSB; X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags); n = BIO_read(bio, subject, min(BIO_pending(bio), BUFSIZ - 1)); n = max(n, 0); subject[n] = 0; BIO_flush(bio); X509_NAME_print_ex(bio, X509_get_issuer_name(cert), 0, flags); n = BIO_read(bio, issuer, min(BIO_pending(bio), BUFSIZ - 1)); n = max(n, 0); issuer[n] = 0; BIO_flush(bio); i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1)); n = max(n, 0); serial[n] = 0; BIO_flush(bio); BIO_free(bio); } strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) )); strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) )); #ifndef NO_SSL_SHA for (shai=0;shai<SHA_DIGEST_LENGTH;shai++) { |
︙ | ︙ | |||
120 121 122 123 124 125 126 | Tcl_NewStringObj( "notAfter", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( notAfter, -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "serial", -1) ); Tcl_ListObjAppendElement( interp, certPtr, | | | 158 159 160 161 162 163 164 165 166 167 168 | Tcl_NewStringObj( "notAfter", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( notAfter, -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( "serial", -1) ); Tcl_ListObjAppendElement( interp, certPtr, Tcl_NewStringObj( serial, -1) ); return certPtr; } |