Overview
Comment: | Refactored convert X509 status binary values to hex strings. Renamed X509 parameter signatureAlgorithm to signature and digest to signingDigest. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | status_x509 |
Files: | files | file ages | folders |
SHA3-256: |
8dd96d8c7b12b3f580ff471914d0c85d |
User & Date: | bohagan on 2023-07-15 20:47:31 |
Other Links: | branch diff | manifest | tags |
Context
2023-07-15
| ||
21:37 | Better grouped status and connection parameters in doc. check-in: c7828a9fcc user: bohagan tags: status_x509 | |
20:47 | Refactored convert X509 status binary values to hex strings. Renamed X509 parameter signatureAlgorithm to signature and digest to signingDigest. check-in: 8dd96d8c7b user: bohagan tags: status_x509 | |
2023-07-10
| ||
01:13 | Added all certificate info dump to X509 status. Renamed X509 status signature_algorithm to signatureAlgorithm, public_key_algorithm to publicKeyAlgorithm, and serial to serialNumber. Added publicKey and alias to X509 status. check-in: 58ee9890df user: bohagan tags: status_x509 | |
Changes
Modified generic/tlsX509.c
from [3762ab4f14]
to [0a4513fb4b].
︙ | ︙ | |||
65 66 67 68 69 70 71 72 73 74 75 76 77 78 | s= (v[10]-'0')*10+(v[11]-'0'); sprintf(bp,"%s %2d %02d:%02d:%02d %d%s", mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":""); return bp; err: return "Bad time value"; } /* *------------------------------------------------------* * * Tls_NewX509Obj -- * * ------------------------------------------------* | > > > > > > > > > > > > > | 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | s= (v[10]-'0')*10+(v[11]-'0'); sprintf(bp,"%s %2d %02d:%02d:%02d %d%s", mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":""); return bp; err: return "Bad time value"; } /* * Binary string to hex string */ int String_to_Hex(char* input, int len, char *output, int max) { int count = 0; for (int i = 0; i < len && count < max - 1; i++, count += 2) { sprintf(output + count, "%02X", input[i] & 0xff); } output[count] = 0; return count; } /* *------------------------------------------------------* * * Tls_NewX509Obj -- * * ------------------------------------------------* |
︙ | ︙ | |||
98 99 100 101 102 103 104 105 106 107 108 109 110 | int n; unsigned long flags; char subject[BUFSIZ]; char issuer[BUFSIZ]; char serial[BUFSIZ]; char notBefore[BUFSIZ]; char notAfter[BUFSIZ]; char certStr[CERT_STR_SIZE], *certStr_p; int certStr_len, toRead; char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1]; unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH]; char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1]; unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH]; | > < | 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 | int n; unsigned long flags; char subject[BUFSIZ]; char issuer[BUFSIZ]; char serial[BUFSIZ]; char notBefore[BUFSIZ]; char notAfter[BUFSIZ]; char publicKey[BUFSIZ]; char certStr[CERT_STR_SIZE], *certStr_p; int certStr_len, toRead; char sha1_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1]; unsigned char sha1_hash_binary[SHA_DIGEST_LENGTH]; char sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2 + 1]; unsigned char sha256_hash_binary[SHA256_DIGEST_LENGTH]; int nid, pknid, bits, num_of_exts, len; uint32_t xflags; unsigned char *bstring; STACK_OF(GENERAL_NAME) *san; sha1_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0'; sha256_hash_ascii[SHA256_DIGEST_LENGTH * 2] = '\0'; |
︙ | ︙ | |||
184 185 186 187 188 189 190 | strcpy(notAfter, ASN1_UTCTIME_tostr(X509_get0_notAfter(cert))); /* Version */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("version", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewLongObj(X509_get_version(cert)+1)); /* Signature algorithm */ | | | < < < | < > | | 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 | strcpy(notAfter, ASN1_UTCTIME_tostr(X509_get0_notAfter(cert))); /* Version */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("version", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewLongObj(X509_get_version(cert)+1)); /* Signature algorithm */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signature", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(X509_get_signature_nid(cert)),-1)); /* Information about the signature of certificate cert */ if (X509_get_signature_info(cert, &nid, &pknid, &bits, &xflags) == 1) { ASN1_BIT_STRING *key; Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("signingDigest", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(nid),-1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKeyAlgorithm", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(OBJ_nid2ln(pknid),-1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("bits", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(bits)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("extension_flags", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewIntObj(xflags)); /* Public key - X509_get0_pubkey */ key = X509_get0_pubkey_bitstr(cert); len = String_to_Hex(key->data, key->length, publicKey, BUFSIZ); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("publicKey", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(publicKey, len)); /* Check if cert was issued by CA cert issuer or self signed */ Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("self_signed", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewBooleanObj(X509_check_issued(cert, cert) == X509_V_OK)); } /* Alias */ |
︙ | ︙ | |||
229 230 231 232 233 234 235 | Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectKeyIdentifier", -1)); len = 0; bstring = X509_keyid_get0(cert, &len); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(bstring, len)); /* SHA1 Fingerprint of cert - DER representation */ X509_digest(cert, EVP_sha1(), sha1_hash_binary, &len); | < < | < | < | < < | 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 | Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subjectKeyIdentifier", -1)); len = 0; bstring = X509_keyid_get0(cert, &len); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewByteArrayObj(bstring, len)); /* SHA1 Fingerprint of cert - DER representation */ X509_digest(cert, EVP_sha1(), sha1_hash_binary, &len); len = String_to_Hex(sha1_hash_binary, len, sha1_hash_ascii, BUFSIZ); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha1_hash", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj(sha1_hash_ascii, len)); /* SHA256 Fingerprint of cert - DER representation */ X509_digest(cert, EVP_sha256(), sha256_hash_binary, &len); len = String_to_Hex(sha256_hash_binary, len, sha256_hash_ascii, BUFSIZ); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("sha256_hash", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj( sha256_hash_ascii, SHA256_DIGEST_LENGTH * 2)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("subject", -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj( subject, -1)); Tcl_ListObjAppendElement(interp, certPtr, Tcl_NewStringObj("issuer", -1)); |
︙ | ︙ |