feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #641 from dgarske/verifycb_peer_cert_chain

Browse Source 
Add the peer cert buffer and count to X509_STORE_CTX for verify callback
This commit is contained in:
toddouska
2016-11-23 12:59:00 -08:00
committed by GitHub
parent 8a8274d403 1240014fab
commit 7dab97fb01
5 changed files with 34 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/internal.c
View File

@@ -6864,6 +6864,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
return MEMORY_E; return MEMORY_E;
} }
#endif #endif
XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));
if (anyError != 0 && ret == 0) if (anyError != 0 && ret == 0)
ret = anyError; ret = anyError;
@@ -6882,6 +6883,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
store->discardSessionCerts = 0; store->discardSessionCerts = 0;
store->domain = domain; store->domain = domain;
store->userCtx = ssl->verifyCbCtx; store->userCtx = ssl->verifyCbCtx;
store->certs = certs;
store->totalCerts = totalCerts;
#ifdef KEEP_PEER_CERT #ifdef KEEP_PEER_CERT
store->current_cert = &ssl->peerCert; store->current_cert = &ssl->peerCert;
#else #else
@@ -6919,6 +6922,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
store->discardSessionCerts = 0; store->discardSessionCerts = 0;
store->domain = domain; store->domain = domain;
store->userCtx = ssl->verifyCbCtx; store->userCtx = ssl->verifyCbCtx;
store->certs = certs;
store->totalCerts = totalCerts;
#ifdef KEEP_PEER_CERT #ifdef KEEP_PEER_CERT
store->current_cert = &ssl->peerCert; store->current_cert = &ssl->peerCert;
#endif #endif

7
wolfssl/internal.h
View File

@@ -1290,11 +1290,8 @@ WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx); WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
/* wolfSSL buffer type */ /* wolfSSL buffer type - internal uses "buffer" type */
typedef struct buffer { typedef WOLFSSL_BUFFER_INFO buffer;
byte* buffer;
word32 length;
} buffer;
#ifndef NO_CERTS #ifndef NO_CERTS
/* wolfSSL DER buffer */ /* wolfSSL DER buffer */

5
wolfssl/ocsp.h
View File

@@ -35,16 +35,15 @@
extern "C" { extern "C" {
#endif #endif
struct buffer;
typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*); WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP*, WOLFSSL_CERT_MANAGER*);
WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic); WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP*, int dynamic);
WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*, WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP*, DecodedCert*,
struct buffer* responseBuffer); WOLFSSL_BUFFER_INFO* responseBuffer);
WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp,
OcspRequest* ocspRequest, struct buffer* responseBuffer); OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer);
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */

7
wolfssl/ssl.h
View File

@@ -166,6 +166,11 @@ typedef struct WOLFSSL_X509_OBJECT {
} data; } data;
} WOLFSSL_X509_OBJECT; } WOLFSSL_X509_OBJECT;
typedef struct WOLFSSL_BUFFER_INFO {
unsigned char* buffer;
unsigned int length;
} WOLFSSL_BUFFER_INFO;
typedef struct WOLFSSL_X509_STORE_CTX { typedef struct WOLFSSL_X509_STORE_CTX {
WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */
WOLFSSL_X509* current_cert; /* stunnel dereference */ WOLFSSL_X509* current_cert; /* stunnel dereference */
@@ -175,6 +180,8 @@ typedef struct WOLFSSL_X509_STORE_CTX {
int error; /* current error */ int error; /* current error */
int error_depth; /* cert depth for this error */ int error_depth; /* cert depth for this error */
int discardSessionCerts; /* so verify callback can flag for discard */ int discardSessionCerts; /* so verify callback can flag for discard */
int totalCerts; /* number of peer cert buffers */
WOLFSSL_BUFFER_INFO* certs; /* peer certs */
} WOLFSSL_X509_STORE_CTX; } WOLFSSL_X509_STORE_CTX;

19
wolfssl/test.h
View File

@@ -1143,17 +1143,28 @@ static INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
wolfSSL_X509_get_issuer_name(peer), 0, 0); wolfSSL_X509_get_issuer_name(peer), 0, 0);
char* subject = wolfSSL_X509_NAME_oneline( char* subject = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_subject_name(peer), 0, 0); wolfSSL_X509_get_subject_name(peer), 0, 0);
printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer, printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
subject); subject);
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
} }
else else
printf("peer has no cert!\n"); printf("\tPeer has no cert!\n");
#else
printf("\tPeer certs: %d\n", store->totalCerts);
#ifdef VERIFY_CALLBACK_SHOW_PEER_CERTS
{ int i;
for (i=0; i<store->totalCerts; i++) {
WOLFSSL_BUFFER_INFO* cert = &store->certs[i];
printf("\t\tCert %d: Ptr %p, Len %u\n", i, cert->buffer, cert->length);
}
}
#endif
#endif #endif
printf("Subject's domain name is %s\n", store->domain);
printf("Allowing to continue anyway (shouldn't do this, EVER!!!)\n"); printf("\tSubject's domain name is %s\n", store->domain);
printf("\tAllowing to continue anyway (shouldn't do this, EVER!!!)\n");
return 1; return 1;
} }