add CyaSSL_X509_get_der(cert) with EXTRA

configure.ac

@@ -199,7 +199,7 @@ AC_ARG_ENABLE(bump,
 
 if test "$ENABLED_BUMP" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192"
+    AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192"
 fi
 
 # fastmath

cyassl/internal.h

@@ -967,6 +967,7 @@ struct CYASSL_X509 {
     int              serialSz;
     byte             serial[EXTERNAL_SERIAL_SIZE];
     char             subjectCN[ASN_NAME_MAX];        /* common name short cut */
+    buffer           derCert;                        /* may need  */
 };
 
 

cyassl/ssl.h

@@ -669,6 +669,7 @@ CYASSL_API int  CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx,
 CYASSL_API const unsigned char* CyaSSL_get_sessionID(const CYASSL_SESSION* s);
 CYASSL_API int  CyaSSL_X509_get_serial_number(CYASSL_X509*,unsigned char*,int*);
 CYASSL_API char*  CyaSSL_X509_get_subjectCN(CYASSL_X509*);
+CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*);
 
 /* connect enough to get peer cert */
 CYASSL_API int  CyaSSL_connect_cert(CYASSL* ssl);

src/internal.c

@@ -690,6 +690,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
     ssl->buffers.prevSent                  = 0;
     ssl->buffers.plainSz                   = 0;
 
+#ifdef OPENSSL_EXTRA
+    ssl->peerCert.derCert.buffer = 0;
+#endif
+
     ssl->rfd = -1;   /* set to invalid descriptor */
     ssl->wfd = -1;
     ssl->biord = 0;
@@ -876,6 +880,7 @@ void SSL_ResourceFree(CYASSL* ssl)
     if (ssl->buffers.outputBuffer.dynamicFlag)
         ShrinkOutputBuffer(ssl);
 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
+    XFREE(ssl->peerCert.derCert.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
     CyaSSL_BIO_free(ssl->biord);
     if (ssl->biord != ssl->biowr)        /* in case same as write */
         CyaSSL_BIO_free(ssl->biowr);
@@ -1604,6 +1609,14 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
         }
         else
             ssl->peerCert.subjectCN[0] = '\0';
+
+        /* store cert for potential retrieval */
+        ssl->peerCert.derCert.buffer = (byte*)XMALLOC(myCert.length, ssl->heap,
+                                                      DYNAMIC_TYPE_CERT);
+        if (ssl->peerCert.derCert.buffer == NULL)
+            return MEMORY_E;
+        XMEMCPY(ssl->peerCert.derCert.buffer, myCert.buffer, myCert.length);
+        ssl->peerCert.derCert.length = myCert.length;
 #endif    
 
         /* store for callback use */

src/ssl.c

@@ -382,6 +382,22 @@ int CyaSSL_CTX_set_group_messages(CYASSL_CTX* ctx)
 }
 
 
+/* connect enough to get peer cert chain */
+int CyaSSL_connect_cert(CYASSL* ssl)
+{
+    int  ret;
+
+    if (ssl == NULL)
+        return SSL_FAILURE;
+
+    ssl->options.certOnly = 1;
+    ret = CyaSSL_connect(ssl);
+    ssl->options.certOnly   = 0;
+
+    return ret;
+}
+
+
 /* trun on handshake group messages for ssl object */
 int CyaSSL_set_group_messages(CYASSL* ssl)
 {
@@ -4495,6 +4511,19 @@ int CyaSSL_set_compression(CYASSL* ssl)
         return 0;
     }
 
+
+    const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
+    { 
+        CYASSL_ENTER("CyaSSL_X509_get_der");
+        
+        if (x509 == NULL || outSz == NULL)
+            return NULL;
+
+        *outSz = (int)x509->derCert.length;
+        return x509->derCert.buffer;
+    }  
+
+
     char*  CyaSSL_X509_get_subjectCN(CYASSL_X509* x509)
     {
         if (x509 == NULL)
@@ -4603,20 +4632,5 @@ const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session)
 }
 
 
-/* connect enough to get peer cert chain */
-int CyaSSL_connect_cert(CYASSL* ssl)
-{
-    int  ret;
-
-    if (ssl == NULL)
-        return SSL_FAILURE;
-
-    ssl->options.certOnly = 1;
-    ret = CyaSSL_connect(ssl);
-    ssl->options.certOnly   = 0;
-
-    return ret;
-}
-
 #endif /* SESSION_CERTS */