add initial implementation for wolfSSL_SESSION_get0_peer

2020-01-24 16:26:48 -07:00
parent ab49120652
commit c2c3e0d4aa
3 changed files with 25 additions and 3 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -13437,7 +13437,7 @@ int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session)

 #endif /* SESSION_INDEX */

-#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
+#if defined(SESSION_CERTS)

 WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
 {
@@ -13451,6 +13451,26 @@ WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
    return chain;
 }

+
+/* gets the peer certificate associated with the session passed in
+ * returns null on failure, the caller should not free the returned pointer */
+WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session)
+{
+    WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
+    if (session) {
+        int count;
+
+        count = wolfSSL_get_chain_count(&session->chain);
+        if (count < 1 || count >= MAX_CHAIN_DEPTH) {
+            WOLFSSL_MSG("bad count found");
+            return NULL;
+        }
+        return wolfSSL_get_chain_X509(&session->chain, count - 1);
+    }
+    WOLFSSL_MSG("No session passed in");
+    return NULL;
+}
+
 #endif /* SESSION_INDEX && SESSION_CERTS */


--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -276,6 +276,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_get_error                   wolfSSL_get_error
 #define SSL_set_session                 wolfSSL_set_session
 #define SSL_get_session(x)              wolfSSL_get_session((WOLFSSL*) (x))
+#define SSL_SESSION_get0_peer           wolfSSL_SESSION_get0_peer
 #define SSL_flush_sessions              wolfSSL_flush_sessions
 /* assume unlimited temporarily */
 #define SSL_CTX_get_session_cache_mode(ctx) 0
@@ -294,7 +295,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_set_cipher_list             wolfSSL_set_cipher_list
 /* wolfSSL does not support security levels */
 #define SSL_CTX_set_security_level(...)
-/* wolfSSL does not support expoting keying material */
+/* wolfSSL does not support exporting keying material */
 #define SSL_export_keying_material(...) 0

 #define SSL_CTX_set1_groups_list        wolfSSL_CTX_set1_groups_list
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -925,9 +925,10 @@ WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session);
 #endif /* SESSION_INDEX */

-#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
+#if defined(SESSION_CERTS)
 WOLFSSL_API
    WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session);
+WOLFSSL_API WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session);
 #endif /* SESSION_INDEX && SESSION_CERTS */

 typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);