Add kore_tls_x509_data().

Use it in the Python code, which requires it.
2025-03-09 04:29:02 -04:00 · 2022-02-18 09:14:30 +01:00 · 2022-02-18 09:14:30 +01:00 · feb90208ef
commit feb90208ef
parent 169a4e7c5d
4 changed files with 60 additions and 23 deletions
--- a/include/kore/kore.h
+++ b/include/kore/kore.h
@ -824,6 +824,7 @@ void		kore_tls_domain_setup(struct kore_domain *,
 void		*kore_tls_rsakey_load(const char *);
 void		*kore_tls_rsakey_generate(const char *);

+int		kore_tls_x509_data(struct connection *, u_int8_t **, size_t *);
 void		*kore_tls_x509_issuer_name(struct connection *);
 void		*kore_tls_x509_subject_name(struct connection *);
 int		kore_tls_x509name_foreach(void *, int, void *,
--- a/src/python.c
+++ b/src/python.c
@ -29,6 +29,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <stdarg.h>
+#include <stddef.h>

 #include "kore.h"
 #include "http.h"
@ -2904,25 +2905,17 @@ pyconnection_get_addr(struct pyconnection *pyc, void *closure)
 static PyObject *
 pyconnection_get_peer_x509(struct pyconnection *pyc, void *closure)
 {
-	int			len;
-	PyObject		*bytes;
-	u_int8_t		*der, *pp;
+	size_t		len;
+	u_int8_t	*der;
+	PyObject	*bytes;

 	if (pyc->c->cert == NULL) {
 		Py_RETURN_NONE;
 	}

-	if ((len = i2d_X509(pyc->c->cert, NULL)) <= 0) {
-		PyErr_SetString(PyExc_RuntimeError, "i2d_X509 failed");
-		return (NULL);
-	}
-
-	der = kore_calloc(1, len);
-	pp = der;
-
-	if (i2d_X509(pyc->c->cert, &pp) <= 0) {
-		kore_free(der);
-		PyErr_SetString(PyExc_RuntimeError, "i2d_X509 failed");
+	if (!kore_tls_x509_data(pyc->c, &der, &len)) {
+		PyErr_SetString(PyExc_RuntimeError,
+		    "failed to obtain certificate data");
 		return (NULL);
 	}

@ -2935,7 +2928,7 @@ pyconnection_get_peer_x509(struct pyconnection *pyc, void *closure)
 static PyObject *
 pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure)
 {
-	X509_NAME	*name;
+	void		*name;
 	PyObject	*dict, *issuer, *subject, *ret;

 	ret = NULL;
@ -2963,13 +2956,13 @@ pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure)

 	PyErr_Clear();

-	if ((name = X509_get_issuer_name(pyc->c->cert)) == NULL) {
+	if ((name = kore_tls_x509_subject_name(pyc->c->cert)) == NULL) {
 		PyErr_Format(PyExc_RuntimeError,
-		    "X509_get_issuer_name: %s", ssl_errno_s);
+		    "failed to obtain x509 subjectName");
 		goto out;
 	}

-	if (!kore_x509name_foreach(name, 0, issuer, pyconnection_x509_cb)) {
+	if (!kore_tls_x509name_foreach(name, 0, issuer, pyconnection_x509_cb)) {
 		if (PyErr_Occurred() == NULL) {
 			PyErr_Format(PyExc_RuntimeError,
 			    "failed to add issuer name to dictionary");
@ -2977,13 +2970,14 @@ pyconnection_get_peer_x509dict(struct pyconnection *pyc, void *closure)
 		goto out;
 	}

-	if ((name = X509_get_subject_name(pyc->c->cert)) == NULL) {
+	if ((name = kore_tls_x509_issuer_name(pyc->c->cert)) == NULL) {
 		PyErr_Format(PyExc_RuntimeError,
-		    "X509_get_subject_name: %s", ssl_errno_s);
+		    "failed to obtain x509 issuerName");
 		goto out;
 	}

-	if (!kore_x509name_foreach(name, 0, subject, pyconnection_x509_cb)) {
+	if (!kore_tls_x509name_foreach(name, 0, subject,
+	    pyconnection_x509_cb)) {
 		if (PyErr_Occurred() == NULL) {
 			PyErr_Format(PyExc_RuntimeError,
 			    "failed to add subject name to dictionary");
--- a/src/tls_none.c
+++ b/src/tls_none.c
@ -159,3 +159,9 @@ kore_tls_x509name_foreach(void *name, int flags, void *udata,
 {
 	fatal("%s: not supported", __func__);
 }
+
+int
+kore_tls_x509_data(struct connection *c, u_int8_t **ptr, size_t *olen)
+{
+	fatal("%s: not supported", __func__);
+}
--- a/src/tls_openssl.c
+++ b/src/tls_openssl.c
@ -654,13 +654,23 @@ kore_tls_rsakey_generate(const char *path)
 void *
 kore_tls_x509_subject_name(struct connection *c)
 {
-	return (X509_get_subject_name(c->cert));
+	X509_NAME	*name;
+
+	if ((name = X509_get_subject_name(c->cert)) == NULL)
+		kore_log(LOG_NOTICE, "X509_get_subject_name: %s", ssl_errno_s);
+
+	return (name);
 }

 void *
 kore_tls_x509_issuer_name(struct connection *c)
 {
-	return (X509_get_issuer_name(c->cert));
+	X509_NAME	*name;
+
+	if ((name = X509_get_issuer_name(c->cert)) == NULL)
+		kore_log(LOG_NOTICE, "X509_get_issuer_name: %s", ssl_errno_s);
+
+	return (name);
 }

 int
@ -724,6 +734,32 @@ cleanup:
 	return (ret);
 }

+int
+kore_tls_x509_data(struct connection *c, u_int8_t **ptr, size_t *olen)
+{
+	int		len;
+	u_int8_t	*der, *pp;
+
+	if ((len = i2d_X509(c->cert, NULL)) <= 0) {
+		kore_log(LOG_NOTICE, "i2d_X509: %s", ssl_errno_s);
+		return (KORE_RESULT_ERROR);
+	}
+
+	der = kore_calloc(1, len);
+	pp = der;
+
+	if (i2d_X509(c->cert, &pp) <= 0) {
+		kore_free(der);
+		kore_log(LOG_NOTICE, "i2d_X509: %s", ssl_errno_s);
+		return (KORE_RESULT_ERROR);
+	}
+
+	*ptr = der;
+	*olen = len;
+
+	return (KORE_RESULT_OK);
+}
+
 void
 kore_tls_seed(const void *data, size_t len)
 {