Check-in [46cae05dcb]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improvements to certificate conversion. Distinguished Names subject and issuer now UTF-8 per RFC 3280, RFC 2253. Serial numbers now hexadecimal per RFC 3280.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:46cae05dcb062051eea6d2a8876687fd9148c74f
User & Date: razzell 2004-03-17 17:53:57
Context
2004-03-19
21:05
* tls.c (Tls_Init): replaced older TEA config with newer * config/* (removed): * pkgIndex.tcl.in, strncasecmp.c (removed): * Makefile.in, aclocal.m4, configure, configure.in: * tclconfig/README.txt, tclconfig/install-sh, tclconfig/tcl.m4: check-in: bf83205ca8 user: hobbs tags: trunk
2004-03-17
17:53
Improvements to certificate conversion. Distinguished Names subject and issuer now UTF-8 per RFC 3280, RFC 2253. Serial numbers now hexadecimal per RFC 3280. check-in: 46cae05dcb user: razzell tags: trunk
2004-02-17
21:27
TLS 1.5.0 RELEASED check-in: ba5a968fc6 user: razzell tags: trunk, tls-1-5-0
Changes

Changes to ChangeLog.











1
2
3
4
5
6
7










2004-02-17  Dan Razzell <research@starfishsystems.ca>

	TLS 1.5.0 RELEASE

2004-02-12  Dan Razzell	<research@starfishsystems.ca>

	* tls.c:	Allow verify callback to return empty result.
>
>
>
>
>
>
>
>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2004-03-17  Dan Razzell <research@starfishsystems.ca>

	* tlsX509.c:	Add support for long serial numbers per RFC 3280.
			Format is now hexadecimal. 
			[Request #915313]
			Correctly convert certificate Distinguished Names
			to Tcl string representation.  Eliminates use of
			deprecated OpenSSL function.  Format is now compliant
			with RFC 2253.  [Request #915315]

2004-02-17  Dan Razzell <research@starfishsystems.ca>

	TLS 1.5.0 RELEASE

2004-02-12  Dan Razzell	<research@starfishsystems.ca>

	* tls.c:	Allow verify callback to return empty result.

Changes to tlsX509.c.

1
2
3
4
5
6
7










8
9
10
11
12
13
14
..
67
68
69
70
71
72
73

74

75
76

77
78
79
80
81
82
83
84




















85
86
87







88
89
90
91
92
93
94
...
120
121
122
123
124
125
126
127
128
129
130
/*
 * Copyright (C) 1997-2000 Sensus Consulting Ltd.
 * Matt Newman <matt@sensus.org>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsX509.c,v 1.3 2003/07/07 20:24:49 hobbs Exp $
 */
#include "tlsInt.h"











/*
 * ASN1_UTCTIME_tostr --
 */
static char *
ASN1_UTCTIME_tostr(ASN1_UTCTIME *tm)
{
................................................................................

Tcl_Obj*
Tls_NewX509Obj( interp, cert)
    Tcl_Interp *interp;
    X509 *cert;
{
    Tcl_Obj *certPtr = Tcl_NewListObj( 0, NULL);

    int serial;

    char subject[BUFSIZ];
    char issuer[BUFSIZ];

    char notBefore[BUFSIZ];
    char notAfter[BUFSIZ];
#ifndef NO_SSL_SHA
    int shai;
    char sha_hash[SHA_DIGEST_LENGTH*2];
    const char *shachars="0123456789ABCDEF";
#endif





















    serial = ASN1_INTEGER_get(X509_get_serialNumber(cert));
    X509_NAME_oneline(X509_get_subject_name(cert),subject,sizeof(subject));
    X509_NAME_oneline(X509_get_issuer_name(cert),issuer,sizeof(issuer));








    strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
    strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));

#ifndef NO_SSL_SHA
    for (shai=0;shai<SHA_DIGEST_LENGTH;shai++)
    {
................................................................................
	    Tcl_NewStringObj( "notAfter", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( notAfter, -1) );

    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "serial", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewIntObj( serial) );

    return certPtr;
}




|


>
>
>
>
>
>
>
>
>
>







 







>
|
>


>








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
<
>
>
>
>
>
>
>







 







|



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
..
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118


119
120
121
122
123
124
125
126
127
128
129
130
131
132
...
158
159
160
161
162
163
164
165
166
167
168
/*
 * Copyright (C) 1997-2000 Sensus Consulting Ltd.
 * Matt Newman <matt@sensus.org>
 *
 * $Header: /home/rkeene/tmp/cvs2fossil/../tcltls/tls/tls/tlsX509.c,v 1.4 2004/03/17 17:53:57 razzell Exp $
 */
#include "tlsInt.h"

static int min(int a, int b)
{
    return (a < b) ? a : b;
}

static int max(int a, int b)
{
    return (a > b) ? a : b;
}

/*
 * ASN1_UTCTIME_tostr --
 */
static char *
ASN1_UTCTIME_tostr(ASN1_UTCTIME *tm)
{
................................................................................

Tcl_Obj*
Tls_NewX509Obj( interp, cert)
    Tcl_Interp *interp;
    X509 *cert;
{
    Tcl_Obj *certPtr = Tcl_NewListObj( 0, NULL);
    BIO *bio;
    int n;
    unsigned long flags;
    char subject[BUFSIZ];
    char issuer[BUFSIZ];
    char serial[BUFSIZ];
    char notBefore[BUFSIZ];
    char notAfter[BUFSIZ];
#ifndef NO_SSL_SHA
    int shai;
    char sha_hash[SHA_DIGEST_LENGTH*2];
    const char *shachars="0123456789ABCDEF";
#endif

    if ((bio = BIO_new(BIO_s_mem())) == NULL) {
	subject[0] = 0;
	issuer[0]  = 0;
	serial[0]  = 0;
    } else {
	flags = XN_FLAG_RFC2253 | ASN1_STRFLGS_UTF8_CONVERT;
	flags &= ~ASN1_STRFLGS_ESC_MSB;

	X509_NAME_print_ex(bio, X509_get_subject_name(cert), 0, flags); 
	n = BIO_read(bio, subject, min(BIO_pending(bio), BUFSIZ - 1));
	n = max(n, 0);
	subject[n] = 0;
	BIO_flush(bio);

	X509_NAME_print_ex(bio, X509_get_issuer_name(cert), 0, flags);
	n = BIO_read(bio, issuer, min(BIO_pending(bio), BUFSIZ - 1));
	n = max(n, 0);
	issuer[n] = 0;
	BIO_flush(bio);

	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));


	n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
	n = max(n, 0);
	serial[n] = 0;
	BIO_flush(bio);

	BIO_free(bio);
    }

    strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));
    strcpy( notAfter, ASN1_UTCTIME_tostr( X509_get_notAfter(cert) ));

#ifndef NO_SSL_SHA
    for (shai=0;shai<SHA_DIGEST_LENGTH;shai++)
    {
................................................................................
	    Tcl_NewStringObj( "notAfter", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( notAfter, -1) );

    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( "serial", -1) );
    Tcl_ListObjAppendElement( interp, certPtr,
	    Tcl_NewStringObj( serial, -1) );

    return certPtr;
}