]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/security/Certificate.cc
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
10 #include "debug/Stream.h"
11 #include "sbuf/SBuf.h"
12 #include "security/Certificate.h"
15 #include "ssl/gadgets.h"
24 return "[need OpenSSL or GnuTLS]";
28 Security::IssuerName(Certificate
&cert
)
34 const auto name
= Ssl::OneLineSummary(*X509_get_issuer_name(&cert
));
36 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate Issuer:" <<
37 Ssl::ReportAndForgetErrors
);
40 out
.append(name
.get());
43 gnutls_x509_dn_t issuer
;
44 auto x
= gnutls_x509_crt_get_issuer(&cert
, &issuer
);
45 if (x
!= GNUTLS_E_SUCCESS
) {
46 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate Issuer: " << ErrorString(x
));
51 x
= gnutls_x509_dn_get_str(issuer
, &name
);
52 if (x
!= GNUTLS_E_SUCCESS
) {
53 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot describe certificate Issuer: " << ErrorString(x
));
56 out
.append(reinterpret_cast<const char *>(name
.data
), name
.size
);
57 gnutls_free(name
.data
);
60 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate Issuer: " << MissingLibraryError());
68 Security::SubjectName(Certificate
&cert
)
74 const auto name
= Ssl::OneLineSummary(*X509_get_subject_name(&cert
));
76 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate SubjectName:" <<
77 Ssl::ReportAndForgetErrors
);
80 out
.append(name
.get());
83 gnutls_x509_dn_t subject
;
84 auto x
= gnutls_x509_crt_get_subject(&cert
, &subject
);
85 if (x
!= GNUTLS_E_SUCCESS
) {
86 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate SubjectName: " << ErrorString(x
));
91 x
= gnutls_x509_dn_get_str(subject
, &name
);
92 if (x
!= GNUTLS_E_SUCCESS
) {
93 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot describe certificate SubjectName: " << ErrorString(x
));
96 out
.append(reinterpret_cast<const char *>(name
.data
), name
.size
);
97 gnutls_free(name
.data
);
100 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate SubjectName: " << MissingLibraryError());
108 Security::IssuedBy(Certificate
&cert
, Certificate
&issuer
)
112 const auto result
= X509_check_issued(&issuer
, &cert
);
113 if (result
== X509_V_OK
)
115 debugs(83, DBG_PARSE_NOTE(3), issuer
<< " did not sign " << cert
<< ":" <<
116 Debug::Extra
<< "X509_check_issued() result: " << X509_verify_cert_error_string(result
) << " (" << result
<< ")" <<
117 Ssl::ReportAndForgetErrors
);
119 const auto result
= gnutls_x509_crt_check_issuer(&cert
, &issuer
);
122 debugs(83, DBG_PARSE_NOTE(3), issuer
<< " did not sign " << cert
);
124 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot determine certificates relationship: " << MissingLibraryError());
132 operator <<(std::ostream
&os
, Security::Certificate
&cert
)
134 const auto name
= Security::SubjectName(cert
);
136 os
<< "[no subject name]";