TLS: Add tls_connection_peer_serial_num()

author Jouni Malinen <jouni@codeaurora.org>

Sun, 7 Oct 2018 13:47:25 +0000 (16:47 +0300)

committer Jouni Malinen <j@w1.fi>

Thu, 11 Oct 2018 09:12:30 +0000 (12:12 +0300)
author Jouni Malinen <jouni@codeaurora.org>
Sun, 7 Oct 2018 13:47:25 +0000 (16:47 +0300)
committer Jouni Malinen <j@w1.fi>
Thu, 11 Oct 2018 09:12:30 +0000 (12:12 +0300)
diff --git a/src/crypto/tls.h b/src/crypto/tls.h

index 86a1cded6f2941220a9c617d09da0351991d7a85..481b34681d7baf55004f8bab1c96d011b8cff41f 100644 (file)
--- a/src/crypto/tls.h
+++ b/src/crypto/tls.h
@@ -253,6 +253,18 @@ void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn);
   */
  int tls_connection_established(void *tls_ctx, struct tls_connection *conn);
  
+/**
+ * tls_connection_peer_serial_num - Fetch peer certificate serial number
+ * @tls_ctx: TLS context data from tls_init()
+ * @conn: Connection context data from tls_connection_init()
+ * Returns: Allocated string buffer containing the peer certificate serial
+ * number or %NULL on error.
+ *
+ * The caller is responsible for freeing the returned buffer with os_free().
+ */
+char * tls_connection_peer_serial_num(void *tls_ctx,
+                                     struct tls_connection *conn);
+
  /**
   * tls_connection_shutdown - Shutdown TLS connection
   * @tls_ctx: TLS context data from tls_init()
diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c

index 7ee3fa3a00a0a786e556c75c95d8030890ed0915..36dafd2603f0c2f52d1bebb4cc6f874e9b753638 100644 (file)
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -295,6 +295,14 @@ int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
  }
  
  
+char * tls_connection_peer_serial_num(void *tls_ctx,
+                                     struct tls_connection *conn)
+{
+       /* TODO */
+       return NULL;
+}
+
+
  int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
  {
         struct tls_global *global = ssl_ctx;
diff --git a/src/crypto/tls_internal.c b/src/crypto/tls_internal.c

index c7cb5ded331f2dcaec6df3dfe3fc7f3425228659..d289c9442ceb35e5eeed0657ce8689b0cfea3aeb 100644 (file)
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@@ -177,6 +177,14 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
  }
  
  
+char * tls_connection_peer_serial_num(void *tls_ctx,
+                                     struct tls_connection *conn)
+{
+       /* TODO */
+       return NULL;
+}
+
+
  int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
  {
  #ifdef CONFIG_TLS_INTERNAL_CLIENT
diff --git a/src/crypto/tls_none.c b/src/crypto/tls_none.c

index dd5681e9ca3c3871fc1d5c1f808e26cbcee4b365..5d0c6bda15479faa332092bd7cff1da5c4843ff8 100644 (file)
--- a/src/crypto/tls_none.c
+++ b/src/crypto/tls_none.c
@@ -45,6 +45,13 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
  }
  
  
+char * tls_connection_peer_serial_num(void *tls_ctx,
+                                     struct tls_connection *conn)
+{
+       return NULL;
+}
+
+
  int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
  {
         return -1;
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c

index 0244897f35d97eb826299f9f9725ad38f9e95ef8..0d5ebda699f02891e4c14a796fb4d222c55d713c 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1546,6 +1546,31 @@ int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
  }
  
  
+char * tls_connection_peer_serial_num(void *tls_ctx,
+                                     struct tls_connection *conn)
+{
+       ASN1_INTEGER *ser;
+       char *serial_num;
+       size_t len;
+
+       if (!conn->peer_cert)
+               return NULL;
+
+       ser = X509_get_serialNumber(conn->peer_cert);
+       if (!ser)
+               return NULL;
+
+       len = ASN1_STRING_length(ser) * 2 + 1;
+       serial_num = os_malloc(len);
+       if (!serial_num)
+               return NULL;
+       wpa_snprintf_hex_uppercase(serial_num, len,
+                                  ASN1_STRING_get0_data(ser),
+                                  ASN1_STRING_length(ser));
+       return serial_num;
+}
+
+
  int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
  {
         if (conn == NULL)
diff --git a/src/crypto/tls_wolfssl.c b/src/crypto/tls_wolfssl.c

index 9544e2f7e24366b4fb8343895f351c29dcbe403c..cc8c704466d2bea806fabc80830f1603cbe0e575 100644 (file)
--- a/src/crypto/tls_wolfssl.c
+++ b/src/crypto/tls_wolfssl.c
@@ -347,6 +347,14 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
  }
  
  
+char * tls_connection_peer_serial_num(void *tls_ctx,
+                                     struct tls_connection *conn)
+{
+       /* TODO */
+       return NULL;
+}
+
+
  int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
  {
         WOLFSSL_SESSION *session;
author	Jouni Malinen <jouni@codeaurora.org>
	Sun, 7 Oct 2018 13:47:25 +0000 (16:47 +0300)
committer	Jouni Malinen <j@w1.fi>
	Thu, 11 Oct 2018 09:12:30 +0000 (12:12 +0300)
src/crypto/tls.h		patch \| blob \| blame \| history
src/crypto/tls_gnutls.c		patch \| blob \| blame \| history
src/crypto/tls_internal.c		patch \| blob \| blame \| history
src/crypto/tls_none.c		patch \| blob \| blame \| history
src/crypto/tls_openssl.c		patch \| blob \| blame \| history
src/crypto/tls_wolfssl.c		patch \| blob \| blame \| history