SCFree(ssl_state->client_connp.cert0_subject);
if (ssl_state->client_connp.cert0_issuerdn)
SCFree(ssl_state->client_connp.cert0_issuerdn);
+ if (ssl_state->server_connp.cert0_serial)
+ SCFree(ssl_state->server_connp.cert0_serial);
if (ssl_state->client_connp.cert0_fingerprint)
SCFree(ssl_state->client_connp.cert0_fingerprint);
if (ssl_state->client_connp.sni)
}
}
+ rc = Asn1DerGetSerial(cert, buffer, sizeof(buffer), &errcode);
+ if (rc != 0) {
+ TLSCertificateErrCodeToWarning(ssl_state, errcode);
+ } else {
+ if (i == 0) {
+ if (ssl_state->server_connp.cert0_serial == NULL) {
+ ssl_state->server_connp.cert0_serial = SCStrdup(buffer);
+ }
+ if (ssl_state->server_connp.cert0_serial == NULL) {
+ DerFree(cert);
+ return -1;
+ }
+ }
+ }
+
rc = Asn1DerGetValidity(cert, ¬_before, ¬_after, &errcode);
if (rc != 0) {
TLSCertificateErrCodeToWarning(ssl_state, errcode);
#include "util-decode-der.h"
#include "util-decode-der-get.h"
+static const uint8_t SEQ_IDX_SERIAL[] = { 0, 0 };
static const uint8_t SEQ_IDX_ISSUER[] = { 0, 2 };
static const uint8_t SEQ_IDX_VALIDITY[] = { 0, 3 };
static const uint8_t SEQ_IDX_SUBJECT[] = { 0, 4 };
return rc;
}
+int Asn1DerGetSerial(const Asn1Generic *cert, char *buffer, uint32_t length,
+ uint32_t *errcode)
+{
+ const Asn1Generic *node;
+ uint32_t node_len, i;
+ int rc = -1;
+
+ if (errcode)
+ *errcode = ERR_DER_MISSING_ELEMENT;
+
+ buffer[0] = '\0';
+
+ node = Asn1DerGet(cert, SEQ_IDX_SERIAL, sizeof(SEQ_IDX_SERIAL), errcode);
+ if ((node == NULL) || node->type != ASN1_INTEGER || node->str == NULL)
+ goto serial_error;
+
+ node_len = strlen(node->str);
+
+ /* make sure the buffer is big enough */
+ if (node_len + (node_len / 2) > length)
+ goto serial_error;
+
+ /* format serial number (e.g. XX:XX:XX:XX:XX) */
+ for (i = 0; i < node_len; i++) {
+ char c[3];
+ /* insert separator before each even number */
+ if (((i % 2) == 0) && (i != 0)) {
+ snprintf(c, sizeof(c), ":%c", node->str[i]);
+ } else {
+ snprintf(c, sizeof(c), "%c", node->str[i]);
+ }
+
+ strlcat(buffer, c, length);
+ }
+
+ if (errcode)
+ *errcode = 0;
+
+ rc = 0;
+
+serial_error:
+ return rc;
+}
+
int Asn1DerGetIssuerDN(const Asn1Generic *cert, char *buffer, uint32_t length,
uint32_t *errcode)
{
const Asn1Generic * Asn1DerGet(const Asn1Generic *top, const uint8_t *seq_index, const uint32_t seqsz, uint32_t *errcode);
int Asn1DerGetIssuerDN(const Asn1Generic *cert, char *buffer, uint32_t length, uint32_t *errcode);
+int Asn1DerGetSerial(const Asn1Generic *cert, char *buffer, uint32_t length, uint32_t *errcode);
int Asn1DerGetValidity(const Asn1Generic *cert, time_t *not_before, time_t *not_after, uint32_t *errcode);
int Asn1DerGetSubjectDN(const Asn1Generic *cert, char *buffer, uint32_t length, uint32_t *errcode);
projects / people / ms / suricata.git / commitdiff
