From af62b316e7e1800e0a262151102d881225ca85a8 Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Tue, 24 Apr 2018 18:04:52 -0400 Subject: [PATCH] Extend GNU TLS certificate string. --- cups/tls-gnutls.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c index bc3cdd07d7..e692f71ef5 100644 --- a/cups/tls-gnutls.c +++ b/cups/tls-gnutls.c @@ -639,22 +639,31 @@ httpCredentialsString( if ((first = (http_credential_t *)cupsArrayFirst(credentials)) != NULL && (cert = http_gnutls_create_credential(first)) != NULL) { - char name[256]; /* Common name associated with cert */ - size_t namelen; /* Length of name */ + char name[256], /* Common name associated with cert */ + issuer[256]; /* Issuer associated with cert */ + size_t len; /* Length of string */ time_t expiration; /* Expiration date of cert */ + unsigned sigalg, sigbits;/* Signature algorithm and bits */ unsigned char md5_digest[16]; /* MD5 result */ - namelen = sizeof(name) - 1; - if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, name, &namelen) >= 0) - name[namelen] = '\0'; + len = sizeof(name) - 1; + if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, name, &len) >= 0) + name[len] = '\0'; else strlcpy(name, "unknown", sizeof(name)); + len = sizeof(issuer) - 1; + if (gnutls_x509_crt_get_issuer_dn(cert, 0, 0, issuer, &len) >= 0) + issuer[len] = '\0'; + else + strlcpy(issuer, "unknown", sizeof(issuer)); + expiration = gnutls_x509_crt_get_expiration_time(cert); + sigalg = gnutls_x509_crt_get_pk_algorithm(cert, &sigbits); cupsHashData("md5", first->data, first->datalen, md5_digest, sizeof(md5_digest)); - snprintf(buffer, bufsize, "%s / %s / %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X", name, httpGetDateString(expiration), md5_digest[0], md5_digest[1], md5_digest[2], md5_digest[3], md5_digest[4], md5_digest[5], md5_digest[6], md5_digest[7], md5_digest[8], md5_digest[9], md5_digest[10], md5_digest[11], md5_digest[12], md5_digest[13], md5_digest[14], md5_digest[15]); + snprintf(buffer, bufsize, "%s (issued by %s) / %s / %s / %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X", name, issuer, httpGetDateString(expiration), gnutls_pk_algorithm_get_name(sigalg), md5_digest[0], md5_digest[1], md5_digest[2], md5_digest[3], md5_digest[4], md5_digest[5], md5_digest[6], md5_digest[7], md5_digest[8], md5_digest[9], md5_digest[10], md5_digest[11], md5_digest[12], md5_digest[13], md5_digest[14], md5_digest[15]); gnutls_x509_crt_deinit(cert); } -- 2.47.2