#include "./util.h"
#include "./log.h"
+/* Copied from or.h */
+#define LEGAL_NICKNAME_CHARACTERS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+
#include <assert.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
X509_NAME *name = NULL;
- BIO *out = NULL;
int nid;
int err;
error:
err = 1;
done:
- if (out)
- BIO_free(out);
if (x509 && err)
X509_free(x509);
if (pkey)
return 1;
}
+int
+tor_tls_get_peer_cert_nickname(tor_tls *tls, char *buf, int buflen)
+{
+ X509 *cert = NULL;
+ X509_NAME *name = NULL;
+ int nid;
+ int lenout;
+ int i;
+
+ if (!(cert = SSL_get_peer_certificate(tls->ssl))) {
+ log_fn(LOG_ERR, "Peer has no certificate");
+ return -1;
+ }
+ if (!(name = X509_get_subject_name(cert))) {
+ log_fn(LOG_ERR, "Peer certificate has no subject name");
+ return -1;
+ }
+ if ((nid = OBJ_txt2nid("commonName")) == NID_undef)
+ return -1;
+
+ lenout = X509_NAME_get_text_by_NID(name, nid, buf, buflen);
+ if (lenout == -1)
+ return -1;
+ if (strspn(buf, LEGAL_NICKNAME_CHARACTERS) != lenout) {
+ log_fn(LOG_ERR, "Peer certificate nickname has illegal characters.");
+ return -1;
+ }
+ return 0;
+}
+
/* If the provided tls connection is authenticated and has a
* certificate that is currently valid and is correctly self-signed,
* return its public key. Otherwise return NULL.
tor_tls *tor_tls_new(int sock, int isServer);
void tor_tls_free(tor_tls *tls);
int tor_tls_peer_has_cert(tor_tls *tls);
+int tor_tls_get_peer_cert_nickname(tor_tls *tls, char *buf, int buflen);
crypto_pk_env_t *tor_tls_verify(tor_tls *tls);
int tor_tls_read(tor_tls *tls, char *cp, int len);
int tor_tls_write(tor_tls *tls, char *cp, int n);
projects / thirdparty / tor.git / commitdiff
