TLS: Add tls_connection_peer_serial_num()
This can be used to fetch the serial number of the peer certificate in the EAP server. For now, this is implemented only with OpenSSL. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
		
							parent
							
								
									18003b315b
								
							
						
					
					
						commit
						0ec3e77a13
					
				
					 6 changed files with 68 additions and 0 deletions
				
			
		|  | @ -253,6 +253,18 @@ void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn); | |||
|  */ | ||||
| int tls_connection_established(void *tls_ctx, struct tls_connection *conn); | ||||
| 
 | ||||
| /**
 | ||||
|  * tls_connection_peer_serial_num - Fetch peer certificate serial number | ||||
|  * @tls_ctx: TLS context data from tls_init() | ||||
|  * @conn: Connection context data from tls_connection_init() | ||||
|  * Returns: Allocated string buffer containing the peer certificate serial | ||||
|  * number or %NULL on error. | ||||
|  * | ||||
|  * The caller is responsible for freeing the returned buffer with os_free(). | ||||
|  */ | ||||
| char * tls_connection_peer_serial_num(void *tls_ctx, | ||||
| 				      struct tls_connection *conn); | ||||
| 
 | ||||
| /**
 | ||||
|  * tls_connection_shutdown - Shutdown TLS connection | ||||
|  * @tls_ctx: TLS context data from tls_init() | ||||
|  |  | |||
|  | @ -295,6 +295,14 @@ int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) | |||
| } | ||||
| 
 | ||||
| 
 | ||||
| char * tls_connection_peer_serial_num(void *tls_ctx, | ||||
| 				      struct tls_connection *conn) | ||||
| { | ||||
| 	/* TODO */ | ||||
| 	return NULL; | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) | ||||
| { | ||||
| 	struct tls_global *global = ssl_ctx; | ||||
|  |  | |||
|  | @ -177,6 +177,14 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn) | |||
| } | ||||
| 
 | ||||
| 
 | ||||
| char * tls_connection_peer_serial_num(void *tls_ctx, | ||||
| 				      struct tls_connection *conn) | ||||
| { | ||||
| 	/* TODO */ | ||||
| 	return NULL; | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) | ||||
| { | ||||
| #ifdef CONFIG_TLS_INTERNAL_CLIENT | ||||
|  |  | |||
|  | @ -45,6 +45,13 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn) | |||
| } | ||||
| 
 | ||||
| 
 | ||||
| char * tls_connection_peer_serial_num(void *tls_ctx, | ||||
| 				      struct tls_connection *conn) | ||||
| { | ||||
| 	return NULL; | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) | ||||
| { | ||||
| 	return -1; | ||||
|  |  | |||
|  | @ -1546,6 +1546,31 @@ int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) | |||
| } | ||||
| 
 | ||||
| 
 | ||||
| char * tls_connection_peer_serial_num(void *tls_ctx, | ||||
| 				      struct tls_connection *conn) | ||||
| { | ||||
| 	ASN1_INTEGER *ser; | ||||
| 	char *serial_num; | ||||
| 	size_t len; | ||||
| 
 | ||||
| 	if (!conn->peer_cert) | ||||
| 		return NULL; | ||||
| 
 | ||||
| 	ser = X509_get_serialNumber(conn->peer_cert); | ||||
| 	if (!ser) | ||||
| 		return NULL; | ||||
| 
 | ||||
| 	len = ASN1_STRING_length(ser) * 2 + 1; | ||||
| 	serial_num = os_malloc(len); | ||||
| 	if (!serial_num) | ||||
| 		return NULL; | ||||
| 	wpa_snprintf_hex_uppercase(serial_num, len, | ||||
| 				   ASN1_STRING_get0_data(ser), | ||||
| 				   ASN1_STRING_length(ser)); | ||||
| 	return serial_num; | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) | ||||
| { | ||||
| 	if (conn == NULL) | ||||
|  |  | |||
|  | @ -347,6 +347,14 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn) | |||
| } | ||||
| 
 | ||||
| 
 | ||||
| char * tls_connection_peer_serial_num(void *tls_ctx, | ||||
| 				      struct tls_connection *conn) | ||||
| { | ||||
| 	/* TODO */ | ||||
| 	return NULL; | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) | ||||
| { | ||||
| 	WOLFSSL_SESSION *session; | ||||
|  |  | |||
		Loading…
	
		Reference in a new issue
	
	 Jouni Malinen
						Jouni Malinen