From 2ff952a5dd294f8f53110ab53a588630a84e8653 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 7 Oct 2018 16:00:28 +0300 Subject: [PATCH] OpenSSL: Make serial number of peer certificate available in event_cb Add serial number to the event_cb() information for the peer certificate chain. Signed-off-by: Jouni Malinen --- src/crypto/tls.h | 1 + src/crypto/tls_openssl.c | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/src/crypto/tls.h b/src/crypto/tls.h index 585db8bbe..86a1cded6 100644 --- a/src/crypto/tls.h +++ b/src/crypto/tls.h @@ -64,6 +64,7 @@ union tls_event_data { size_t hash_len; const char *altsubject[TLS_MAX_ALT_SUBJECT]; int num_altsubject; + const char *serial_num; } peer_cert; struct { diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 79ac909d0..0244897f3 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -111,6 +111,12 @@ static int RSA_bits(const RSA *r) return BN_num_bits(r->n); } #endif /* CONFIG_SUITEB */ + + +static const unsigned char * ASN1_STRING_get0_data(const ASN1_STRING *x) +{ + return ASN1_STRING_data((ASN1_STRING *) x); +} #endif #ifdef ANDROID @@ -1824,6 +1830,8 @@ static void openssl_tls_cert_event(struct tls_connection *conn, GENERAL_NAME *gen; void *ext; stack_index_t i; + ASN1_INTEGER *ser; + char serial_num[128]; #ifdef CONFIG_SHA256 u8 hash[32]; #endif /* CONFIG_SHA256 */ @@ -1852,6 +1860,14 @@ static void openssl_tls_cert_event(struct tls_connection *conn, ev.peer_cert.depth = depth; ev.peer_cert.subject = subject; + ser = X509_get_serialNumber(err_cert); + if (ser) { + wpa_snprintf_hex_uppercase(serial_num, sizeof(serial_num), + ASN1_STRING_get0_data(ser), + ASN1_STRING_length(ser)); + ev.peer_cert.serial_num = serial_num; + } + ext = X509_get_ext_d2i(err_cert, NID_subject_alt_name, NULL, NULL); for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { char *pos;