diff --git a/configure.ac b/configure.ac index 13c3eedf1..a86b2fce3 100644 --- a/configure.ac +++ b/configure.ac @@ -199,7 +199,7 @@ AC_ARG_ENABLE(bump, if test "$ENABLED_BUMP" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DSESSION_CERTS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192" + AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DCYASSL_CERT_GEN -DCYASSL_KEY_GEN -DHUGE_SESSION_CACHE -DOPENSSL_EXTRA -DFP_MAX_BITS=8192" fi # fastmath diff --git a/cyassl/internal.h b/cyassl/internal.h index 9ff1e2058..fb773239e 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -967,6 +967,7 @@ struct CYASSL_X509 { int serialSz; byte serial[EXTERNAL_SERIAL_SIZE]; char subjectCN[ASN_NAME_MAX]; /* common name short cut */ + buffer derCert; /* may need */ }; diff --git a/cyassl/ssl.h b/cyassl/ssl.h index d59dabaf1..a5ae1f003 100644 --- a/cyassl/ssl.h +++ b/cyassl/ssl.h @@ -669,6 +669,7 @@ CYASSL_API int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN*, int idx, CYASSL_API const unsigned char* CyaSSL_get_sessionID(const CYASSL_SESSION* s); CYASSL_API int CyaSSL_X509_get_serial_number(CYASSL_X509*,unsigned char*,int*); CYASSL_API char* CyaSSL_X509_get_subjectCN(CYASSL_X509*); +CYASSL_API const unsigned char* CyaSSL_X509_get_der(CYASSL_X509*, int*); /* connect enough to get peer cert */ CYASSL_API int CyaSSL_connect_cert(CYASSL* ssl); diff --git a/src/internal.c b/src/internal.c index 9fe6cd05f..d370a40a8 100644 --- a/src/internal.c +++ b/src/internal.c @@ -690,6 +690,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) ssl->buffers.prevSent = 0; ssl->buffers.plainSz = 0; +#ifdef OPENSSL_EXTRA + ssl->peerCert.derCert.buffer = 0; +#endif + ssl->rfd = -1; /* set to invalid descriptor */ ssl->wfd = -1; ssl->biord = 0; @@ -876,6 +880,7 @@ void SSL_ResourceFree(CYASSL* ssl) if (ssl->buffers.outputBuffer.dynamicFlag) ShrinkOutputBuffer(ssl); #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) + XFREE(ssl->peerCert.derCert.buffer, ssl->heap, DYNAMIC_TYPE_CERT); CyaSSL_BIO_free(ssl->biord); if (ssl->biord != ssl->biowr) /* in case same as write */ CyaSSL_BIO_free(ssl->biowr); @@ -1604,6 +1609,14 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx) } else ssl->peerCert.subjectCN[0] = '\0'; + + /* store cert for potential retrieval */ + ssl->peerCert.derCert.buffer = (byte*)XMALLOC(myCert.length, ssl->heap, + DYNAMIC_TYPE_CERT); + if (ssl->peerCert.derCert.buffer == NULL) + return MEMORY_E; + XMEMCPY(ssl->peerCert.derCert.buffer, myCert.buffer, myCert.length); + ssl->peerCert.derCert.length = myCert.length; #endif /* store for callback use */ diff --git a/src/ssl.c b/src/ssl.c index 000ce8369..3150afb14 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -382,6 +382,22 @@ int CyaSSL_CTX_set_group_messages(CYASSL_CTX* ctx) } +/* connect enough to get peer cert chain */ +int CyaSSL_connect_cert(CYASSL* ssl) +{ + int ret; + + if (ssl == NULL) + return SSL_FAILURE; + + ssl->options.certOnly = 1; + ret = CyaSSL_connect(ssl); + ssl->options.certOnly = 0; + + return ret; +} + + /* trun on handshake group messages for ssl object */ int CyaSSL_set_group_messages(CYASSL* ssl) { @@ -4495,6 +4511,19 @@ int CyaSSL_set_compression(CYASSL* ssl) return 0; } + + const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz) + { + CYASSL_ENTER("CyaSSL_X509_get_der"); + + if (x509 == NULL || outSz == NULL) + return NULL; + + *outSz = (int)x509->derCert.length; + return x509->derCert.buffer; + } + + char* CyaSSL_X509_get_subjectCN(CYASSL_X509* x509) { if (x509 == NULL) @@ -4603,20 +4632,5 @@ const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session) } -/* connect enough to get peer cert chain */ -int CyaSSL_connect_cert(CYASSL* ssl) -{ - int ret; - - if (ssl == NULL) - return SSL_FAILURE; - - ssl->options.certOnly = 1; - ret = CyaSSL_connect(ssl); - ssl->options.certOnly = 0; - - return ret; -} - #endif /* SESSION_CERTS */