Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Tor
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Container Registry
Model registry
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
The Tor Project
Core
Tor
Commits
0ec2a34a
Commit
0ec2a34a
authored
21 years ago
by
Nick Mathewson
Browse files
Options
Downloads
Patches
Plain Diff
Code to get nicknames from peer certs
svn:r627
parent
ec964191
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
src/common/tortls.c
+33
-3
33 additions, 3 deletions
src/common/tortls.c
src/common/tortls.h
+1
-0
1 addition, 0 deletions
src/common/tortls.h
with
34 additions
and
3 deletions
src/common/tortls.c
+
33
−
3
View file @
0ec2a34a
...
...
@@ -12,6 +12,9 @@
#include
"./util.h"
#include
"./log.h"
/* Copied from or.h */
#define LEGAL_NICKNAME_CHARACTERS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
#include
<assert.h>
#include
<openssl/ssl.h>
#include
<openssl/err.h>
...
...
@@ -132,7 +135,6 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
EVP_PKEY
*
pkey
=
NULL
;
X509
*
x509
=
NULL
;
X509_NAME
*
name
=
NULL
;
BIO
*
out
=
NULL
;
int
nid
;
int
err
;
...
...
@@ -178,8 +180,6 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
error:
err
=
1
;
done:
if
(
out
)
BIO_free
(
out
);
if
(
x509
&&
err
)
X509_free
(
x509
);
if
(
pkey
)
...
...
@@ -461,6 +461,36 @@ tor_tls_peer_has_cert(tor_tls *tls)
return
1
;
}
int
tor_tls_get_peer_cert_nickname
(
tor_tls
*
tls
,
char
*
buf
,
int
buflen
)
{
X509
*
cert
=
NULL
;
X509_NAME
*
name
=
NULL
;
int
nid
;
int
lenout
;
int
i
;
if
(
!
(
cert
=
SSL_get_peer_certificate
(
tls
->
ssl
)))
{
log_fn
(
LOG_ERR
,
"Peer has no certificate"
);
return
-
1
;
}
if
(
!
(
name
=
X509_get_subject_name
(
cert
)))
{
log_fn
(
LOG_ERR
,
"Peer certificate has no subject name"
);
return
-
1
;
}
if
((
nid
=
OBJ_txt2nid
(
"commonName"
))
==
NID_undef
)
return
-
1
;
lenout
=
X509_NAME_get_text_by_NID
(
name
,
nid
,
buf
,
buflen
);
if
(
lenout
==
-
1
)
return
-
1
;
if
(
strspn
(
buf
,
LEGAL_NICKNAME_CHARACTERS
)
!=
lenout
)
{
log_fn
(
LOG_ERR
,
"Peer certificate nickname has illegal characters."
);
return
-
1
;
}
return
0
;
}
/* If the provided tls connection is authenticated and has a
* certificate that is currently valid and is correctly self-signed,
* return its public key. Otherwise return NULL.
...
...
This diff is collapsed.
Click to expand it.
src/common/tortls.h
+
1
−
0
View file @
0ec2a34a
...
...
@@ -21,6 +21,7 @@ int tor_tls_context_new(crypto_pk_env_t *rsa, int isServer, const char *nickname
tor_tls
*
tor_tls_new
(
int
sock
,
int
isServer
);
void
tor_tls_free
(
tor_tls
*
tls
);
int
tor_tls_peer_has_cert
(
tor_tls
*
tls
);
int
tor_tls_get_peer_cert_nickname
(
tor_tls
*
tls
,
char
*
buf
,
int
buflen
);
crypto_pk_env_t
*
tor_tls_verify
(
tor_tls
*
tls
);
int
tor_tls_read
(
tor_tls
*
tls
,
char
*
cp
,
int
len
);
int
tor_tls_write
(
tor_tls
*
tls
,
char
*
cp
,
int
n
);
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
