1*72c33676SMaxim Ag /* $OpenBSD: tls_peer.c,v 1.8 2017/04/10 17:11:13 jsing Exp $ */
2f5b1c8a1SJohn Marino /*
3f5b1c8a1SJohn Marino * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4f5b1c8a1SJohn Marino * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
5f5b1c8a1SJohn Marino *
6f5b1c8a1SJohn Marino * Permission to use, copy, modify, and distribute this software for any
7f5b1c8a1SJohn Marino * purpose with or without fee is hereby granted, provided that the above
8f5b1c8a1SJohn Marino * copyright notice and this permission notice appear in all copies.
9f5b1c8a1SJohn Marino *
10f5b1c8a1SJohn Marino * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11f5b1c8a1SJohn Marino * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12f5b1c8a1SJohn Marino * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13f5b1c8a1SJohn Marino * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14f5b1c8a1SJohn Marino * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15f5b1c8a1SJohn Marino * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16f5b1c8a1SJohn Marino * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17f5b1c8a1SJohn Marino */
18f5b1c8a1SJohn Marino
19f5b1c8a1SJohn Marino #include <stdio.h>
20f5b1c8a1SJohn Marino
21f5b1c8a1SJohn Marino #include <openssl/x509.h>
22f5b1c8a1SJohn Marino
23f5b1c8a1SJohn Marino #include <tls.h>
24f5b1c8a1SJohn Marino #include "tls_internal.h"
25f5b1c8a1SJohn Marino
26f5b1c8a1SJohn Marino const char *
tls_peer_cert_hash(struct tls * ctx)27f5b1c8a1SJohn Marino tls_peer_cert_hash(struct tls *ctx)
28f5b1c8a1SJohn Marino {
29*72c33676SMaxim Ag if (ctx->conninfo == NULL)
30*72c33676SMaxim Ag return (NULL);
31f5b1c8a1SJohn Marino return (ctx->conninfo->hash);
32f5b1c8a1SJohn Marino }
33f5b1c8a1SJohn Marino const char *
tls_peer_cert_issuer(struct tls * ctx)34f5b1c8a1SJohn Marino tls_peer_cert_issuer(struct tls *ctx)
35f5b1c8a1SJohn Marino {
36*72c33676SMaxim Ag if (ctx->conninfo == NULL)
37*72c33676SMaxim Ag return (NULL);
38f5b1c8a1SJohn Marino return (ctx->conninfo->issuer);
39f5b1c8a1SJohn Marino }
40f5b1c8a1SJohn Marino
41f5b1c8a1SJohn Marino const char *
tls_peer_cert_subject(struct tls * ctx)42f5b1c8a1SJohn Marino tls_peer_cert_subject(struct tls *ctx)
43f5b1c8a1SJohn Marino {
44*72c33676SMaxim Ag if (ctx->conninfo == NULL)
45*72c33676SMaxim Ag return (NULL);
46f5b1c8a1SJohn Marino return (ctx->conninfo->subject);
47f5b1c8a1SJohn Marino }
48f5b1c8a1SJohn Marino
49f5b1c8a1SJohn Marino int
tls_peer_cert_provided(struct tls * ctx)50f5b1c8a1SJohn Marino tls_peer_cert_provided(struct tls *ctx)
51f5b1c8a1SJohn Marino {
52f5b1c8a1SJohn Marino return (ctx->ssl_peer_cert != NULL);
53f5b1c8a1SJohn Marino }
54f5b1c8a1SJohn Marino
55f5b1c8a1SJohn Marino int
tls_peer_cert_contains_name(struct tls * ctx,const char * name)56f5b1c8a1SJohn Marino tls_peer_cert_contains_name(struct tls *ctx, const char *name)
57f5b1c8a1SJohn Marino {
58*72c33676SMaxim Ag int match;
59*72c33676SMaxim Ag
60f5b1c8a1SJohn Marino if (ctx->ssl_peer_cert == NULL)
61f5b1c8a1SJohn Marino return (0);
62f5b1c8a1SJohn Marino
63*72c33676SMaxim Ag if (tls_check_name(ctx, ctx->ssl_peer_cert, name, &match) == -1)
64*72c33676SMaxim Ag return (0);
65*72c33676SMaxim Ag
66*72c33676SMaxim Ag return (match);
67f5b1c8a1SJohn Marino }
68f5b1c8a1SJohn Marino
69f5b1c8a1SJohn Marino time_t
tls_peer_cert_notbefore(struct tls * ctx)70f5b1c8a1SJohn Marino tls_peer_cert_notbefore(struct tls *ctx)
71f5b1c8a1SJohn Marino {
72f5b1c8a1SJohn Marino if (ctx->ssl_peer_cert == NULL)
73f5b1c8a1SJohn Marino return (-1);
74f5b1c8a1SJohn Marino if (ctx->conninfo == NULL)
75f5b1c8a1SJohn Marino return (-1);
76f5b1c8a1SJohn Marino return (ctx->conninfo->notbefore);
77f5b1c8a1SJohn Marino }
78f5b1c8a1SJohn Marino
79f5b1c8a1SJohn Marino time_t
tls_peer_cert_notafter(struct tls * ctx)80f5b1c8a1SJohn Marino tls_peer_cert_notafter(struct tls *ctx)
81f5b1c8a1SJohn Marino {
82f5b1c8a1SJohn Marino if (ctx->ssl_peer_cert == NULL)
83f5b1c8a1SJohn Marino return (-1);
84f5b1c8a1SJohn Marino if (ctx->conninfo == NULL)
85f5b1c8a1SJohn Marino return (-1);
86f5b1c8a1SJohn Marino return (ctx->conninfo->notafter);
87f5b1c8a1SJohn Marino }
88f5b1c8a1SJohn Marino
89*72c33676SMaxim Ag const uint8_t *
tls_peer_cert_chain_pem(struct tls * ctx,size_t * size)90*72c33676SMaxim Ag tls_peer_cert_chain_pem(struct tls *ctx, size_t *size)
91*72c33676SMaxim Ag {
92*72c33676SMaxim Ag if (ctx->ssl_peer_cert == NULL)
93*72c33676SMaxim Ag return (NULL);
94*72c33676SMaxim Ag if (ctx->conninfo == NULL)
95*72c33676SMaxim Ag return (NULL);
96*72c33676SMaxim Ag *size = ctx->conninfo->peer_cert_len;
97*72c33676SMaxim Ag return (ctx->conninfo->peer_cert);
98*72c33676SMaxim Ag }
99*72c33676SMaxim Ag
100