lib/libtls/tls_peer.c

*26433cb1Stb/* $OpenBSD: tls_peer.c,v 1.9 2024/12/10 08:40:30 tb Exp $ */
a0ec9d6bSjsing/*
a0ec9d6bSjsing * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
0fb5de82Sbeck * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
a0ec9d6bSjsing *
a0ec9d6bSjsing * Permission to use, copy, modify, and distribute this software for any
a0ec9d6bSjsing * purpose with or without fee is hereby granted, provided that the above
a0ec9d6bSjsing * copyright notice and this permission notice appear in all copies.
a0ec9d6bSjsing *
a0ec9d6bSjsing * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
a0ec9d6bSjsing * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
a0ec9d6bSjsing * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
a0ec9d6bSjsing * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
a0ec9d6bSjsing * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
a0ec9d6bSjsing * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
a0ec9d6bSjsing * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
a0ec9d6bSjsing */
a0ec9d6bSjsing
a0ec9d6bSjsing#include <stdio.h>
a0ec9d6bSjsing
a0ec9d6bSjsing#include <openssl/x509.h>
a0ec9d6bSjsing
a0ec9d6bSjsing#include <tls.h>
a0ec9d6bSjsing#include "tls_internal.h"
a0ec9d6bSjsing
ab8f2ec6Sbeckconst char *
*26433cb1Stbtls_peer_cert_common_name(struct tls *ctx)
*26433cb1Stb{
*26433cb1Stb	if (ctx->conninfo == NULL)
*26433cb1Stb		return (NULL);
*26433cb1Stb	return (ctx->conninfo->common_name);
*26433cb1Stb}
*26433cb1Stb
*26433cb1Stbconst char *
ab8f2ec6Sbecktls_peer_cert_hash(struct tls *ctx)
a0ec9d6bSjsing{
b50cee5aSjsing	if (ctx->conninfo == NULL)
b50cee5aSjsing		return (NULL);
ab8f2ec6Sbeck	return (ctx->conninfo->hash);
a0ec9d6bSjsing}
ab8f2ec6Sbeckconst char *
ab8f2ec6Sbecktls_peer_cert_issuer(struct tls *ctx)
a0ec9d6bSjsing{
b50cee5aSjsing	if (ctx->conninfo == NULL)
b50cee5aSjsing		return (NULL);
ab8f2ec6Sbeck	return (ctx->conninfo->issuer);
a0ec9d6bSjsing}
a0ec9d6bSjsing
ab8f2ec6Sbeckconst char *
ab8f2ec6Sbecktls_peer_cert_subject(struct tls *ctx)
ab8f2ec6Sbeck{
b50cee5aSjsing	if (ctx->conninfo == NULL)
b50cee5aSjsing		return (NULL);
ab8f2ec6Sbeck	return (ctx->conninfo->subject);
a0ec9d6bSjsing}
0fb5de82Sbeck
0fb5de82Sbeckint
0fb5de82Sbecktls_peer_cert_provided(struct tls *ctx)
0fb5de82Sbeck{
0fb5de82Sbeck	return (ctx->ssl_peer_cert != NULL);
0fb5de82Sbeck}
0fb5de82Sbeck
0fb5de82Sbeckint
0fb5de82Sbecktls_peer_cert_contains_name(struct tls *ctx, const char *name)
0fb5de82Sbeck{
5f3c5205Sjsing	int match;
5f3c5205Sjsing
0fb5de82Sbeck	if (ctx->ssl_peer_cert == NULL)
0fb5de82Sbeck		return (0);
0fb5de82Sbeck
5f3c5205Sjsing	if (tls_check_name(ctx, ctx->ssl_peer_cert, name, &match) == -1)
5f3c5205Sjsing		return (0);
5f3c5205Sjsing
5f3c5205Sjsing	return (match);
0fb5de82Sbeck}
0fb5de82Sbeck
f00a4e85Sbecktime_t
f00a4e85Sbecktls_peer_cert_notbefore(struct tls *ctx)
f00a4e85Sbeck{
f00a4e85Sbeck	if (ctx->ssl_peer_cert == NULL)
f00a4e85Sbeck		return (-1);
f00a4e85Sbeck	if (ctx->conninfo == NULL)
f00a4e85Sbeck		return (-1);
f00a4e85Sbeck	return (ctx->conninfo->notbefore);
f00a4e85Sbeck}
f00a4e85Sbeck
f00a4e85Sbecktime_t
f00a4e85Sbecktls_peer_cert_notafter(struct tls *ctx)
f00a4e85Sbeck{
f00a4e85Sbeck	if (ctx->ssl_peer_cert == NULL)
f00a4e85Sbeck		return (-1);
f00a4e85Sbeck	if (ctx->conninfo == NULL)
f00a4e85Sbeck		return (-1);
f00a4e85Sbeck	return (ctx->conninfo->notafter);
f00a4e85Sbeck}
f00a4e85Sbeck
c67861f7Sbeckconst uint8_t *
c67861f7Sbecktls_peer_cert_chain_pem(struct tls *ctx, size_t *size)
c67861f7Sbeck{
c67861f7Sbeck	if (ctx->ssl_peer_cert == NULL)
c67861f7Sbeck		return (NULL);
c67861f7Sbeck	if (ctx->conninfo == NULL)
c67861f7Sbeck		return (NULL);
c67861f7Sbeck	*size = ctx->conninfo->peer_cert_len;
c67861f7Sbeck	return (ctx->conninfo->peer_cert);
c67861f7Sbeck}
c67861f7Sbeck