DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

TLS: Add tls_connection_peer_serial_num()

Browse source 
This can be used to fetch the serial number of the peer certificate in
the EAP server. For now, this is implemented only with OpenSSL.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-10-07 16:47:25 +03:00 committed by Jouni Malinen
parent 18003b315b
commit 0ec3e77a13
6 changed files with 68 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/crypto/tls.h
View file

@ -253,6 +253,18 @@ void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn);
*/ */
int tls_connection_established(void *tls_ctx, struct tls_connection *conn); int tls_connection_established(void *tls_ctx, struct tls_connection *conn);
/**
* tls_connection_peer_serial_num - Fetch peer certificate serial number
* @tls_ctx: TLS context data from tls_init()
* @conn: Connection context data from tls_connection_init()
* Returns: Allocated string buffer containing the peer certificate serial
* number or %NULL on error.
*
* The caller is responsible for freeing the returned buffer with os_free().
*/
char * tls_connection_peer_serial_num(void *tls_ctx,
struct tls_connection *conn);
/** /**
* tls_connection_shutdown - Shutdown TLS connection * tls_connection_shutdown - Shutdown TLS connection
* @tls_ctx: TLS context data from tls_init() * @tls_ctx: TLS context data from tls_init()

8
src/crypto/tls_gnutls.c
View file

@ -295,6 +295,14 @@ int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
} }
char * tls_connection_peer_serial_num(void *tls_ctx,
struct tls_connection *conn)
{
/* TODO */
return NULL;
}
int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
{ {
struct tls_global *global = ssl_ctx; struct tls_global *global = ssl_ctx;

8
src/crypto/tls_internal.c
View file

@ -177,6 +177,14 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
} }
char * tls_connection_peer_serial_num(void *tls_ctx,
struct tls_connection *conn)
{
/* TODO */
return NULL;
}
int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
{ {
#ifdef CONFIG_TLS_INTERNAL_CLIENT #ifdef CONFIG_TLS_INTERNAL_CLIENT

7
src/crypto/tls_none.c
View file

@ -45,6 +45,13 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
} }
char * tls_connection_peer_serial_num(void *tls_ctx,
struct tls_connection *conn)
{
return NULL;
}
int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
{ {
return -1; return -1;

25
src/crypto/tls_openssl.c
View file

@ -1546,6 +1546,31 @@ int tls_connection_established(void *ssl_ctx, struct tls_connection *conn)
} }
char * tls_connection_peer_serial_num(void *tls_ctx,
struct tls_connection *conn)
{
ASN1_INTEGER *ser;
char *serial_num;
size_t len;
if (!conn->peer_cert)
return NULL;
ser = X509_get_serialNumber(conn->peer_cert);
if (!ser)
return NULL;
len = ASN1_STRING_length(ser) * 2 + 1;
serial_num = os_malloc(len);
if (!serial_num)
return NULL;
wpa_snprintf_hex_uppercase(serial_num, len,
ASN1_STRING_get0_data(ser),
ASN1_STRING_length(ser));
return serial_num;
}
int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn)
{ {
if (conn == NULL) if (conn == NULL)

8
src/crypto/tls_wolfssl.c
View file

@ -347,6 +347,14 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn)
} }
char * tls_connection_peer_serial_num(void *tls_ctx,
struct tls_connection *conn)
{
/* TODO */
return NULL;
}
int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn)
{ {
WOLFSSL_SESSION *session; WOLFSSL_SESSION *session;