generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

New functions to retrieve certificate from SSL_CTX

Browse Source 
New functions to retrieve current certificate or private key
from an SSL_CTX.

Constify SSL_get_private_key().
This commit is contained in:
Dr. Stephen Henson 2013-11-18 18:49:46 +00:00
parent 60aeb18750
commit a25f9adc77
3 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/ssl/ssl.pod
View File

@ -374,6 +374,10 @@ session instead of a context.
=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type); =item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
=item X509 *B<SSL_CTX_get0_certificate>(const SSL_CTX *ctx);
=item EVP_PKEY *B<SSL_CTX_get0_privatekey>(const SSL_CTX *ctx);
=item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)); =item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len));
=item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint); =item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint);
@ -507,7 +511,7 @@ connection defined in the B<SSL> structure.
=item X509 *B<SSL_get_peer_certificate>(const SSL *ssl); =item X509 *B<SSL_get_peer_certificate>(const SSL *ssl);
=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl); =item EVP_PKEY *B<SSL_get_privatekey>(const SSL *ssl);
=item int B<SSL_get_quiet_shutdown>(const SSL *ssl); =item int B<SSL_get_quiet_shutdown>(const SSL *ssl);

5
ssl/ssl.h
View File

@ -2377,7 +2377,10 @@ STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
SSL *SSL_dup(SSL *ssl); SSL *SSL_dup(SSL *ssl);
X509 *SSL_get_certificate(const SSL *ssl); X509 *SSL_get_certificate(const SSL *ssl);
/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl); /* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);

20
ssl/ssl_lib.c
View File

@ -3103,7 +3103,6 @@ void ssl_clear_cipher_ctx(SSL *s)
#endif #endif
} }
/* Fix this function so that it takes an optional type parameter */
X509 *SSL_get_certificate(const SSL *s) X509 *SSL_get_certificate(const SSL *s)
{ {
if (s->cert != NULL) if (s->cert != NULL)
@ -3112,8 +3111,7 @@ X509 *SSL_get_certificate(const SSL *s)
return(NULL); return(NULL);
} }
/* Fix this function so that it takes an optional type parameter */ EVP_PKEY *SSL_get_privatekey(const SSL *s)
EVP_PKEY *SSL_get_privatekey(SSL *s)
{ {
if (s->cert != NULL) if (s->cert != NULL)
return(s->cert->key->privatekey); return(s->cert->key->privatekey);
@ -3121,6 +3119,22 @@ EVP_PKEY *SSL_get_privatekey(SSL *s)
return(NULL); return(NULL);
} }
X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
{
if (ctx->cert != NULL)
return ctx->cert->key->x509;
else
return NULL;
}
EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
{
if (ctx->cert != NULL)
return ctx->cert->key->privatekey;
else
return NULL ;
}
const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
{ {
if ((s->session != NULL) && (s->session->cipher != NULL)) if ((s->session != NULL) && (s->session->cipher != NULL))