1 /* $OpenBSD: tls_peer.c,v 1.9 2024/12/10 08:40:30 tb Exp $ */
2 /*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 #include <stdio.h>
20
21 #include <openssl/x509.h>
22
23 #include <tls.h>
24 #include "tls_internal.h"
25
26 const char *
tls_peer_cert_common_name(struct tls * ctx)27 tls_peer_cert_common_name(struct tls *ctx)
28 {
29 if (ctx->conninfo == NULL)
30 return (NULL);
31 return (ctx->conninfo->common_name);
32 }
33
34 const char *
tls_peer_cert_hash(struct tls * ctx)35 tls_peer_cert_hash(struct tls *ctx)
36 {
37 if (ctx->conninfo == NULL)
38 return (NULL);
39 return (ctx->conninfo->hash);
40 }
41 const char *
tls_peer_cert_issuer(struct tls * ctx)42 tls_peer_cert_issuer(struct tls *ctx)
43 {
44 if (ctx->conninfo == NULL)
45 return (NULL);
46 return (ctx->conninfo->issuer);
47 }
48
49 const char *
tls_peer_cert_subject(struct tls * ctx)50 tls_peer_cert_subject(struct tls *ctx)
51 {
52 if (ctx->conninfo == NULL)
53 return (NULL);
54 return (ctx->conninfo->subject);
55 }
56
57 int
tls_peer_cert_provided(struct tls * ctx)58 tls_peer_cert_provided(struct tls *ctx)
59 {
60 return (ctx->ssl_peer_cert != NULL);
61 }
62
63 int
tls_peer_cert_contains_name(struct tls * ctx,const char * name)64 tls_peer_cert_contains_name(struct tls *ctx, const char *name)
65 {
66 int match;
67
68 if (ctx->ssl_peer_cert == NULL)
69 return (0);
70
71 if (tls_check_name(ctx, ctx->ssl_peer_cert, name, &match) == -1)
72 return (0);
73
74 return (match);
75 }
76
77 time_t
tls_peer_cert_notbefore(struct tls * ctx)78 tls_peer_cert_notbefore(struct tls *ctx)
79 {
80 if (ctx->ssl_peer_cert == NULL)
81 return (-1);
82 if (ctx->conninfo == NULL)
83 return (-1);
84 return (ctx->conninfo->notbefore);
85 }
86
87 time_t
tls_peer_cert_notafter(struct tls * ctx)88 tls_peer_cert_notafter(struct tls *ctx)
89 {
90 if (ctx->ssl_peer_cert == NULL)
91 return (-1);
92 if (ctx->conninfo == NULL)
93 return (-1);
94 return (ctx->conninfo->notafter);
95 }
96
97 const uint8_t *
tls_peer_cert_chain_pem(struct tls * ctx,size_t * size)98 tls_peer_cert_chain_pem(struct tls *ctx, size_t *size)
99 {
100 if (ctx->ssl_peer_cert == NULL)
101 return (NULL);
102 if (ctx->conninfo == NULL)
103 return (NULL);
104 *size = ctx->conninfo->peer_cert_len;
105 return (ctx->conninfo->peer_cert);
106 }
107
108