Warmcat homepage andy@warmcat.com
libwebsockets
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1752061156, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"4362416eafaf363840968c6fd91e13b3", "commit": {"type":"commit", "time": 1491259642, "time_ofs": 60, "oid_tree": { "oid": "94d7f3aadeabc1567bcd3663c2629d1d134cbd88", "alias": []}, "oid":{ "oid": "5969a2dd2cce3ee4f35cc256256d9c8119080e98", "alias": []}, "msg": "Print CA names in s_server, add -requestCAfile to s_client", "sig_commit": { "git_time": { "time": 1491259642, "offset": 60 }, "name": "Dr. Stephen Henson", "email": "steve@openssl.org", "md5": "fb4026c8240f7577a612418c24e54343" }, "sig_author": { "git_time": { "time": 1490976268, "offset": 60 }, "name": "Dr. Stephen Henson", "email": "steve@openssl.org", "md5": "fb4026c8240f7577a612418c24e54343" }}, "body": "Print CA names in s_server, add -requestCAfile to s_client\n\nReviewed-by: Rich Salz \u003crsalz@openssl.org\u003e\n(Merged from https://github.com/openssl/openssl/pull/3015)" , "diff": "diff --git a/apps/s_apps.h b/apps/s_apps.h\nindex bf27de2..aa0565d 100644\n--- a/apps/s_apps.h\n+++ b/apps/s_apps.h\n@@ -77,4 +77,5 @@ int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,\n int crl_download);\n void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);\n int set_keylog_file(SSL_CTX *ctx, const char *keylog_file);\n+void print_ca_names(BIO *bio, SSL *s);\n #endif\ndiff --git a/apps/s_cb.c b/apps/s_cb.c\nindex 8c6ce48..1b68164 100644\n--- a/apps/s_cb.c\n+++ b/apps/s_cb.c\n@@ -1426,3 +1426,21 @@ int set_keylog_file(SSL_CTX *ctx, const char *keylog_file)\n SSL_CTX_set_keylog_callback(ctx, keylog_callback);\n return 0;\n }\n+\n+void print_ca_names(BIO *bio, SSL *s)\n+{\n+ const char *cs \u003d SSL_is_server(s) ? \u0022server\u0022 : \u0022client\u0022;\n+ const STACK_OF(X509_NAME) *sk \u003d SSL_get0_peer_CA_list(s);\n+ int i;\n+\n+ if (sk \u003d\u003d NULL || sk_X509_NAME_num(sk) \u003d\u003d 0) {\n+ BIO_printf(bio, \u0022---\u005cnNo %s certificate CA names sent\u005cn\u0022, cs);\n+ return;\n+ }\n+\n+ BIO_printf(bio, \u0022---\u005cnAcceptable %s certificate CA names\u005cn\u0022,cs);\n+ for (i \u003d 0; i \u003c sk_X509_NAME_num(sk); i++) {\n+ X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, XN_FLAG_ONELINE);\n+ BIO_write(bio, \u0022\u005cn\u0022, 1);\n+ }\n+}\ndiff --git a/apps/s_client.c b/apps/s_client.c\nindex 8e1a5dd..9267393 100644\n--- a/apps/s_client.c\n+++ b/apps/s_client.c\n@@ -588,7 +588,7 @@ const OPTIONS s_client_options[] \u003d {\n {\u0022no-CApath\u0022, OPT_NOCAPATH, '-',\n \u0022Do not load certificates from the default certificates directory\u0022},\n {\u0022requestCAfile\u0022, OPT_REQCAFILE, '\u003c',\n- \u0022PEM format file of CA names sent to server\u0022},\n+ \u0022PEM format file of CA names to send to the server\u0022},\n {\u0022dane_tlsa_domain\u0022, OPT_DANE_TLSA_DOMAIN, 's', \u0022DANE TLSA base domain\u0022},\n {\u0022dane_tlsa_rrdata\u0022, OPT_DANE_TLSA_RRDATA, 's',\n \u0022DANE TLSA rrdata presentation form\u0022},\n@@ -1585,6 +1585,7 @@ int s_client_main(int argc, char **argv)\n }\n if (ReqCAfile !\u003d NULL) {\n STACK_OF(X509_NAME) *nm \u003d sk_X509_NAME_new_null();\n+\n if (nm \u003d\u003d NULL || !SSL_add_file_cert_subjects_to_stack(nm, ReqCAfile)) {\n sk_X509_NAME_pop_free(nm, X509_NAME_free);\n BIO_printf(bio_err, \u0022Error loading CA names\u005cn\u0022);\n@@ -2820,9 +2821,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)\n X509 *peer \u003d NULL;\n char buf[BUFSIZ];\n STACK_OF(X509) *sk;\n- STACK_OF(X509_NAME) *sk2;\n const SSL_CIPHER *c;\n- X509_NAME *xn;\n int i;\n #ifndef OPENSSL_NO_COMP\n const COMP_METHOD *comp, *expansion;\n@@ -2864,21 +2863,10 @@ static void print_stuff(BIO *bio, SSL *s, int full)\n BIO_printf(bio, \u0022subject\u003d%s\u005cn\u0022, buf);\n X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);\n BIO_printf(bio, \u0022issuer\u003d%s\u005cn\u0022, buf);\n- } else\n- BIO_printf(bio, \u0022no peer certificate available\u005cn\u0022);\n-\n- sk2 \u003d SSL_get_client_CA_list(s);\n- if ((sk2 !\u003d NULL) \u0026\u0026 (sk_X509_NAME_num(sk2) \u003e 0)) {\n- BIO_printf(bio, \u0022---\u005cnAcceptable client certificate CA names\u005cn\u0022);\n- for (i \u003d 0; i \u003c sk_X509_NAME_num(sk2); i++) {\n- xn \u003d sk_X509_NAME_value(sk2, i);\n- X509_NAME_oneline(xn, buf, sizeof(buf));\n- BIO_write(bio, buf, strlen(buf));\n- BIO_write(bio, \u0022\u005cn\u0022, 1);\n- }\n } else {\n- BIO_printf(bio, \u0022---\u005cnNo client certificate CA names sent\u005cn\u0022);\n+ BIO_printf(bio, \u0022no peer certificate available\u005cn\u0022);\n }\n+ print_ca_names(bio, s);\n \n ssl_print_sigalgs(bio, s);\n ssl_print_tmp_key(bio, s);\ndiff --git a/apps/s_server.c b/apps/s_server.c\nindex 5858278..4bd2620 100644\n--- a/apps/s_server.c\n+++ b/apps/s_server.c\n@@ -2704,6 +2704,7 @@ static void print_connection_info(SSL *con)\n ssl_print_point_formats(bio_s_out, con);\n ssl_print_groups(bio_s_out, con, 0);\n #endif\n+ print_ca_names(bio_s_out, con);\n BIO_printf(bio_s_out, \u0022CIPHER is %s\u005cn\u0022, (str !\u003d NULL) ? str : \u0022(NONE)\u0022);\n \n #if !defined(OPENSSL_NO_NEXTPROTONEG)\n@@ -2990,6 +2991,7 @@ static int www_body(int s, int stype, unsigned char *context)\n #ifndef OPENSSL_NO_EC\n ssl_print_groups(io, con, 0);\n #endif\n+ print_ca_names(io, con);\n BIO_printf(io, (SSL_session_reused(con)\n ? \u0022---\u005cnReused, \u0022 : \u0022---\u005cnNew, \u0022));\n c \u003d SSL_get_current_cipher(con);\n","s":{"c":1752061156,"u": 32465}} ],"g": 33691,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}