Code to get nicknames from peer certs

svn:r627
author: Nick Mathewson <nickm@torproject.org> 2003-10-19 00:46:51 +0000
committer: Nick Mathewson <nickm@torproject.org> 2003-10-19 00:46:51 +0000
commit: 0ec2a34a1d4ebbe8d3a3f7cc47402471f26d63d4 (patch)
tree: 56777f6cd097fbb7172f88d7b8b8ef8977d8aa00
parent: ec96419109aa0a53d3f2fe2fe9f41bb590115109 (diff)
download: tor-0ec2a34a1d4ebbe8d3a3f7cc47402471f26d63d4.tar.gz
tor-0ec2a34a1d4ebbe8d3a3f7cc47402471f26d63d4.zip
2 files changed, 34 insertions, 3 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 75a7f7704a..6b32c46d5b 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -12,6 +12,9 @@
 #include "./util.h"
 #include "./log.h"
 
+/* Copied from or.h */
+#define LEGAL_NICKNAME_CHARACTERS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+
 #include <assert.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
@@ -132,7 +135,6 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
   EVP_PKEY *pkey = NULL;
   X509 *x509 = NULL;
   X509_NAME *name = NULL;
-  BIO *out = NULL;
   int nid;
   int err;
   
@@ -178,8 +180,6 @@ tor_tls_create_certificate(crypto_pk_env_t *rsa,
  error:
   err = 1;
  done:
-  if (out)
-    BIO_free(out);
   if (x509 && err)
     X509_free(x509);
   if (pkey)
@@ -461,6 +461,36 @@ tor_tls_peer_has_cert(tor_tls *tls)
   return 1;
 }
 
+int
+tor_tls_get_peer_cert_nickname(tor_tls *tls, char *buf, int buflen)
+{
+  X509 *cert = NULL;
+  X509_NAME *name = NULL;
+  int nid;
+  int lenout;
+  int i;
+  
+  if (!(cert = SSL_get_peer_certificate(tls->ssl))) {
+    log_fn(LOG_ERR, "Peer has no certificate");
+    return -1;
+  }
+  if (!(name = X509_get_subject_name(cert))) {
+    log_fn(LOG_ERR, "Peer certificate has no subject name");
+    return -1;
+  }
+  if ((nid = OBJ_txt2nid("commonName")) == NID_undef)
+    return -1;
+  
+  lenout = X509_NAME_get_text_by_NID(name, nid, buf, buflen);
+  if (lenout == -1)
+    return -1;
+  if (strspn(buf, LEGAL_NICKNAME_CHARACTERS) != lenout) {
+    log_fn(LOG_ERR, "Peer certificate nickname has illegal characters.");
+    return -1;
+  }
+  return 0;
+}
+
 /* If the provided tls connection is authenticated and has a
  * certificate that is currently valid and is correctly self-signed,
  * return its public key.  Otherwise return NULL.
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 3ab252d8b3..fdfa161920 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -21,6 +21,7 @@ int tor_tls_context_new(crypto_pk_env_t *rsa, int isServer, const char *nickname
 tor_tls *tor_tls_new(int sock, int isServer);
 void tor_tls_free(tor_tls *tls);
 int tor_tls_peer_has_cert(tor_tls *tls);
+int tor_tls_get_peer_cert_nickname(tor_tls *tls, char *buf, int buflen);
 crypto_pk_env_t *tor_tls_verify(tor_tls *tls);
 int tor_tls_read(tor_tls *tls, char *cp, int len);
 int tor_tls_write(tor_tls *tls, char *cp, int n);
author	Nick Mathewson <nickm@torproject.org>	2003-10-19 00:46:51 +0000
committer	Nick Mathewson <nickm@torproject.org>	2003-10-19 00:46:51 +0000
commit	0ec2a34a1d4ebbe8d3a3f7cc47402471f26d63d4 (patch)
tree	56777f6cd097fbb7172f88d7b8b8ef8977d8aa00
parent	ec96419109aa0a53d3f2fe2fe9f41bb590115109 (diff)
download	tor-0ec2a34a1d4ebbe8d3a3f7cc47402471f26d63d4.tar.gz tor-0ec2a34a1d4ebbe8d3a3f7cc47402471f26d63d4.zip