[rs-commit] r63 - in /redwax-tool/trunk: redwax-tool.c redwax-tool.h redwax_openssl.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Wed Nov 24 15:53:19 CET 2021
Author: minfrin at redwax.eu
Date: Wed Nov 24 15:53:18 2021
New Revision: 63
Log:
Rename --top to --current. Lay groundwork for option
to return current cert chain, and not just current cert.
Modified:
redwax-tool/trunk/redwax-tool.c
redwax-tool/trunk/redwax-tool.h
redwax-tool/trunk/redwax_openssl.c
Modified: redwax-tool/trunk/redwax-tool.c
==============================================================================
--- redwax-tool/trunk/redwax-tool.c (original)
+++ redwax-tool/trunk/redwax-tool.c Wed Nov 24 15:53:18 2021
@@ -119,7 +119,8 @@
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(rt, REDWAX, int, complete_format_out,
(redwax_tool_t * r, apr_hash_t *formats), (r, formats), DECLINED);
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(rt, REDWAX, apr_status_t, search_chain,
- (redwax_tool_t * r, const redwax_certificate_t *cert), (r, cert), DECLINED);
+ (redwax_tool_t * r, const redwax_certificate_t *cert,
+ const redwax_certificate_t **current), (r, cert, current), DECLINED);
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(rt, REDWAX, apr_status_t, search_key,
(redwax_tool_t * r, const redwax_certificate_t *cert), (r, cert), DECLINED);
APR_IMPLEMENT_EXTERNAL_HOOK_RUN_FIRST(rt, REDWAX, apr_status_t, compare_certificate,
@@ -143,7 +144,7 @@
#define REDWAX_TOOL_EMAIL 260
#define REDWAX_TOOL_HOSTNAME 261
#define REDWAX_TOOL_IP 262
-#define REDWAX_TOOL_TOP 263
+#define REDWAX_TOOL_CURRENT 263
#define REDWAX_TOOL_CERT_OUT 264
#define REDWAX_TOOL_NO_CERT_OUT 265
#define REDWAX_TOOL_CHAIN_OUT 266
@@ -207,7 +208,7 @@
{ "email", REDWAX_TOOL_EMAIL, 1, " --email=address\t\tSearch/verify by the given email address. Leaf\n\t\t\t\tcertificates matching the email address will\n\t\t\t\tbe included. Can be specified more than once." },
{ "hostname", REDWAX_TOOL_HOSTNAME, 1, " --hostname=domain\t\tSearch/verify by the given hostname. Leaf\n\t\t\t\tcertificates matching the hostname will be\n\t\t\t\tkept, taking into account wildcards where\n\t\t\t\tpresent." },
{ "ip", REDWAX_TOOL_IP, 1, " --ip=address\t\t\tSearch/verify by the given IP address. Leaf\n\t\t\t\tcertificates matching the IP address will be\n\t\t\t\tincluded. Can be specified more than once." },
- { "top", REDWAX_TOOL_TOP, 0, " --top\t\t\t\tMatch the top ranking leaf certificate, and\n\t\t\t\tignore all other leaf certificates. The top\n\t\t\t\tcertificate is valid, and has the longest time\n\t\t\t\tto expiry." },
+ { "current", REDWAX_TOOL_CURRENT, 0, " --current\t\t\t\tMatch the top ranking leaf certificate, and\n\t\t\t\tignore all other leaf certificates. The top\n\t\t\t\tcertificate is valid, and has the longest time\n\t\t\t\tto expiry." },
{ "cert-out", REDWAX_TOOL_CERT_OUT, 0,
" --cert-out\t\t\tInclude leaf certificates in certificate output." },
{ "no-cert-out", REDWAX_TOOL_NO_CERT_OUT, 0,
@@ -1719,9 +1720,9 @@
return APR_SUCCESS;
}
-static apr_status_t redwax_set_top(redwax_tool_t *r)
-{
- r->top = 1;
+static apr_status_t redwax_set_current(redwax_tool_t *r)
+{
+ r->current = 1;
return APR_SUCCESS;
}
@@ -2105,8 +2106,8 @@
redwax_set_ip(r, optarg);
break;
}
- case REDWAX_TOOL_TOP: {
- redwax_set_top(r);
+ case REDWAX_TOOL_CURRENT: {
+ redwax_set_current(r);
break;
}
case REDWAX_TOOL_VERIFY_PARAM: {
Modified: redwax-tool/trunk/redwax-tool.h
==============================================================================
--- redwax-tool/trunk/redwax-tool.h (original)
+++ redwax-tool/trunk/redwax-tool.h Wed Nov 24 15:53:18 2021
@@ -87,7 +87,7 @@
redwax_pkcs11_t pkcs11_out;
apr_time_t *now;
redwax_format_e format;
- int top;
+ int current;
int cert_out;
int chain_out;
int root_out;
@@ -507,7 +507,8 @@
* @param r The redwax-tool context.
*/
APR_DECLARE_EXTERNAL_HOOK(rt, REDWAX, apr_status_t, search_chain,
- (redwax_tool_t *r, const redwax_certificate_t *cert));
+ (redwax_tool_t *r, const redwax_certificate_t *cert,
+ const redwax_certificate_t **current));
/**
* Hook to search for the key corresponding to a certificate.
Modified: redwax-tool/trunk/redwax_openssl.c
==============================================================================
--- redwax-tool/trunk/redwax_openssl.c (original)
+++ redwax-tool/trunk/redwax_openssl.c Wed Nov 24 15:53:18 2021
@@ -1211,7 +1211,7 @@
tcert.der = cert->der;
tcert.len = cert->len;
- if (r->top && r->certs_out->nelts) {
+ if (r->current && r->certs_out->nelts) {
const redwax_certificate_t *ocert =
&APR_ARRAY_IDX(r->certs_out, 0,
@@ -1246,7 +1246,7 @@
memcpy(ncert, &tcert, sizeof(redwax_certificate_t));
- rt_run_search_chain(r, cert);
+ rt_run_search_chain(r, cert, NULL);
rt_run_search_key(r, cert);
}
@@ -1265,7 +1265,7 @@
ncert->der = cert->der;
ncert->len = cert->len;
- rt_run_search_chain(r, cert);
+ rt_run_search_chain(r, cert, NULL);
rt_run_search_key(r, cert);
}
@@ -1284,7 +1284,7 @@
ncert->der = cert->der;
ncert->len = cert->len;
- rt_run_search_chain(r, cert);
+ rt_run_search_chain(r, cert, NULL);
rt_run_search_key(r, cert);
}
@@ -1446,7 +1446,7 @@
tcert.der = cert->der;
tcert.len = cert->len;
- if (r->top && r->certs_out->nelts) {
+ if (r->current && r->certs_out->nelts) {
const redwax_certificate_t *ocert =
&APR_ARRAY_IDX(r->certs_out, 0,
@@ -2346,7 +2346,8 @@
}
static apr_status_t redwax_openssl_search_chain(redwax_tool_t *r,
- const redwax_certificate_t *cert)
+ const redwax_certificate_t *cert,
+ const redwax_certificate_t **current)
{
redwax_certificate_t *ncert;
int j;
@@ -2366,6 +2367,8 @@
BIO_printf(bio_err, "\n");
BIO_free(bio_err);
+// FIXME: use openssl flag for self signed
+
if (!X509_NAME_cmp(X509_get_issuer_name(x),
X509_get_subject_name(x))) {
@@ -2393,7 +2396,7 @@
if (X509_NAME_cmp(X509_get_issuer_name(x),
X509_get_subject_name(x))) {
- rt_run_search_chain(r, chain);
+ rt_run_search_chain(r, chain, NULL);
}
}
@@ -2418,11 +2421,13 @@
if (X509_NAME_cmp(X509_get_issuer_name(x),
X509_get_subject_name(x))) {
- rt_run_search_chain(r, chain);
+ rt_run_search_chain(r, chain, NULL);
}
}
}
+
+ // FIXME: consider root certs too
X509_free(x);
}
More information about the rs-commit
mailing list