summaryrefslogtreecommitdiff
path: root/app/openvpn/src/openvpn/ssl_verify_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'app/openvpn/src/openvpn/ssl_verify_openssl.c')
-rw-r--r--app/openvpn/src/openvpn/ssl_verify_openssl.c24
1 files changed, 16 insertions, 8 deletions
diff --git a/app/openvpn/src/openvpn/ssl_verify_openssl.c b/app/openvpn/src/openvpn/ssl_verify_openssl.c
index 658f5f33..2482eaa4 100644
--- a/app/openvpn/src/openvpn/ssl_verify_openssl.c
+++ b/app/openvpn/src/openvpn/ssl_verify_openssl.c
@@ -37,9 +37,13 @@
#if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_OPENSSL)
+#include "ssl_verify_openssl.h"
+
+#include "error.h"
+#include "ssl_openssl.h"
#include "ssl_verify.h"
#include "ssl_verify_backend.h"
-#include "ssl_openssl.h"
+
#include <openssl/x509v3.h>
#include <openssl/err.h>
@@ -202,7 +206,7 @@ extract_x509_field_ssl (X509_NAME *x509, const char *field_name, char *out,
}
result_t
-x509_get_username (char *common_name, int cn_len,
+backend_x509_get_username (char *common_name, int cn_len,
char * x509_username_field, X509 *peer_cert)
{
#ifdef ENABLE_X509ALTUSERNAME
@@ -220,7 +224,7 @@ x509_get_username (char *common_name, int cn_len,
}
char *
-x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
+backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
{
ASN1_INTEGER *asn1_i;
BIGNUM *bignum;
@@ -238,10 +242,18 @@ x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
return serial;
}
+char *
+backend_x509_get_serial_hex (openvpn_x509_cert_t *cert, struct gc_arena *gc)
+{
+ const ASN1_INTEGER *asn1_i = X509_get_serialNumber(cert);
+
+ return format_hex_ex(asn1_i->data, asn1_i->length, 0, 1, ":", gc);
+}
+
unsigned char *
x509_get_sha1_hash (X509 *cert, struct gc_arena *gc)
{
- char *hash = gc_malloc(SHA_DIGEST_LENGTH, false, gc);
+ unsigned char *hash = gc_malloc(SHA_DIGEST_LENGTH, false, gc);
memcpy(hash, cert->sha1_hash, SHA_DIGEST_LENGTH);
return hash;
}
@@ -459,8 +471,6 @@ x509_verify_ns_cert_type(const openvpn_x509_cert_t *peer_cert, const int usage)
return FAILURE;
}
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-
result_t
x509_verify_cert_ku (X509 *x509, const unsigned * const expected_ku,
int expected_len)
@@ -566,8 +576,6 @@ x509_write_pem(FILE *peercert_file, X509 *peercert)
return SUCCESS;
}
-#endif /* OPENSSL_VERSION_NUMBER */
-
/*
* check peer cert against CRL
*/
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 12:12:55 +0000