mirror of
https://github.com/libp2p/go-openssl.git
synced 2024-12-25 23:30:06 +08:00
- add custom extension support
- add support to retrive custom extension value - add support to add custom protocol for protocol negotiation Signed-off-by: Tiger <rbalajis25@gmail.com>
This commit is contained in:
parent
5f2730c458
commit
09d72588f7
22
cert.go
22
cert.go
@ -331,6 +331,14 @@ func (c *Certificate) AddExtension(nid NID, value string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// AddCustomExtension add custom extenstion to the certificate.
|
||||
func (c *Certificate) AddCustomExtension(nid NID, value []byte) error {
|
||||
if int(C.add_custom_ext(c.x, C.int(nid), (*C.char)(C.CBytes(value)), C.int(len(value)))) == 0 {
|
||||
return errors.New("Unable to add extension")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Wraps AddExtension using a map of NID to text extension.
|
||||
// Will return without finishing if it encounters an error.
|
||||
func (c *Certificate) AddExtensions(extensions map[NID]string) error {
|
||||
@ -413,3 +421,17 @@ func (c *Certificate) SetVersion(version X509_Version) error {
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetExtensionValue returns the value of the given NID's extension.
|
||||
func (c *Certificate) GetExtensionValue(nid NID) []byte {
|
||||
dataLength := C.int(0)
|
||||
val := C.get_extention(c.x, C.int(nid), &dataLength)
|
||||
return charToBytes(val, int(dataLength))
|
||||
}
|
||||
|
||||
// charToBytes converts c unisgned char to golang bytes
|
||||
func charToBytes(src *C.uchar, sz int) []byte {
|
||||
dest := make([]byte, sz)
|
||||
copy(dest, (*(*[1024]byte)(unsafe.Pointer(src)))[:sz:sz])
|
||||
return dest
|
||||
}
|
||||
|
23
ctx.go
23
ctx.go
@ -522,6 +522,29 @@ func (c *Ctx) SetCipherList(list string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// SetNextProtos sets Negotiation protocol to the ctx.
|
||||
func (c *Ctx) SetNextProtos(protos []string) error {
|
||||
if len(protos) == 0 {
|
||||
return nil
|
||||
}
|
||||
vector := make([]byte, 0)
|
||||
for _, proto := range protos {
|
||||
if len(proto) > 255 {
|
||||
return fmt.Errorf(
|
||||
"Proto length can't be more than 255. But got a proto %s with length %d",
|
||||
proto, len(proto))
|
||||
}
|
||||
vector = append(vector, byte(uint8(len(proto))))
|
||||
vector = append(vector, []byte(proto)...)
|
||||
}
|
||||
ret := int(C.SSL_CTX_set_alpn_protos(c.ctx, (*C.uchar)(unsafe.Pointer(&vector[0])),
|
||||
C.uint(len(vector))))
|
||||
if ret != 0 {
|
||||
return errors.New("Error while setting protos to ctx")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
type SessionCacheModes int
|
||||
|
||||
const (
|
||||
|
40
exntension.c
Normal file
40
exntension.c
Normal file
@ -0,0 +1,40 @@
|
||||
|
||||
|
||||
#include <openssl/x509v3.h>
|
||||
#include <string.h>
|
||||
|
||||
const unsigned char * get_extention(X509 *x, int NID, int *data_len){
|
||||
int loc;
|
||||
ASN1_OCTET_STRING *octet_str;
|
||||
long xlen;
|
||||
int tag, xclass;
|
||||
|
||||
loc = X509_get_ext_by_NID( x, NID, -1);
|
||||
X509_EXTENSION *ex = X509_get_ext(x, loc);
|
||||
octet_str = X509_EXTENSION_get_data(ex);
|
||||
*data_len = octet_str->length;
|
||||
return octet_str->data;
|
||||
}
|
||||
|
||||
// Copied from https://github.com/libtor/openssl/blob/master/demos/x509/mkcert.c#L153
|
||||
int add_custom_ext(X509 *cert, int nid,unsigned char *value, int len)
|
||||
{
|
||||
X509_EXTENSION *ex;
|
||||
ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new();
|
||||
ASN1_OCTET_STRING_set(os,value,len);
|
||||
X509V3_CTX ctx;
|
||||
/* This sets the 'context' of the extensions. */
|
||||
/* No configuration database */
|
||||
X509V3_set_ctx_nodb(&ctx);
|
||||
/* Issuer and subject certs: both the target since it is self signed,
|
||||
* no request and no CRL
|
||||
*/
|
||||
X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
|
||||
// ref http://openssl.6102.n7.nabble.com/Adding-a-custom-extension-to-a-CSR-td47446.html
|
||||
ex = X509_EXTENSION_create_by_NID( NULL, nid, 0, os);
|
||||
if (!X509_add_ext(cert,ex,-1))
|
||||
return 0;
|
||||
|
||||
X509_EXTENSION_free(ex);
|
||||
return 1;
|
||||
}
|
40
extension.c
Normal file
40
extension.c
Normal file
@ -0,0 +1,40 @@
|
||||
|
||||
|
||||
#include <openssl/x509v3.h>
|
||||
#include <string.h>
|
||||
|
||||
const unsigned char * get_extention(X509 *x, int NID, int *data_len){
|
||||
int loc;
|
||||
ASN1_OCTET_STRING *octet_str;
|
||||
long xlen;
|
||||
int tag, xclass;
|
||||
|
||||
loc = X509_get_ext_by_NID( x, NID, -1);
|
||||
X509_EXTENSION *ex = X509_get_ext(x, loc);
|
||||
octet_str = X509_EXTENSION_get_data(ex);
|
||||
*data_len = octet_str->length;
|
||||
return octet_str->data;
|
||||
}
|
||||
|
||||
// Copied from https://github.com/libtor/openssl/blob/master/demos/x509/mkcert.c#L153
|
||||
int add_custom_ext(X509 *cert, int nid,unsigned char *value, int len)
|
||||
{
|
||||
X509_EXTENSION *ex;
|
||||
ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new();
|
||||
ASN1_OCTET_STRING_set(os,value,len);
|
||||
X509V3_CTX ctx;
|
||||
/* This sets the 'context' of the extensions. */
|
||||
/* No configuration database */
|
||||
X509V3_set_ctx_nodb(&ctx);
|
||||
/* Issuer and subject certs: both the target since it is self signed,
|
||||
* no request and no CRL
|
||||
*/
|
||||
X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
|
||||
// ref http://openssl.6102.n7.nabble.com/Adding-a-custom-extension-to-a-CSR-td47446.html
|
||||
ex = X509_EXTENSION_create_by_NID( NULL, nid, 0, os);
|
||||
if (!X509_add_ext(cert,ex,-1))
|
||||
return 0;
|
||||
|
||||
X509_EXTENSION_free(ex);
|
||||
return 1;
|
||||
}
|
@ -19,6 +19,6 @@ import "C"
|
||||
|
||||
// CreateObjectIdentifier creates ObjectIdentifier and returns NID for the created
|
||||
// ObjectIdentifier
|
||||
func CreateObjectIdentifier(oid string, shortName string, longName string) int {
|
||||
return int(C.OBJ_create(C.CString(oid), C.CString(shortName), C.CString(longName)))
|
||||
func CreateObjectIdentifier(oid string, shortName string, longName string) NID {
|
||||
return NID(C.OBJ_create(C.CString(oid), C.CString(shortName), C.CString(longName)))
|
||||
}
|
||||
|
8
shim.h
8
shim.h
@ -90,6 +90,8 @@ extern int X_SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX *sslctx,
|
||||
extern int X_SSL_CTX_ticket_key_cb(SSL *s, unsigned char key_name[16],
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH],
|
||||
EVP_CIPHER_CTX *cctx, HMAC_CTX *hctx, int enc);
|
||||
extern int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
|
||||
unsigned int protos_len);
|
||||
|
||||
/* BIO methods */
|
||||
extern int X_BIO_get_flags(BIO *b);
|
||||
@ -173,4 +175,8 @@ extern int X_X509_set_version(X509 *x, long version);
|
||||
extern int X_PEM_write_bio_PrivateKey_traditional(BIO *bio, EVP_PKEY *key, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
|
||||
|
||||
/* Object methods */
|
||||
extern int OBJ_create(const char *oid,const char *sn,const char *ln);
|
||||
extern int OBJ_create(const char *oid,const char *sn,const char *ln);
|
||||
|
||||
/* Extension helper method */
|
||||
extern const unsigned char * get_extention(X509 *x, int NID, int *data_len);
|
||||
extern int add_custom_ext(X509 *cert, int nid, char *value, int len);
|
Loading…
Reference in New Issue
Block a user