libp2p/go-openssl
1
0
Fork 0
mirror of https://github.com/libp2p/go-openssl.git synced 2025-01-30 05:20:08 +08:00
Code Issues Projects Releases Wiki Activity

space monkey internal commit export

Browse Source 
[katamari commit: eb9538894a23e6b6381ec2e33e825466989451dd]
This commit is contained in:
JT Olds 2014-02-28 13:23:52 -07:00
parent 754bf832c4
commit 11c5494405
2 changed files with 38 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
conn.go
View File

@ -6,6 +6,11 @@ package openssl
// #include <openssl/ssl.h> // #include <openssl/ssl.h>
// #include <openssl/conf.h> // #include <openssl/conf.h>
// #include <openssl/err.h> // #include <openssl/err.h>
//
// int sk_X509_num_not_a_macro(STACK_OF(X509) *sk) { return sk_X509_num(sk); }
// X509 *sk_X509_value_not_a_macro(STACK_OF(X509)* sk, int i) {
// return sk_X509_value(sk, i);
// }
import "C" import "C"
import ( import (
@ -230,11 +235,11 @@ func (c *Conn) Handshake() error {
// communicating. Only valid after a handshake. // communicating. Only valid after a handshake.
func (c *Conn) PeerCertificate() (*Certificate, error) { func (c *Conn) PeerCertificate() (*Certificate, error) {
c.mtx.Lock() c.mtx.Lock()
defer c.mtx.Unlock()
if c.is_shutdown { if c.is_shutdown {
return nil, errors.New("connection closed") return nil, errors.New("connection closed")
} }
x := C.SSL_get_peer_certificate(c.ssl) x := C.SSL_get_peer_certificate(c.ssl)
c.mtx.Unlock()
if x == nil { if x == nil {
return nil, errors.New("no peer certificate found") return nil, errors.New("no peer certificate found")
} }
@ -245,13 +250,41 @@ func (c *Conn) PeerCertificate() (*Certificate, error) {
return cert, nil return cert, nil
} }
// PeerCertificateChain returns the certificate chain of the peer. If called on
// the client side, the stack also contains the peer's certificate; if called
// on the server side, the peer's certificate must be obtained separately using
// PeerCertificate.
func (c *Conn) PeerCertificateChain() (rv []*Certificate, err error) {
c.mtx.Lock()
defer c.mtx.Unlock()
if c.is_shutdown {
return nil, errors.New("connection closed")
}
sk := C.SSL_get_peer_cert_chain(c.ssl)
if sk == nil {
return nil, errors.New("no peer certificates found")
}
sk_num := int(C.sk_X509_num_not_a_macro(sk))
rv = make([]*Certificate, 0, sk_num)
for i := 0; i < sk_num; i++ {
x := C.sk_X509_value_not_a_macro(sk, C.int(i))
// ref holds on to the underlying connection memory so we don't need to
// worry about incrementing refcounts manually or freeing the X509
rv = append(rv, &Certificate{x: x, ref: c})
}
return rv, nil
}
type ConnectionState struct { type ConnectionState struct {
Certificate *Certificate Certificate *Certificate
CertificateError error CertificateError error
CertificateChain []*Certificate
CertificateChainError error
} }
func (c *Conn) ConnectionState() (rv ConnectionState) { func (c *Conn) ConnectionState() (rv ConnectionState) {
rv.Certificate, rv.CertificateError = c.PeerCertificate() rv.Certificate, rv.CertificateError = c.PeerCertificate()
rv.CertificateChain, rv.CertificateChainError = c.PeerCertificateChain()
return return
} }

3
pem.go
View File

@ -155,7 +155,8 @@ func LoadPrivateKey(pem_block []byte) (PrivateKey, error) {
} }
type Certificate struct { type Certificate struct {
x *C.X509 x *C.X509
ref interface{}
} }
// LoadCertificate loads an X509 certificate from a PEM-encoded block. // LoadCertificate loads an X509 certificate from a PEM-encoded block.