PROTON-861: expose the subject from peer certificate
Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/894a463b Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/894a463b Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/894a463b Branch: refs/heads/cjansen-cpp-client Commit: 894a463bf720ce15148059b6bb79f040f8ce8af2 Parents: 1e4042a Author: Gordon Sim <[email protected]> Authored: Thu May 14 14:54:23 2015 +0100 Committer: Gordon Sim <[email protected]> Committed: Fri May 15 17:28:44 2015 +0100 ---------------------------------------------------------------------- proton-c/bindings/python/proton/__init__.py | 7 ++++++- proton-c/include/proton/ssl.h | 8 ++++++++ proton-c/src/ssl/openssl.c | 25 ++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/894a463b/proton-c/bindings/python/proton/__init__.py ---------------------------------------------------------------------- diff --git a/proton-c/bindings/python/proton/__init__.py b/proton-c/bindings/python/proton/__init__.py index bc639e3..a4e01f8 100644 --- a/proton-c/bindings/python/proton/__init__.py +++ b/proton-c/bindings/python/proton/__init__.py @@ -3459,7 +3459,8 @@ class SSL(object): obj._ssl = pn_ssl( transport._impl ) if obj._ssl is None: raise SSLUnavailable() - pn_ssl_init( obj._ssl, domain._domain, session_id ) + if domain: + pn_ssl_init( obj._ssl, domain._domain, session_id ) transport._ssl = obj return transport._ssl @@ -3475,6 +3476,10 @@ class SSL(object): return name return None + @property + def remote_subject(self): + return pn_ssl_get_remote_subject( self._ssl ) + RESUME_UNKNOWN = PN_SSL_RESUME_UNKNOWN RESUME_NEW = PN_SSL_RESUME_NEW RESUME_REUSED = PN_SSL_RESUME_REUSED http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/894a463b/proton-c/include/proton/ssl.h ---------------------------------------------------------------------- diff --git a/proton-c/include/proton/ssl.h b/proton-c/include/proton/ssl.h index 0ac4aef..87e7025 100644 --- a/proton-c/include/proton/ssl.h +++ b/proton-c/include/proton/ssl.h @@ -318,6 +318,14 @@ PN_EXTERN int pn_ssl_set_peer_hostname( pn_ssl_t *ssl, const char *hostname); */ PN_EXTERN int pn_ssl_get_peer_hostname( pn_ssl_t *ssl, char *hostname, size_t *bufsize ); +/** Get the subject from the peers certificate. + * + * @param[in] ssl the ssl client/server to query. + * @return A null terminated string representing the full subject, + * which is valid until the ssl object is destroyed. + */ +PN_EXTERN const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl); + /** @} */ #ifdef __cplusplus http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/894a463b/proton-c/src/ssl/openssl.c ---------------------------------------------------------------------- diff --git a/proton-c/src/ssl/openssl.c b/proton-c/src/ssl/openssl.c index 2bbdda0..02a16fc 100644 --- a/proton-c/src/ssl/openssl.c +++ b/proton-c/src/ssl/openssl.c @@ -111,6 +111,8 @@ struct pni_ssl_t { bool ssl_closed; // shutdown complete, or SSL error bool read_blocked; // SSL blocked until more network data is read bool write_blocked; // SSL blocked until data is written to network + + char *subject; }; static inline pn_transport_t *get_transport_internal(pn_ssl_t *ssl) @@ -780,6 +782,7 @@ void pn_ssl_free(pn_transport_t *transport) if (ssl->peer_hostname) free((void *)ssl->peer_hostname); if (ssl->inbuf) free((void *)ssl->inbuf); if (ssl->outbuf) free((void *)ssl->outbuf); + if (ssl->subject) free(ssl->subject); free(ssl); } @@ -1179,6 +1182,7 @@ static int init_ssl_socket(pn_transport_t* transport, pni_ssl_t *ssl) BIO_set_ssl_mode(ssl->bio_ssl, 1); // client mode ssl_log( transport, "Client SSL socket created." ); } + ssl->subject = NULL; return 0; } @@ -1249,6 +1253,27 @@ int pn_ssl_get_peer_hostname(pn_ssl_t *ssl0, char *hostname, size_t *bufsize) return 0; } +const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl0) +{ + pni_ssl_t *ssl = get_ssl_internal(ssl0); + if (!ssl || !ssl->ssl) return NULL; + if (!ssl->subject) { + X509 *cert = SSL_get_peer_certificate(ssl->ssl); + if (!cert) return NULL; + X509_NAME *subject = X509_get_subject_name(cert); + if (!subject) return NULL; + + BIO *out = BIO_new(BIO_s_mem()); + X509_NAME_print_ex(out, subject, 0, XN_FLAG_RFC2253); + int len = BIO_number_written(out); + ssl->subject = (char*) malloc(len+1); + ssl->subject[len] = 0; + BIO_read(out, ssl->subject, len); + BIO_free(out); + } + return ssl->subject; +} + static ssize_t process_input_done(pn_transport_t *transport, unsigned int layer, const char *input_data, size_t len) { return PN_EOS; --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
