You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ac...@apache.org on 2015/06/03 19:25:49 UTC

[26/50] [abbrv] qpid-proton git commit: PROTON-861: expose the subject from peer certificate

PROTON-861: expose the subject from peer certificate


Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/894a463b
Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/894a463b
Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/894a463b

Branch: refs/heads/cjansen-cpp-client
Commit: 894a463bf720ce15148059b6bb79f040f8ce8af2
Parents: 1e4042a
Author: Gordon Sim <gs...@redhat.com>
Authored: Thu May 14 14:54:23 2015 +0100
Committer: Gordon Sim <gs...@redhat.com>
Committed: Fri May 15 17:28:44 2015 +0100

----------------------------------------------------------------------
 proton-c/bindings/python/proton/__init__.py |  7 ++++++-
 proton-c/include/proton/ssl.h               |  8 ++++++++
 proton-c/src/ssl/openssl.c                  | 25 ++++++++++++++++++++++++
 3 files changed, 39 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/894a463b/proton-c/bindings/python/proton/__init__.py
----------------------------------------------------------------------
diff --git a/proton-c/bindings/python/proton/__init__.py b/proton-c/bindings/python/proton/__init__.py
index bc639e3..a4e01f8 100644
--- a/proton-c/bindings/python/proton/__init__.py
+++ b/proton-c/bindings/python/proton/__init__.py
@@ -3459,7 +3459,8 @@ class SSL(object):
       obj._ssl = pn_ssl( transport._impl )
       if obj._ssl is None:
         raise SSLUnavailable()
-      pn_ssl_init( obj._ssl, domain._domain, session_id )
+      if domain:
+        pn_ssl_init( obj._ssl, domain._domain, session_id )
       transport._ssl = obj
     return transport._ssl
 
@@ -3475,6 +3476,10 @@ class SSL(object):
       return name
     return None
 
+  @property
+  def remote_subject(self):
+    return pn_ssl_get_remote_subject( self._ssl )
+
   RESUME_UNKNOWN = PN_SSL_RESUME_UNKNOWN
   RESUME_NEW = PN_SSL_RESUME_NEW
   RESUME_REUSED = PN_SSL_RESUME_REUSED

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/894a463b/proton-c/include/proton/ssl.h
----------------------------------------------------------------------
diff --git a/proton-c/include/proton/ssl.h b/proton-c/include/proton/ssl.h
index 0ac4aef..87e7025 100644
--- a/proton-c/include/proton/ssl.h
+++ b/proton-c/include/proton/ssl.h
@@ -318,6 +318,14 @@ PN_EXTERN int pn_ssl_set_peer_hostname( pn_ssl_t *ssl, const char *hostname);
  */
 PN_EXTERN int pn_ssl_get_peer_hostname( pn_ssl_t *ssl, char *hostname, size_t *bufsize );
 
+/** Get the subject from the peers certificate.
+ *
+ * @param[in] ssl the ssl client/server to query.
+ * @return A null terminated string representing the full subject,
+ * which is valid until the ssl object is destroyed.
+ */
+PN_EXTERN const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl);
+
 /** @} */
 
 #ifdef __cplusplus

http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/894a463b/proton-c/src/ssl/openssl.c
----------------------------------------------------------------------
diff --git a/proton-c/src/ssl/openssl.c b/proton-c/src/ssl/openssl.c
index 2bbdda0..02a16fc 100644
--- a/proton-c/src/ssl/openssl.c
+++ b/proton-c/src/ssl/openssl.c
@@ -111,6 +111,8 @@ struct pni_ssl_t {
   bool ssl_closed;      // shutdown complete, or SSL error
   bool read_blocked;    // SSL blocked until more network data is read
   bool write_blocked;   // SSL blocked until data is written to network
+
+  char *subject;
 };
 
 static inline pn_transport_t *get_transport_internal(pn_ssl_t *ssl)
@@ -780,6 +782,7 @@ void pn_ssl_free(pn_transport_t *transport)
   if (ssl->peer_hostname) free((void *)ssl->peer_hostname);
   if (ssl->inbuf) free((void *)ssl->inbuf);
   if (ssl->outbuf) free((void *)ssl->outbuf);
+  if (ssl->subject) free(ssl->subject);
   free(ssl);
 }
 
@@ -1179,6 +1182,7 @@ static int init_ssl_socket(pn_transport_t* transport, pni_ssl_t *ssl)
     BIO_set_ssl_mode(ssl->bio_ssl, 1);  // client mode
     ssl_log( transport, "Client SSL socket created." );
   }
+  ssl->subject = NULL;
   return 0;
 }
 
@@ -1249,6 +1253,27 @@ int pn_ssl_get_peer_hostname(pn_ssl_t *ssl0, char *hostname, size_t *bufsize)
   return 0;
 }
 
+const char* pn_ssl_get_remote_subject(pn_ssl_t *ssl0)
+{
+  pni_ssl_t *ssl = get_ssl_internal(ssl0);
+  if (!ssl || !ssl->ssl) return NULL;
+  if (!ssl->subject) {
+    X509 *cert = SSL_get_peer_certificate(ssl->ssl);
+    if (!cert) return NULL;
+    X509_NAME *subject = X509_get_subject_name(cert);
+    if (!subject) return NULL;
+
+    BIO *out = BIO_new(BIO_s_mem());
+    X509_NAME_print_ex(out, subject, 0, XN_FLAG_RFC2253);
+    int len = BIO_number_written(out);
+    ssl->subject = (char*) malloc(len+1);
+    ssl->subject[len] = 0;
+    BIO_read(out, ssl->subject, len);
+    BIO_free(out);
+  }
+  return ssl->subject;
+}
+
 static ssize_t process_input_done(pn_transport_t *transport, unsigned int layer, const char *input_data, size_t len)
 {
   return PN_EOS;


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org