diff options
| author | Garrett D'Amore <garrett@damore.org> | 2025-10-05 07:19:24 -0700 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2025-10-05 08:28:01 -0700 |
| commit | 883e0289cdab5a81312b0593b098f70114b61f88 (patch) | |
| tree | d9192e11a52d48ffa3935b90e5072d9f0dcfb89c /src/supplemental/tls | |
| parent | 05d06eff66ad0fffa1e26cde1278144196ac37f3 (diff) | |
| download | nng-883e0289cdab5a81312b0593b098f70114b61f88.tar.gz nng-883e0289cdab5a81312b0593b098f70114b61f88.tar.bz2 nng-883e0289cdab5a81312b0593b098f70114b61f88.zip | |
fixes #2158 Implement support for NNG_OPT_TLS_PEER_CN for WolfSSL
This also provides an implementation for getting ALT names, although
nothing uses that yet. We plan to provide a new certificate API to
replace these with a nicer API, as obtaining the full list of certs
may be unreasonable.
Diffstat (limited to 'src/supplemental/tls')
| -rw-r--r-- | src/supplemental/tls/wolfssl/wolfssl.c | 69 |
1 files changed, 61 insertions, 8 deletions
diff --git a/src/supplemental/tls/wolfssl/wolfssl.c b/src/supplemental/tls/wolfssl/wolfssl.c index f7f3732e..a009ed38 100644 --- a/src/supplemental/tls/wolfssl/wolfssl.c +++ b/src/supplemental/tls/wolfssl/wolfssl.c @@ -281,6 +281,57 @@ wolf_conn_verified(nng_tls_engine_conn *ec) } } +static char * +wolf_conn_peer_cn(nng_tls_engine_conn *ec) +{ +#ifdef NNG_WOLFSSL_HAVE_PEER_CERT + WOLFSSL_X509 *cert; + char *cn; + + if ((cert = wolfSSL_get_peer_certificate(ec->ssl)) == NULL) { + return (NULL); + } + cn = wolfSSL_X509_get_subjectCN(cert); + if (cn != NULL) { + cn = nng_strdup(cn); + } + return (cn); +#else + return (NULL); +#endif +} + +static char ** +wolf_conn_peer_alt_names(nng_tls_engine_conn *ec) +{ +#ifdef NNG_WOLFSSL_HAVE_PEER_CERT + WOLFSSL_X509 *cert; + int num = 0; + char **names; + + if ((cert = wolfSSL_get_peer_certificate(ec->ssl)) == NULL) { + return (NULL); + } + while (wolfSSL_X509_get_next_altname(cert) != NULL) { + num++; + } + if ((names = nni_zalloc(sizeof(char *) * num)) == NULL) { + return (NULL); + } + if ((cert = wolfSSL_get_peer_certificate(ec->ssl)) == NULL) { + nni_free(names, sizeof(char *) * num); + return (NULL); + } + for (int i = 0; i < num; i++) { + names[i] = wolfSSL_X509_get_next_altname(cert); + NNI_ASSERT(names[i] != NULL); + } + return (names); +#else + return (NULL); +#endif +} + static void wolf_config_fini(nng_tls_engine_config *cfg) { @@ -690,14 +741,16 @@ static nng_tls_engine_config_ops wolf_config_ops = { }; static nng_tls_engine_conn_ops wolf_conn_ops = { - .size = sizeof(nng_tls_engine_conn), - .init = wolf_conn_init, - .fini = wolf_conn_fini, - .close = wolf_conn_close, - .recv = wolf_conn_recv, - .send = wolf_conn_send, - .handshake = wolf_conn_handshake, - .verified = wolf_conn_verified, + .size = sizeof(nng_tls_engine_conn), + .init = wolf_conn_init, + .fini = wolf_conn_fini, + .close = wolf_conn_close, + .recv = wolf_conn_recv, + .send = wolf_conn_send, + .handshake = wolf_conn_handshake, + .verified = wolf_conn_verified, + .peer_cn = wolf_conn_peer_cn, + .peer_alt_names = wolf_conn_peer_alt_names, }; nng_tls_engine nng_tls_engine_ops = { |