From 06d6d80f8c92ef1d3bd7c00c919e10a411183cb3 Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Sun, 5 Oct 2025 16:51:15 -0700 Subject: fixes #2173 New TLS cert API - replaces the properties for CN and ALTNAMES. This will replace the NNG_OPT_TLS_PEER_ALTNAMES and NNG_OPT_TLS_PEER_CN properties, and gives a bit more access to the certificate, as well as direct access to the raw DER form, which should allow use in other APIs. --- src/sp/transport/tls/tls_tran_test.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) (limited to 'src/sp/transport/tls/tls_tran_test.c') diff --git a/src/sp/transport/tls/tls_tran_test.c b/src/sp/transport/tls/tls_tran_test.c index 73c299c8..1b69c65f 100644 --- a/src/sp/transport/tls/tls_tran_test.c +++ b/src/sp/transport/tls/tls_tran_test.c @@ -227,11 +227,31 @@ test_tls_pipe_details(void) p = nng_msg_get_pipe(msg); NUTS_TRUE(nng_pipe_id(p) >= 0); #if !defined(NNG_TLS_ENGINE_WOLFSSL) || defined(NNG_WOLFSSL_HAVE_PEER_CERT) - char *cn; - NUTS_PASS(nng_pipe_get_string(p, NNG_OPT_TLS_PEER_CN, &cn)); - NUTS_ASSERT(cn != NULL); - NUTS_MATCH(cn, "127.0.0.1"); - nng_strfree(cn); + nng_tls_cert *cert; + char *name; + NUTS_PASS(nng_pipe_peer_cert(p, &cert)); + NUTS_PASS(nng_tls_cert_subject(cert, &name)); + NUTS_ASSERT(name != NULL); + nng_log_debug(NULL, "SUBJECT: %s", name); + NUTS_PASS(nng_tls_cert_issuer(cert, &name)); + NUTS_ASSERT(name != NULL); + nng_log_debug(NULL, "ISSUER: %s", name); + NUTS_PASS(nng_tls_cert_serial_number(cert, &name)); + NUTS_ASSERT(name != NULL); + nng_log_debug(NULL, "SERIAL: %s", name); + NUTS_PASS(nng_tls_cert_subject_cn(cert, &name)); + NUTS_MATCH(name, "127.0.0.1"); + NUTS_PASS(nng_tls_cert_next_alt(cert, &name)); + nng_log_debug(NULL, "FIRST ALT: %s", name); + NUTS_MATCH(name, "localhost"); + NUTS_FAIL(nng_tls_cert_next_alt(cert, &name), NNG_ENOENT); + struct tm when; + NUTS_PASS(nng_tls_cert_not_before(cert, &when)); + nng_log_debug(NULL, "BEGINS: %s", asctime(&when)); + NUTS_PASS(nng_tls_cert_not_after(cert, &when)); + nng_log_debug(NULL, "EXPIRES: %s", asctime(&when)); + + nng_tls_cert_free(cert); #endif nng_msg_free(msg); NUTS_CLOSE(s2); -- cgit v1.2.3-70-g09d2