mirror of
https://git.jabber.space/devs/cproof.git
synced 2026-07-18 18:36:21 +00:00
Refactor tlscerts.
* use `gchar` instead of `char`. * improve situations when strings must be duplicated or can pass ownership. * encapsulate the X.509 name details into a struct. * prevent memory leaks if a name detail is contained multiple times. Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
This commit is contained in:
@@ -54,7 +54,7 @@ static void _save_tlscerts(void);
|
||||
|
||||
static Autocomplete certs_ac;
|
||||
|
||||
static char* current_fp;
|
||||
static gchar* current_fp;
|
||||
|
||||
static void
|
||||
_tlscerts_close(void)
|
||||
@@ -62,7 +62,7 @@ _tlscerts_close(void)
|
||||
free_keyfile(&tlscerts_prof_keyfile);
|
||||
tlscerts = NULL;
|
||||
|
||||
free(current_fp);
|
||||
g_free(current_fp);
|
||||
current_fp = NULL;
|
||||
|
||||
autocomplete_free(certs_ac);
|
||||
@@ -93,9 +93,9 @@ void
|
||||
tlscerts_set_current(const TLSCertificate* cert)
|
||||
{
|
||||
if (current_fp) {
|
||||
free(current_fp);
|
||||
g_free(current_fp);
|
||||
}
|
||||
current_fp = strdup(cert->fingerprint);
|
||||
current_fp = g_strdup(cert->fingerprint);
|
||||
}
|
||||
|
||||
gboolean
|
||||
@@ -108,7 +108,7 @@ void
|
||||
tlscerts_clear_current(void)
|
||||
{
|
||||
if (current_fp) {
|
||||
free(current_fp);
|
||||
g_free(current_fp);
|
||||
current_fp = NULL;
|
||||
}
|
||||
}
|
||||
@@ -119,6 +119,89 @@ tlscerts_exists(const TLSCertificate* cert)
|
||||
return g_key_file_has_group(tlscerts, cert->fingerprint);
|
||||
}
|
||||
|
||||
#define _name_to_tlscert_name(in, cert, which) \
|
||||
do { \
|
||||
_name_to_tlscert_name_(in, &cert->which, #which); \
|
||||
} while (0)
|
||||
static void
|
||||
_name_to_tlscert_name_(const char* in, tls_cert_name_t* out, const char* name);
|
||||
|
||||
static TLSCertificate*
|
||||
_tlscerts_new(gchar* fingerprint_sha1, int version, gchar* serialnumber, gchar* subjectname,
|
||||
gchar* issuername, gchar* notbefore, gchar* notafter,
|
||||
gchar* key_alg, gchar* signature_alg, gchar* pem,
|
||||
gchar* fingerprint_sha256, gchar* pubkey_fingerprint)
|
||||
{
|
||||
TLSCertificate* cert = calloc(1, sizeof(TLSCertificate));
|
||||
|
||||
if (fingerprint_sha256 && fingerprint_sha1) {
|
||||
cert->fingerprint_sha256 = fingerprint_sha256;
|
||||
cert->fingerprint_sha1 = fingerprint_sha1;
|
||||
cert->fingerprint = cert->fingerprint_sha256;
|
||||
} else {
|
||||
if (fingerprint_sha256) {
|
||||
size_t s = strlen(fingerprint_sha256);
|
||||
switch (s) {
|
||||
case 40:
|
||||
cert->fingerprint_sha1 = fingerprint_sha256;
|
||||
cert->fingerprint = cert->fingerprint_sha1;
|
||||
break;
|
||||
case 64:
|
||||
cert->fingerprint_sha256 = fingerprint_sha256;
|
||||
cert->fingerprint = cert->fingerprint_sha256;
|
||||
break;
|
||||
default:
|
||||
log_error("fingerprint_sha256 of length %d unexpected: %s", s, fingerprint_sha256);
|
||||
}
|
||||
} else {
|
||||
cert->fingerprint_sha1 = fingerprint_sha1;
|
||||
cert->fingerprint = cert->fingerprint_sha1;
|
||||
}
|
||||
}
|
||||
|
||||
cert->version = version;
|
||||
cert->serialnumber = serialnumber;
|
||||
cert->subjectname = subjectname;
|
||||
cert->issuername = issuername;
|
||||
cert->notbefore = notbefore;
|
||||
cert->notafter = notafter;
|
||||
cert->key_alg = key_alg;
|
||||
cert->signature_alg = signature_alg;
|
||||
cert->pem = pem;
|
||||
cert->pubkey_fingerprint = pubkey_fingerprint;
|
||||
|
||||
/* Do this check after assigning all values, in order to not leak them,
|
||||
* even though the situation is most likely already FUBAR */
|
||||
if (!fingerprint_sha256 && !fingerprint_sha1) {
|
||||
log_error("No TLSCertificate w/o fingerprint");
|
||||
tlscerts_free(cert);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
_name_to_tlscert_name(subjectname, cert, subject);
|
||||
_name_to_tlscert_name(issuername, cert, issuer);
|
||||
|
||||
return cert;
|
||||
}
|
||||
|
||||
static TLSCertificate*
|
||||
_get_TLSCertificate(const gchar* fingerprint)
|
||||
{
|
||||
int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL);
|
||||
gchar* serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL);
|
||||
gchar* subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL);
|
||||
gchar* issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL);
|
||||
gchar* notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL);
|
||||
gchar* notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL);
|
||||
gchar* keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL);
|
||||
gchar* signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL);
|
||||
gchar* fingerprint_sha1 = g_key_file_get_string(tlscerts, fingerprint, "fingerprint_sha1", NULL);
|
||||
gchar* pubkey_fingerprint = g_key_file_get_string(tlscerts, fingerprint, "pubkey_fingerprint", NULL);
|
||||
|
||||
return _tlscerts_new(fingerprint_sha1, version, serialnumber, subjectname, issuername, notbefore,
|
||||
notafter, keyalg, signaturealg, NULL, g_strdup(fingerprint), pubkey_fingerprint);
|
||||
}
|
||||
|
||||
GList*
|
||||
tlscerts_list(void)
|
||||
{
|
||||
@@ -126,136 +209,89 @@ tlscerts_list(void)
|
||||
gsize len = 0;
|
||||
auto_gcharv gchar** groups = g_key_file_get_groups(tlscerts, &len);
|
||||
|
||||
for (int i = 0; i < g_strv_length(groups); i++) {
|
||||
char* fingerprint = groups[i];
|
||||
int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL);
|
||||
auto_gchar gchar* serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL);
|
||||
auto_gchar gchar* subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL);
|
||||
auto_gchar gchar* issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL);
|
||||
auto_gchar gchar* notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL);
|
||||
auto_gchar gchar* notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL);
|
||||
auto_gchar gchar* keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL);
|
||||
auto_gchar gchar* signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL);
|
||||
|
||||
TLSCertificate* cert = tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
|
||||
notafter, keyalg, signaturealg, NULL, NULL, NULL);
|
||||
|
||||
res = g_list_append(res, cert);
|
||||
for (gsize i = 0; i < len; i++) {
|
||||
res = g_list_append(res, _get_TLSCertificate(groups[i]));
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
static void
|
||||
_name_to_tlscert_name_(const char* in, tls_cert_name_t* out, const char* name)
|
||||
{
|
||||
auto_gcharv gchar** fields = g_strsplit(in, "/", 0);
|
||||
const guint fields_num = g_strv_length(fields);
|
||||
for (guint i = 0; i < fields_num; i++) {
|
||||
auto_gcharv gchar** keyval = g_strsplit(fields[i], "=", 2);
|
||||
if (g_strv_length(keyval) == 2) {
|
||||
|
||||
#define tls_cert_name_set(which) \
|
||||
do { \
|
||||
if (out->which) { \
|
||||
log_warning("%s." #which " already set, skip %s", name, keyval[1]); \
|
||||
continue; \
|
||||
} \
|
||||
out->which = g_strdup(keyval[1]); \
|
||||
} while (0)
|
||||
|
||||
if ((g_strcmp0(keyval[0], "C") == 0) || (g_strcmp0(keyval[0], "countryName") == 0)) {
|
||||
tls_cert_name_set(country);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "ST") == 0) || (g_strcmp0(keyval[0], "stateOrProvinceName") == 0)) {
|
||||
tls_cert_name_set(state);
|
||||
}
|
||||
if (g_strcmp0(keyval[0], "dnQualifier") == 0) {
|
||||
tls_cert_name_set(distinguishedname);
|
||||
}
|
||||
if (g_strcmp0(keyval[0], "serialnumber") == 0) {
|
||||
tls_cert_name_set(serialnumber);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "CN") == 0) || (g_strcmp0(keyval[0], "commonName") == 0)) {
|
||||
tls_cert_name_set(commonname);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "O") == 0) || (g_strcmp0(keyval[0], "organizationName") == 0)) {
|
||||
tls_cert_name_set(organisation);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "OU") == 0) || (g_strcmp0(keyval[0], "organizationalUnitName") == 0)) {
|
||||
tls_cert_name_set(organisation_unit);
|
||||
}
|
||||
if (g_strcmp0(keyval[0], "emailAddress") == 0) {
|
||||
tls_cert_name_set(email);
|
||||
}
|
||||
#undef tls_cert_name_set
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static gchar*
|
||||
_checked_g_strdup(const char* in)
|
||||
{
|
||||
if (in == NULL)
|
||||
return NULL;
|
||||
return g_strdup(in);
|
||||
}
|
||||
|
||||
TLSCertificate*
|
||||
tlscerts_new(const char* fingerprint_sha1, int version, const char* serialnumber, const char* subjectname,
|
||||
const char* issuername, const char* notbefore, const char* notafter,
|
||||
const char* key_alg, const char* signature_alg, const char* pem,
|
||||
const char* fingerprint_sha256, const char* pubkey_fingerprint)
|
||||
{
|
||||
TLSCertificate* cert = calloc(1, sizeof(TLSCertificate));
|
||||
return _tlscerts_new(_checked_g_strdup(fingerprint_sha1), version, _checked_g_strdup(serialnumber), _checked_g_strdup(subjectname),
|
||||
_checked_g_strdup(issuername), _checked_g_strdup(notbefore), _checked_g_strdup(notafter),
|
||||
_checked_g_strdup(key_alg), _checked_g_strdup(signature_alg), _checked_g_strdup(pem),
|
||||
_checked_g_strdup(fingerprint_sha256), _checked_g_strdup(pubkey_fingerprint));
|
||||
}
|
||||
|
||||
if (fingerprint_sha256) {
|
||||
cert->fingerprint_sha256 = strdup(fingerprint_sha256);
|
||||
cert->fingerprint = cert->fingerprint_sha256;
|
||||
}
|
||||
if (fingerprint_sha1) {
|
||||
cert->fingerprint_sha1 = strdup(fingerprint_sha1);
|
||||
if (!cert->fingerprint) {
|
||||
cert->fingerprint = cert->fingerprint_sha1;
|
||||
}
|
||||
}
|
||||
cert->version = version;
|
||||
if (serialnumber) {
|
||||
cert->serialnumber = strdup(serialnumber);
|
||||
}
|
||||
if (subjectname) {
|
||||
cert->subjectname = strdup(subjectname);
|
||||
}
|
||||
if (issuername) {
|
||||
cert->issuername = strdup(issuername);
|
||||
}
|
||||
if (notbefore) {
|
||||
cert->notbefore = strdup(notbefore);
|
||||
}
|
||||
if (notafter) {
|
||||
cert->notafter = strdup(notafter);
|
||||
}
|
||||
if (key_alg) {
|
||||
cert->key_alg = strdup(key_alg);
|
||||
}
|
||||
if (signature_alg) {
|
||||
cert->signature_alg = strdup(signature_alg);
|
||||
}
|
||||
if (pem) {
|
||||
cert->pem = strdup(pem);
|
||||
}
|
||||
if (pubkey_fingerprint) {
|
||||
cert->pubkey_fingerprint = strdup(pubkey_fingerprint);
|
||||
}
|
||||
|
||||
auto_gcharv gchar** fields = g_strsplit(subjectname, "/", 0);
|
||||
for (int i = 0; i < g_strv_length(fields); i++) {
|
||||
auto_gcharv gchar** keyval = g_strsplit(fields[i], "=", 2);
|
||||
if (g_strv_length(keyval) == 2) {
|
||||
if ((g_strcmp0(keyval[0], "C") == 0) || (g_strcmp0(keyval[0], "countryName") == 0)) {
|
||||
cert->subject_country = strdup(keyval[1]);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "ST") == 0) || (g_strcmp0(keyval[0], "stateOrProvinceName") == 0)) {
|
||||
cert->subject_state = strdup(keyval[1]);
|
||||
}
|
||||
if (g_strcmp0(keyval[0], "dnQualifier") == 0) {
|
||||
cert->subject_distinguishedname = strdup(keyval[1]);
|
||||
}
|
||||
if (g_strcmp0(keyval[0], "serialnumber") == 0) {
|
||||
cert->subject_serialnumber = strdup(keyval[1]);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "CN") == 0) || (g_strcmp0(keyval[0], "commonName") == 0)) {
|
||||
cert->subject_commonname = strdup(keyval[1]);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "O") == 0) || (g_strcmp0(keyval[0], "organizationName") == 0)) {
|
||||
cert->subject_organisation = strdup(keyval[1]);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "OU") == 0) || (g_strcmp0(keyval[0], "organizationalUnitName") == 0)) {
|
||||
cert->subject_organisation_unit = strdup(keyval[1]);
|
||||
}
|
||||
if (g_strcmp0(keyval[0], "emailAddress") == 0) {
|
||||
cert->subject_email = strdup(keyval[1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
auto_gcharv gchar** fields2 = g_strsplit(issuername, "/", 0);
|
||||
for (int i = 0; i < g_strv_length(fields2); i++) {
|
||||
auto_gcharv gchar** keyval = g_strsplit(fields2[i], "=", 2);
|
||||
if (g_strv_length(keyval) == 2) {
|
||||
if ((g_strcmp0(keyval[0], "C") == 0) || (g_strcmp0(keyval[0], "countryName") == 0)) {
|
||||
cert->issuer_country = strdup(keyval[1]);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "ST") == 0) || (g_strcmp0(keyval[0], "stateOrProvinceName") == 0)) {
|
||||
cert->issuer_state = strdup(keyval[1]);
|
||||
}
|
||||
if (g_strcmp0(keyval[0], "dnQualifier") == 0) {
|
||||
cert->issuer_distinguishedname = strdup(keyval[1]);
|
||||
}
|
||||
if (g_strcmp0(keyval[0], "serialnumber") == 0) {
|
||||
cert->issuer_serialnumber = strdup(keyval[1]);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "CN") == 0) || (g_strcmp0(keyval[0], "commonName") == 0)) {
|
||||
cert->issuer_commonname = strdup(keyval[1]);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "O") == 0) || (g_strcmp0(keyval[0], "organizationName") == 0)) {
|
||||
cert->issuer_organisation = strdup(keyval[1]);
|
||||
}
|
||||
if ((g_strcmp0(keyval[0], "OU") == 0) || (g_strcmp0(keyval[0], "organizationalUnitName") == 0)) {
|
||||
cert->issuer_organisation_unit = strdup(keyval[1]);
|
||||
}
|
||||
if (g_strcmp0(keyval[0], "emailAddress") == 0) {
|
||||
cert->issuer_email = strdup(keyval[1]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return cert;
|
||||
static void
|
||||
_checked_g_key_file_set_string(GKeyFile* key_file,
|
||||
const gchar* group_name,
|
||||
const gchar* key,
|
||||
const gchar* string)
|
||||
{
|
||||
if (string == NULL)
|
||||
return;
|
||||
g_key_file_set_string(key_file, group_name, key, string);
|
||||
}
|
||||
|
||||
void
|
||||
@@ -272,27 +308,15 @@ tlscerts_add(const TLSCertificate* cert)
|
||||
autocomplete_add(certs_ac, cert->fingerprint);
|
||||
|
||||
g_key_file_set_integer(tlscerts, cert->fingerprint, "version", cert->version);
|
||||
if (cert->serialnumber) {
|
||||
g_key_file_set_string(tlscerts, cert->fingerprint, "serialnumber", cert->serialnumber);
|
||||
}
|
||||
if (cert->subjectname) {
|
||||
g_key_file_set_string(tlscerts, cert->fingerprint, "subjectname", cert->subjectname);
|
||||
}
|
||||
if (cert->issuername) {
|
||||
g_key_file_set_string(tlscerts, cert->fingerprint, "issuername", cert->issuername);
|
||||
}
|
||||
if (cert->notbefore) {
|
||||
g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore);
|
||||
}
|
||||
if (cert->notafter) {
|
||||
g_key_file_set_string(tlscerts, cert->fingerprint, "end", cert->notafter);
|
||||
}
|
||||
if (cert->key_alg) {
|
||||
g_key_file_set_string(tlscerts, cert->fingerprint, "keyalg", cert->key_alg);
|
||||
}
|
||||
if (cert->signature_alg) {
|
||||
g_key_file_set_string(tlscerts, cert->fingerprint, "signaturealg", cert->signature_alg);
|
||||
}
|
||||
_checked_g_key_file_set_string(tlscerts, cert->fingerprint, "serialnumber", cert->serialnumber);
|
||||
_checked_g_key_file_set_string(tlscerts, cert->fingerprint, "subjectname", cert->subjectname);
|
||||
_checked_g_key_file_set_string(tlscerts, cert->fingerprint, "issuername", cert->issuername);
|
||||
_checked_g_key_file_set_string(tlscerts, cert->fingerprint, "start", cert->notbefore);
|
||||
_checked_g_key_file_set_string(tlscerts, cert->fingerprint, "end", cert->notafter);
|
||||
_checked_g_key_file_set_string(tlscerts, cert->fingerprint, "keyalg", cert->key_alg);
|
||||
_checked_g_key_file_set_string(tlscerts, cert->fingerprint, "signaturealg", cert->signature_alg);
|
||||
_checked_g_key_file_set_string(tlscerts, cert->fingerprint, "fingerprint_sha1", cert->fingerprint_sha1);
|
||||
_checked_g_key_file_set_string(tlscerts, cert->fingerprint, "pubkey_fingerprint", cert->pubkey_fingerprint);
|
||||
|
||||
_save_tlscerts();
|
||||
}
|
||||
@@ -311,23 +335,20 @@ tlscerts_revoke(const char* fingerprint)
|
||||
}
|
||||
|
||||
TLSCertificate*
|
||||
tlscerts_get_trusted(const char* fingerprint)
|
||||
tlscerts_get_trusted(const gchar* fingerprint)
|
||||
{
|
||||
if (!g_key_file_has_group(tlscerts, fingerprint)) {
|
||||
gsize len = 0;
|
||||
auto_gcharv gchar** groups = g_key_file_get_groups(tlscerts, &len);
|
||||
for (gsize i = 0; i < len; i++) {
|
||||
auto_gchar gchar* fingerprint_sha1 = g_key_file_get_string(tlscerts, groups[i], "fingerprint_sha1", NULL);
|
||||
if (g_strcmp0(fingerprint, fingerprint_sha1) == 0) {
|
||||
return _get_TLSCertificate(fingerprint_sha1);
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int version = g_key_file_get_integer(tlscerts, fingerprint, "version", NULL);
|
||||
auto_gchar gchar* serialnumber = g_key_file_get_string(tlscerts, fingerprint, "serialnumber", NULL);
|
||||
auto_gchar gchar* subjectname = g_key_file_get_string(tlscerts, fingerprint, "subjectname", NULL);
|
||||
auto_gchar gchar* issuername = g_key_file_get_string(tlscerts, fingerprint, "issuername", NULL);
|
||||
auto_gchar gchar* notbefore = g_key_file_get_string(tlscerts, fingerprint, "start", NULL);
|
||||
auto_gchar gchar* notafter = g_key_file_get_string(tlscerts, fingerprint, "end", NULL);
|
||||
auto_gchar gchar* keyalg = g_key_file_get_string(tlscerts, fingerprint, "keyalg", NULL);
|
||||
auto_gchar gchar* signaturealg = g_key_file_get_string(tlscerts, fingerprint, "signaturealg", NULL);
|
||||
|
||||
return tlscerts_new(fingerprint, version, serialnumber, subjectname, issuername, notbefore,
|
||||
notafter, keyalg, signaturealg, NULL, NULL, NULL);
|
||||
return _get_TLSCertificate(fingerprint);
|
||||
}
|
||||
|
||||
char*
|
||||
@@ -342,39 +363,37 @@ tlscerts_reset_ac(void)
|
||||
autocomplete_reset(certs_ac);
|
||||
}
|
||||
|
||||
static void
|
||||
_tls_cert_name_free(tls_cert_name_t* name)
|
||||
{
|
||||
g_free(name->country);
|
||||
g_free(name->state);
|
||||
g_free(name->distinguishedname);
|
||||
g_free(name->serialnumber);
|
||||
g_free(name->commonname);
|
||||
g_free(name->organisation);
|
||||
g_free(name->organisation_unit);
|
||||
g_free(name->email);
|
||||
}
|
||||
|
||||
void
|
||||
tlscerts_free(TLSCertificate* cert)
|
||||
{
|
||||
if (cert) {
|
||||
free(cert->issuer_country);
|
||||
free(cert->issuer_state);
|
||||
free(cert->issuer_distinguishedname);
|
||||
free(cert->issuer_serialnumber);
|
||||
free(cert->issuer_commonname);
|
||||
free(cert->issuer_organisation);
|
||||
free(cert->issuer_organisation_unit);
|
||||
free(cert->issuer_email);
|
||||
_tls_cert_name_free(&cert->subject);
|
||||
_tls_cert_name_free(&cert->issuer);
|
||||
|
||||
free(cert->subject_country);
|
||||
free(cert->subject_state);
|
||||
free(cert->subject_distinguishedname);
|
||||
free(cert->subject_serialnumber);
|
||||
free(cert->subject_commonname);
|
||||
free(cert->subject_organisation);
|
||||
free(cert->subject_organisation_unit);
|
||||
free(cert->subject_email);
|
||||
|
||||
free(cert->pubkey_fingerprint);
|
||||
free(cert->pem);
|
||||
free(cert->signature_alg);
|
||||
free(cert->key_alg);
|
||||
free(cert->notafter);
|
||||
free(cert->notbefore);
|
||||
free(cert->issuername);
|
||||
free(cert->subjectname);
|
||||
free(cert->serialnumber);
|
||||
free(cert->fingerprint_sha1);
|
||||
free(cert->fingerprint_sha256);
|
||||
g_free(cert->pubkey_fingerprint);
|
||||
g_free(cert->pem);
|
||||
g_free(cert->signature_alg);
|
||||
g_free(cert->key_alg);
|
||||
g_free(cert->notafter);
|
||||
g_free(cert->notbefore);
|
||||
g_free(cert->issuername);
|
||||
g_free(cert->subjectname);
|
||||
g_free(cert->serialnumber);
|
||||
g_free(cert->fingerprint_sha1);
|
||||
g_free(cert->fingerprint_sha256);
|
||||
|
||||
free(cert);
|
||||
}
|
||||
|
||||
@@ -38,37 +38,35 @@
|
||||
|
||||
#include <glib.h>
|
||||
|
||||
typedef struct tls_cert_name_t
|
||||
{
|
||||
gchar* country;
|
||||
gchar* state;
|
||||
gchar* distinguishedname;
|
||||
gchar* serialnumber;
|
||||
gchar* commonname;
|
||||
gchar* organisation;
|
||||
gchar* organisation_unit;
|
||||
gchar* email;
|
||||
} tls_cert_name_t;
|
||||
|
||||
typedef struct tls_cert_t
|
||||
{
|
||||
int version;
|
||||
const char* fingerprint;
|
||||
char* serialnumber;
|
||||
char* subjectname;
|
||||
char* subject_country;
|
||||
char* subject_state;
|
||||
char* subject_distinguishedname;
|
||||
char* subject_serialnumber;
|
||||
char* subject_commonname;
|
||||
char* subject_organisation;
|
||||
char* subject_organisation_unit;
|
||||
char* subject_email;
|
||||
char* issuername;
|
||||
char* issuer_country;
|
||||
char* issuer_state;
|
||||
char* issuer_distinguishedname;
|
||||
char* issuer_serialnumber;
|
||||
char* issuer_commonname;
|
||||
char* issuer_organisation;
|
||||
char* issuer_organisation_unit;
|
||||
char* issuer_email;
|
||||
char* notbefore;
|
||||
char* notafter;
|
||||
char* fingerprint_sha1;
|
||||
char* fingerprint_sha256;
|
||||
char* key_alg;
|
||||
char* signature_alg;
|
||||
char* pem;
|
||||
char* pubkey_fingerprint;
|
||||
const gchar* fingerprint;
|
||||
gchar* serialnumber;
|
||||
gchar* subjectname;
|
||||
tls_cert_name_t subject;
|
||||
gchar* issuername;
|
||||
tls_cert_name_t issuer;
|
||||
gchar* notbefore;
|
||||
gchar* notafter;
|
||||
gchar* fingerprint_sha1;
|
||||
gchar* fingerprint_sha256;
|
||||
gchar* key_alg;
|
||||
gchar* signature_alg;
|
||||
gchar* pem;
|
||||
gchar* pubkey_fingerprint;
|
||||
} TLSCertificate;
|
||||
|
||||
void tlscerts_init(void);
|
||||
|
||||
@@ -185,8 +185,8 @@ cons_show_tlscert_summary(const TLSCertificate* cert)
|
||||
return;
|
||||
}
|
||||
|
||||
cons_show("Subject : %s", cert->subject_commonname);
|
||||
cons_show("Issuer : %s", cert->issuer_commonname);
|
||||
cons_show("Subject : %s", cert->subject.commonname);
|
||||
cons_show("Issuer : %s", cert->issuer.commonname);
|
||||
cons_show("Fingerprint : %s", cert->fingerprint);
|
||||
}
|
||||
|
||||
@@ -199,73 +199,35 @@ cons_show_tlscert(const TLSCertificate* cert)
|
||||
|
||||
cons_show("Certificate:");
|
||||
|
||||
cons_show(" Subject:");
|
||||
if (cert->subject_commonname) {
|
||||
cons_show(" Common name : %s", cert->subject_commonname);
|
||||
}
|
||||
if (cert->subject_distinguishedname) {
|
||||
cons_show(" Distinguished name : %s", cert->subject_distinguishedname);
|
||||
}
|
||||
if (cert->subject_organisation) {
|
||||
cons_show(" Organisation : %s", cert->subject_organisation);
|
||||
}
|
||||
if (cert->subject_organisation_unit) {
|
||||
cons_show(" Organisation unit : %s", cert->subject_organisation_unit);
|
||||
}
|
||||
if (cert->subject_email) {
|
||||
cons_show(" Email : %s", cert->subject_email);
|
||||
}
|
||||
if (cert->subject_state) {
|
||||
cons_show(" State : %s", cert->subject_state);
|
||||
}
|
||||
if (cert->subject_country) {
|
||||
cons_show(" Country : %s", cert->subject_country);
|
||||
}
|
||||
if (cert->subject_serialnumber) {
|
||||
cons_show(" Serial number : %s", cert->subject_serialnumber);
|
||||
}
|
||||
|
||||
cons_show(" Issuer:");
|
||||
if (cert->issuer_commonname) {
|
||||
cons_show(" Common name : %s", cert->issuer_commonname);
|
||||
}
|
||||
if (cert->issuer_distinguishedname) {
|
||||
cons_show(" Distinguished name : %s", cert->issuer_distinguishedname);
|
||||
}
|
||||
if (cert->issuer_organisation) {
|
||||
cons_show(" Organisation : %s", cert->issuer_organisation);
|
||||
}
|
||||
if (cert->issuer_organisation_unit) {
|
||||
cons_show(" Organisation unit : %s", cert->issuer_organisation_unit);
|
||||
}
|
||||
if (cert->issuer_email) {
|
||||
cons_show(" Email : %s", cert->issuer_email);
|
||||
}
|
||||
if (cert->issuer_state) {
|
||||
cons_show(" State : %s", cert->issuer_state);
|
||||
}
|
||||
if (cert->issuer_country) {
|
||||
cons_show(" Country : %s", cert->issuer_country);
|
||||
}
|
||||
if (cert->issuer_serialnumber) {
|
||||
cons_show(" Serial number : %s", cert->issuer_serialnumber);
|
||||
}
|
||||
|
||||
cons_show(" Version : %d", cert->version);
|
||||
|
||||
if (cert->serialnumber) {
|
||||
cons_show(" Serial number : %s", cert->serialnumber);
|
||||
}
|
||||
cons_show(" Subject:");
|
||||
cons_show_if_set(" Common name : %s", cert->subject.commonname);
|
||||
cons_show_if_set(" Distinguished name : %s", cert->subject.distinguishedname);
|
||||
cons_show_if_set(" Organisation : %s", cert->subject.organisation);
|
||||
cons_show_if_set(" Organisation unit : %s", cert->subject.organisation_unit);
|
||||
cons_show_if_set(" Email : %s", cert->subject.email);
|
||||
cons_show_if_set(" State : %s", cert->subject.state);
|
||||
cons_show_if_set(" Country : %s", cert->subject.country);
|
||||
cons_show_if_set(" Serial number : %s", cert->subject.serialnumber);
|
||||
|
||||
if (cert->key_alg) {
|
||||
cons_show(" Key algorithm : %s", cert->key_alg);
|
||||
}
|
||||
if (cert->signature_alg) {
|
||||
cons_show(" Signature algorithm : %s", cert->signature_alg);
|
||||
}
|
||||
cons_show(" Issuer:");
|
||||
cons_show_if_set(" Common name : %s", cert->issuer.commonname);
|
||||
cons_show_if_set(" Distinguished name : %s", cert->issuer.distinguishedname);
|
||||
cons_show_if_set(" Organisation : %s", cert->issuer.organisation);
|
||||
cons_show_if_set(" Organisation unit : %s", cert->issuer.organisation_unit);
|
||||
cons_show_if_set(" Email : %s", cert->issuer.email);
|
||||
cons_show_if_set(" State : %s", cert->issuer.state);
|
||||
cons_show_if_set(" Country : %s", cert->issuer.country);
|
||||
cons_show_if_set(" Serial number : %s", cert->issuer.serialnumber);
|
||||
|
||||
cons_show(" Start : %s", cert->notbefore);
|
||||
cons_show(" End : %s", cert->notafter);
|
||||
cons_show_if_set(" Serial number : %s", cert->serialnumber);
|
||||
|
||||
cons_show_if_set(" Key algorithm : %s", cert->key_alg);
|
||||
cons_show_if_set(" Signature algorithm : %s", cert->signature_alg);
|
||||
|
||||
cons_show_if_set(" Validity Start : %s", cert->notbefore);
|
||||
cons_show_if_set(" Validity End : %s", cert->notafter);
|
||||
|
||||
cons_show_if_set(" Fingerprint SHA1 : %s", cert->fingerprint_sha1);
|
||||
cons_show_if_set(" Fingerprint SHA256 : %s", cert->fingerprint_sha256);
|
||||
|
||||
Reference in New Issue
Block a user