[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[minion-cvs] Add function to check for expired certs
Update of /home/minion/cvsroot/src/minion/src
In directory moria.mit.edu:/tmp/cvs-serv21034/src/minion/src
Modified Files:
tls.c
Log Message:
Add function to check for expired certs
Index: tls.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/tls.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- tls.c 10 Apr 2003 03:01:07 -0000 1.20
+++ tls.c 26 Apr 2003 14:37:43 -0000 1.21
@@ -4,6 +4,7 @@
/* XXXX REMOVE*/
#include <stdio.h>
+#include <time.h>
#ifndef TRUNCATED_OPENSSL_INCLUDES
#include <openssl/ssl.h>
@@ -561,6 +562,40 @@
return (PyObject*) result;
}
+
+static char mm_TLSSock_check_cert_alive__doc__[] =
+ "DOCDOC";
+
+static PyObject*
+mm_TLSSock_check_cert_alive(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+ time_t now;
+ X509 *cert = NULL;
+ SSL *ssl = NULL;
+
+ assert(mm_TLSSock_Check(self));
+ FAIL_IF_ARGS();
+
+ ssl = ((mm_TLSSock*)self)->ssl;
+ if (!(cert = SSL_get_peer_certificate(ssl))) {
+ mm_SSL_ERR(0); return NULL;
+ }
+
+ /* Check expiration times. */
+ now = time(NULL);
+ if (X509_cmp_time(X509_get_notBefore(cert), &now) > 0) {
+ MM_TLS_ERR("Certificate is not yet valid");
+ return NULL;
+ }
+ if (X509_cmp_time(X509_get_notAfter(cert), &now) < 0) {
+ MM_TLS_ERR("Certificate has expired");
+ return NULL;
+ }
+ Py_INCREF(Py_None);
+ return Py_None;
+}
+
+
static char mm_TLSSock_verify_cert_and_get_identity_pk__doc__[] =
"DOCDOC";
@@ -575,6 +610,7 @@
RSA *rsa = NULL;
EVP_PKEY *pkey = NULL;
mm_RSA *result;
+
int i;
assert(mm_TLSSock_Check(self));
@@ -701,6 +737,7 @@
METHOD(mm_TLSSock, write),
METHOD(mm_TLSSock, shutdown),
METHOD(mm_TLSSock, get_peer_cert_pk),
+ METHOD(mm_TLSSock, check_cert_alive),
METHOD(mm_TLSSock, verify_cert_and_get_identity_pk),
METHOD(mm_TLSSock, fileno),
METHOD(mm_TLSSock, do_handshake),