[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[minion-cvs] When a TLS cert is out of date, notice how badly out of...

To: mixminion-cvs@freehaven.net
Subject: [minion-cvs] When a TLS cert is out of date, notice how badly out of...
From: nickm@seul.org (Nick Mathewson)
Date: Tue, 13 Apr 2004 00:01:04 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: mixminion-cvs-outgoing@seul.org
Delivered-to: mixminion-cvs@seul.org
Delivery-date: Tue, 13 Apr 2004 00:02:37 -0400
Reply-to: mixminion-dev@freehaven.net
Sender: owner-mixminion-cvs@freehaven.net

Update of /home/minion/cvsroot/src/minion/src
In directory moria.mit.edu:/tmp/cvs-serv17674/src/minion/src

Modified Files:
	tls.c 
Log Message:
When a TLS cert is out of date, notice how badly out of data it is.

Index: tls.c
===================================================================
RCS file: /home/minion/cvsroot/src/minion/src/tls.c,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -d -r1.35 -r1.36
--- tls.c	6 Mar 2004 00:04:38 -0000	1.35
+++ tls.c	13 Apr 2004 04:01:00 -0000	1.36
@@ -7,9 +7,11 @@
 #ifndef TRUNCATED_OPENSSL_INCLUDES
 #include <openssl/ssl.h>
 #include <openssl/tls1.h>
+#include <openssl/bio.h>
 #else
 #include <ssl.h>
 #include <tls1.h>
+#include <bio.h>
 #endif
 
 char mm_TLSError__doc__[] =
@@ -615,6 +617,59 @@
         return NULL;
 }
 
+static char mm_TLSSock_get_cert_lifetime__doc__[] =
+  "get_cert_lifetime()\n\n"
+  "Return a 2-tuple of strings representing a certificate's notBefore and\n"
+  "notAfter fields.\n";
+
+static PyObject *
+mm_TLSSock_get_cert_lifetime(PyObject *self, PyObject *args, PyObject *kwargs)
+{
+        SSL *ssl = NULL;
+        X509 *cert = NULL;
+        BIO *bio = NULL;
+        BUF_MEM *buf;
+        PyObject *s1 = NULL, *s2 = NULL;
+        PyObject *ret;
+
+        assert(mm_TLSSock_Check(self));
+        FAIL_IF_ARGS();
+
+        ssl = ((mm_TLSSock*)self)->ssl;
+        if (!(cert = SSL_get_peer_certificate(ssl))) {
+                mm_SSL_ERR(0); return NULL;
+        }
+
+        if (!(bio = BIO_new(BIO_s_mem()))) {
+                PyErr_NoMemory(); goto error;
+        }
+        if (!ASN1_TIME_print(bio, X509_get_notBefore(cert))) {
+                mm_SSL_ERR(0); goto error;
+        }
+        BIO_get_mem_ptr(bio, &buf);
+        s1 = PyString_FromStringAndSize(buf->data, buf->length);
+
+        BIO_reset(bio);
+        if (!ASN1_TIME_print(bio, X509_get_notAfter(cert))) {
+                mm_SSL_ERR(0); goto error;
+        }
+        BIO_get_mem_ptr(bio, &buf);
+        s2 = PyString_FromStringAndSize(buf->data, buf->length);
+
+        ret = Py_BuildValue("OO", s1, s2);
+        X509_free(cert);
+        BIO_free(bio);
+        Py_DECREF(s1);
+        Py_DECREF(s2);
+        return ret;
+ error:
+        if (cert) { X509_free(cert); }
+        if (bio) { BIO_free(bio); }
+        if (s1) { Py_DECREF(s1); }
+        if (s2) { Py_DECREF(s2); }
+        return NULL;
+}
+
 static char mm_TLSSock_verify_cert_and_get_identity_pk__doc__[] =
   "verify_cert_and_get_identity_pk()\n\n"
   "Check whether all of the following conditions hold:\n"
@@ -774,6 +829,7 @@
         METHOD(mm_TLSSock, do_handshake),
         METHOD(mm_TLSSock, renegotiate),
         METHOD(mm_TLSSock, get_num_bytes_raw),
+        METHOD(mm_TLSSock, get_cert_lifetime),
         { NULL, NULL }
 };

Prev by Author: [minion-cvs] When a TLS cert is out of date, notice how badly out of...
Next by Author: [minion-cvs] Add option to pipe outgoing mail through a command inst...
Previous by thread: [minion-cvs] When a TLS cert is out of date, notice how badly out of...
Next by thread: [minion-cvs] Add option to pipe outgoing mail through a command inst...
Index(es):
- Author
- Thread