From: Adam Dickmeiss Date: Thu, 5 Jun 2008 22:19:24 +0000 (+0200) Subject: Added cs_print_session_info which shows SSL session info. X-Git-Tag: v3.0.30~4 X-Git-Url: http://lists.indexdata.com/cgi-bin?a=commitdiff_plain;h=fd13a3c5b8cecdd1327f5db615387c8c0e691ba1;p=yaz-moved-to-github.git Added cs_print_session_info which shows SSL session info. Added cs_print_session_info which shows SSL session info. This utility used to be part of yaz-client but is now part of YAZ COMSTACK. This is deal with GNU TLS session info and avoid having SSL implementation code outside the YAZ core. --- diff --git a/client/Makefile.am b/client/Makefile.am index 5b84102..e288efd 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -9,9 +9,9 @@ EXTRA_DIST = default.bib COMMON=admin.c admin.h tabcomplete.c tabcomplete.h fhistory.c fhistory.h yaz_client_SOURCES=client.c $(COMMON) -AM_CPPFLAGS=-I$(top_srcdir)/include $(XML2_CFLAGS) $(SSL_CFLAGS) +AM_CPPFLAGS=-I$(top_srcdir)/include $(XML2_CFLAGS) -yaz_client_LDADD = ../src/libyaz.la $(SSL_LIBS) $(READLINE_LIBS) +yaz_client_LDADD = ../src/libyaz.la $(READLINE_LIBS) bertorture_LDADD = ../src/libyaz.la bertorture_SOURCES=bertorture.c diff --git a/client/client.c b/client/client.c index e0e1fd7..4fd9406 100644 --- a/client/client.c +++ b/client/client.c @@ -33,15 +33,6 @@ #include #endif -#if HAVE_OPENSSL_SSL_H -#include -#include -#include -#include -#include -#include -#endif - #ifdef WIN32 #include #include @@ -676,9 +667,6 @@ int session_connect(const char *arg) void *add; char type_and_host[101]; const char *basep = 0; -#if HAVE_OPENSSL_SSL_H - SSL *ssl; -#endif if (conn) { cs_close(conn); @@ -731,30 +719,7 @@ int session_connect(const char *arg) return 0; } printf("OK.\n"); -#if HAVE_OPENSSL_SSL_H - if ((ssl = (SSL *) cs_get_ssl(conn))) - { - X509 *server_cert = SSL_get_peer_certificate (ssl); - - if (server_cert) - { - char *pem_buf; - int pem_len; - BIO *bio = BIO_new(BIO_s_mem()); - - /* get PEM buffer in memory */ - PEM_write_bio_X509(bio, server_cert); - pem_len = BIO_get_mem_data(bio, &pem_buf); - fwrite(pem_buf, pem_len, 1, stdout); - - /* print all info on screen .. */ - X509_print_fp(stdout, server_cert); - BIO_free(bio); - - X509_free (server_cert); - } - } -#endif + cs_print_session_info(conn); if (basep && *basep) set_base (basep); if (protocol == PROTO_Z3950) diff --git a/include/yaz/comstack.h b/include/yaz/comstack.h index a25b417..73e10cb 100644 --- a/include/yaz/comstack.h +++ b/include/yaz/comstack.h @@ -134,6 +134,8 @@ YAZ_EXPORT int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len); YAZ_EXPORT void cs_set_max_recv_bytes(COMSTACK cs, int max_recv_bytes); YAZ_EXPORT int completeWAIS(const char *buf, int len); +YAZ_EXPORT void cs_print_session_info(COMSTACK cs); + /* * error management. */ diff --git a/src/tcpip.c b/src/tcpip.c index 45bde1e..ae070d7 100644 --- a/src/tcpip.c +++ b/src/tcpip.c @@ -50,6 +50,7 @@ #if HAVE_GNUTLS_H #include +#include #define ENABLE_SSL 1 #endif @@ -1356,6 +1357,47 @@ int static tcpip_set_blocking(COMSTACK p, int flags) return 1; } +void cs_print_session_info(COMSTACK cs) +{ +#if HAVE_GNUTLS_H + struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate; + SSL *ssl = (SSL *) sp->ssl; + if (ssl) + { + gnutls_session_t session = ssl->gnutls_state; + if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) + return; + printf("X509 certificate\n"); + } +#endif +#if HAVE_OPENSSL_SSL_H + struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate; + SSL *ssl = (SSL *) sp->ssl; + if (ssl) + { + X509 *server_cert = SSL_get_peer_certificate(ssl); + + if (server_cert) + { + char *pem_buf; + int pem_len; + BIO *bio = BIO_new(BIO_s_mem()); + + /* get PEM buffer in memory */ + PEM_write_bio_X509(bio, server_cert); + pem_len = BIO_get_mem_data(bio, &pem_buf); + fwrite(pem_buf, pem_len, 1, stdout); + + /* print all info on screen .. */ + X509_print_fp(stdout, server_cert); + BIO_free(bio); + + X509_free(server_cert); + } + } +#endif +} + void *cs_get_ssl(COMSTACK cs) { #if HAVE_OPENSSL_SSL_H