diff options
Diffstat (limited to 'src/core/network-openssl.c')
-rw-r--r-- | src/core/network-openssl.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c index 7ec902fb..c7ce4b43 100644 --- a/src/core/network-openssl.c +++ b/src/core/network-openssl.c @@ -583,9 +583,6 @@ static void set_cipher_info(TLS_REC *tls, SSL *ssl) static void set_pubkey_info(TLS_REC *tls, X509 *cert, unsigned char *cert_fingerprint, size_t cert_fingerprint_size, unsigned char *public_key_fingerprint, size_t public_key_fingerprint_size) { - g_return_if_fail(tls != NULL); - g_return_if_fail(cert != NULL); - EVP_PKEY *pubkey = NULL; char *cert_fingerprint_hex = NULL; char *public_key_fingerprint_hex = NULL; @@ -594,13 +591,16 @@ static void set_pubkey_info(TLS_REC *tls, X509 *cert, unsigned char *cert_finger char buffer[128]; size_t length; + g_return_if_fail(tls != NULL); + g_return_if_fail(cert != NULL); + pubkey = X509_get_pubkey(cert); cert_fingerprint_hex = binary_to_hex(cert_fingerprint, cert_fingerprint_size); tls_rec_set_certificate_fingerprint(tls, cert_fingerprint_hex); tls_rec_set_certificate_fingerprint_algorithm(tls, "SHA256"); - // Show algorithm. + /* Show algorithm. */ switch (EVP_PKEY_id(pubkey)) { case EVP_PKEY_RSA: tls_rec_set_public_key_algorithm(tls, "RSA"); @@ -624,7 +624,7 @@ static void set_pubkey_info(TLS_REC *tls, X509 *cert, unsigned char *cert_finger tls_rec_set_public_key_size(tls, EVP_PKEY_bits(pubkey)); tls_rec_set_public_key_fingerprint_algorithm(tls, "SHA256"); - // Read the NotBefore timestamp. + /* Read the NotBefore timestamp. */ bio = BIO_new(BIO_s_mem()); ASN1_TIME_print(bio, X509_get_notBefore(cert)); length = BIO_read(bio, buffer, sizeof(buffer)); @@ -632,7 +632,7 @@ static void set_pubkey_info(TLS_REC *tls, X509 *cert, unsigned char *cert_finger BIO_free(bio); tls_rec_set_not_before(tls, buffer); - // Read the NotAfter timestamp. + /* Read the NotAfter timestamp. */ bio = BIO_new(BIO_s_mem()); ASN1_TIME_print(bio, X509_get_notAfter(cert)); length = BIO_read(bio, buffer, sizeof(buffer)); @@ -647,9 +647,6 @@ static void set_pubkey_info(TLS_REC *tls, X509 *cert, unsigned char *cert_finger static void set_peer_cert_chain_info(TLS_REC *tls, SSL *ssl) { - g_return_if_fail(tls != NULL); - g_return_if_fail(ssl != NULL); - int nid; char *key = NULL; char *value = NULL; @@ -662,6 +659,9 @@ static void set_peer_cert_chain_info(TLS_REC *tls, SSL *ssl) TLS_CERT_ENTRY_REC *tls_cert_entry_rec = NULL; ASN1_STRING *data = NULL; + g_return_if_fail(tls != NULL); + g_return_if_fail(ssl != NULL); + chain = SSL_get_peer_cert_chain(ssl); if (chain == NULL) @@ -670,7 +670,7 @@ static void set_peer_cert_chain_info(TLS_REC *tls, SSL *ssl) for (i = 0; i < sk_X509_num(chain); i++) { cert_rec = tls_cert_create_rec(); - // Subject. + /* Subject. */ name = X509_get_subject_name(sk_X509_value(chain, i)); for (j = 0; j < X509_NAME_entry_count(name); j++) { @@ -689,7 +689,7 @@ static void set_peer_cert_chain_info(TLS_REC *tls, SSL *ssl) tls_cert_rec_append_subject_entry(cert_rec, tls_cert_entry_rec); } - // Issuer. + /* Issuer. */ name = X509_get_issuer_name(sk_X509_value(chain, i)); for (j = 0; j < X509_NAME_entry_count(name); j++) { @@ -714,14 +714,11 @@ static void set_peer_cert_chain_info(TLS_REC *tls, SSL *ssl) static void set_server_temporary_key_info(TLS_REC *tls, SSL *ssl) { - g_return_if_fail(tls != NULL); - g_return_if_fail(ssl != NULL); - #ifdef SSL_get_server_tmp_key - // Show ephemeral key information. + /* Show ephemeral key information. */ EVP_PKEY *ephemeral_key = NULL; - // OPENSSL_NO_EC is for solaris 11.3 (2016), github ticket #598 + /* OPENSSL_NO_EC is for solaris 11.3 (2016), github ticket #598 */ #ifndef OPENSSL_NO_EC EC_KEY *ec_key = NULL; #endif @@ -729,6 +726,9 @@ static void set_server_temporary_key_info(TLS_REC *tls, SSL *ssl) char *cname = NULL; int nid; + g_return_if_fail(tls != NULL); + g_return_if_fail(ssl != NULL); + if (SSL_get_server_tmp_key(ssl, &ephemeral_key)) { switch (EVP_PKEY_id(ephemeral_key)) { case EVP_PKEY_DH: @@ -759,7 +759,7 @@ static void set_server_temporary_key_info(TLS_REC *tls, SSL *ssl) EVP_PKEY_free(ephemeral_key); } -#endif // SSL_get_server_tmp_key. +#endif /* SSL_get_server_tmp_key. */ } GIOChannel *net_connect_ip_ssl(IPADDR *ip, int port, IPADDR *my_ip, SERVER_REC *server) @@ -866,7 +866,7 @@ int irssi_ssl_handshake(GIOChannel *handle) set_peer_cert_chain_info(tls, chan->ssl); set_server_temporary_key_info(tls, chan->ssl); - // Emit the TLS rec. + /* Emit the TLS rec. */ signal_emit("tls handshake finished", 2, chan->server, tls); ret = 1; @@ -893,7 +893,7 @@ int irssi_ssl_handshake(GIOChannel *handle) ret = irssi_ssl_verify(chan->ssl, chan->ctx, chan->server->connrec->address, chan->port, cert, chan->server, tls); if (! ret) { - // irssi_ssl_verify emits a warning itself. + /* irssi_ssl_verify emits a warning itself. */ goto done; } } |