From 8dc67a9430644549801c18ec7e3a725e5a4ef782 Mon Sep 17 00:00:00 2001 From: Adam Dickmeiss Date: Wed, 28 Apr 2004 12:10:51 +0000 Subject: [PATCH] Added cs_get_SSL. yaz-client-ssl prints peer info --- NEWS | 3 +++ client/Makefile.am | 12 ++++++++---- client/client.c | 38 +++++++++++++++++++++++++++++++++++++- include/yaz/comstack.h | 3 ++- src/tcpip.c | 18 +++++++++++++++++- 5 files changed, 67 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index a460ce3..f989740 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,8 @@ Possible compatibility problems with earlier versions marked with '*'. +Added cs_get_ssl that returns SSL handle (SSL *) for SSL comstack; returns +NULL if SSL is unavailable. + Documentation about MARC decoding tools. Fix --disable-tcpd to really disable tcpd. Patch by Robin H. Johnson. diff --git a/client/Makefile.am b/client/Makefile.am index d7b9526..bfb2091 100644 --- a/client/Makefile.am +++ b/client/Makefile.am @@ -1,6 +1,6 @@ ## Copyright (C) 1995-2003, Index Data ## All rights reserved. -## $Id: Makefile.am,v 1.20 2003-10-27 12:21:23 adam Exp $ +## $Id: Makefile.am,v 1.21 2004-04-28 12:10:51 adam Exp $ if ISSSL extra=yaz-client-ssl @@ -11,13 +11,17 @@ EXTRA_PROGRAMS=bertorture EXTRA_DIST = default.bib -yaz_client_SOURCES=client.c admin.c admin.h tabcomplete.c tabcomplete.h -yaz_client_ssl_SOURCES=$(yaz_client_SOURCES) +COMMON=admin.c admin.h tabcomplete.c tabcomplete.h +yaz_client_SOURCES=client.c $(COMMON) +yaz_client_ssl_SOURCES=$(COMMON) yaz_client_LDADD = ../src/libyaz.la $(READLINE_LIBS) -yaz_client_ssl_LDADD = ../src/libyazssl.la ../src/libyaz.la $(READLINE_LIBS) $(SSL_LIBS) +yaz_client_ssl_LDADD = ssl-client.lo ../src/libyazssl.la ../src/libyaz.la $(READLINE_LIBS) $(SSL_LIBS) bertorture_LDADD = ../src/libyaz.la bertorture_SOURCES=bertorture.c AM_CPPFLAGS=-I$(top_srcdir)/include + +ssl-client.lo: client.c + $(LTCOMPILE) $(SSL_CFLAGS) $(SSL_DEFS) -c $(srcdir)/client.c -o ssl-client.lo diff --git a/client/client.c b/client/client.c index d0f9ad5..cacc274 100644 --- a/client/client.c +++ b/client/client.c @@ -2,7 +2,7 @@ * Copyright (c) 1995-2004, Index Data * See the file LICENSE for details. * - * $Id: client.c,v 1.238 2004-04-07 13:51:50 adam Exp $ + * $Id: client.c,v 1.239 2004-04-28 12:10:51 adam Exp $ */ #include @@ -16,6 +16,14 @@ #include #endif +#if HAVE_OPENSSL_SSL_H +#include +#include +#include +#include +#include +#endif + #include #include @@ -529,6 +537,9 @@ int session_connect(const char *arg) void *add; char type_and_host[101]; const char *basep = 0; +#if HAVE_OPENSSL_SSL_H + SSL *ssl; +#endif if (conn) { cs_close (conn); @@ -586,6 +597,31 @@ int session_connect(const char *arg) return 0; } printf("OK.\n"); +#if HAVE_OPENSSL_SSL_H + if ((ssl = (SSL *) cs_get_ssl(conn))) + { + X509 *server_cert = SSL_get_peer_certificate (ssl); + char *str; + if (server_cert) + { + printf ("Server certificate:\n"); + + str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0); + if (str) + { + printf ("\t subject: %s\n", str); + free (str); + } + str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0); + if (str) + { + printf ("\t issuer: %s\n", str); + free (str); + } + X509_free (server_cert); + } + } +#endif if (basep && *basep) set_base (basep); if (protocol == PROTO_Z3950) diff --git a/include/yaz/comstack.h b/include/yaz/comstack.h index e5c32f5..1ab1878 100644 --- a/include/yaz/comstack.h +++ b/include/yaz/comstack.h @@ -23,7 +23,7 @@ * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE * OF THIS SOFTWARE. * - * $Id: comstack.h,v 1.11 2003-11-17 10:40:08 mike Exp $ + * $Id: comstack.h,v 1.12 2004-04-28 12:10:52 adam Exp $ */ #ifndef COMSTACK_H @@ -149,6 +149,7 @@ YAZ_EXPORT COMSTACK cs_create_host(const char *type_and_host, int blocking, void **vp); YAZ_EXPORT void cs_get_host_args(const char *type_and_host, const char **args); YAZ_EXPORT int cs_complete_auto(const unsigned char *buf, int len); +YAZ_EXPORT void *cs_get_ssl(COMSTACK cs); /* * error management. diff --git a/src/tcpip.c b/src/tcpip.c index 4425867..92b3100 100644 --- a/src/tcpip.c +++ b/src/tcpip.c @@ -2,7 +2,7 @@ * Copyright (c) 1995-2003, Index Data * See the file LICENSE for details. * - * $Id: tcpip.c,v 1.1 2003-10-27 12:21:35 adam Exp $ + * $Id: tcpip.c,v 1.2 2004-04-28 12:10:53 adam Exp $ */ #include @@ -1098,3 +1098,19 @@ int static tcpip_set_blocking(COMSTACK p, int blocking) p->blocking = blocking; return 1; } + +#if HAVE_OPENSSL_SSL_H +void *cs_get_ssl(COMSTACK cs) +{ + struct tcpip_state *state; + if (!cs || cs->type != ssl_type) + return 0; + state = (struct tcpip_state *) cs->cprivate; + return state->ssl; +} +#else +void *cs_get_ssl(COMSTACK cs) +{ + return 0; +} +#endif -- 1.7.10.4