Certificate.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9#include "squid.h"
10#include "debug/Stream.h"
11#include "sbuf/SBuf.h"
13
14#if USE_OPENSSL
15#include "ssl/gadgets.h"
16#endif
17
18#include <iostream>
19
20inline
21const char *
23{
24 return "[need OpenSSL or GnuTLS]";
25}
26
27SBuf
29{
30 SBuf out;
31
32#if USE_OPENSSL
34 const auto name = Ssl::OneLineSummary(*X509_get_issuer_name(&cert));
35 if (!name) {
36 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate Issuer:" <<
38 return out;
39 }
40 out.append(name.get());
41
42#elif USE_GNUTLS
43 gnutls_x509_dn_t issuer;
44 auto x = gnutls_x509_crt_get_issuer(&cert, &issuer);
45 if (x != GNUTLS_E_SUCCESS) {
46 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate Issuer: " << ErrorString(x));
47 return out;
48 }
49
50 gnutls_datum_t name;
51 x = gnutls_x509_dn_get_str(issuer, &name);
52 if (x != GNUTLS_E_SUCCESS) {
53 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot describe certificate Issuer: " << ErrorString(x));
54 return out;
55 }
56 out.append(reinterpret_cast<const char *>(name.data), name.size);
57 gnutls_free(name.data);
58
59#else
60 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate Issuer: " << MissingLibraryError());
61 (void)cert;
62#endif
63
64 return out;
65}
66
67SBuf
69{
70 SBuf out;
71
72#if USE_OPENSSL
74 const auto name = Ssl::OneLineSummary(*X509_get_subject_name(&cert));
75 if (!name) {
76 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate SubjectName:" <<
78 return out;
79 }
80 out.append(name.get());
81
82#elif USE_GNUTLS
83 gnutls_x509_dn_t subject;
84 auto x = gnutls_x509_crt_get_subject(&cert, &subject);
85 if (x != GNUTLS_E_SUCCESS) {
86 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate SubjectName: " << ErrorString(x));
87 return out;
88 }
89
90 gnutls_datum_t name;
91 x = gnutls_x509_dn_get_str(subject, &name);
92 if (x != GNUTLS_E_SUCCESS) {
93 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot describe certificate SubjectName: " << ErrorString(x));
94 return out;
95 }
96 out.append(reinterpret_cast<const char *>(name.data), name.size);
97 gnutls_free(name.data);
98
99#else
100 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot get certificate SubjectName: " << MissingLibraryError());
101 (void)cert;
102#endif
103
104 return out;
105}
106
107bool
109{
110#if USE_OPENSSL
112 const auto result = X509_check_issued(&issuer, &cert);
113 if (result == X509_V_OK)
114 return true;
115 debugs(83, DBG_PARSE_NOTE(3), issuer << " did not sign " << cert << ":" <<
116 Debug::Extra << "X509_check_issued() result: " << X509_verify_cert_error_string(result) << " (" << result << ")" <<
118#elif USE_GNUTLS
119 const auto result = gnutls_x509_crt_check_issuer(&cert, &issuer);
120 if (result == 1)
121 return true;
122 debugs(83, DBG_PARSE_NOTE(3), issuer << " did not sign " << cert);
123#else
124 debugs(83, DBG_PARSE_NOTE(2), "WARNING: cannot determine certificates relationship: " << MissingLibraryError());
125 (void)cert;
126 (void)issuer;
127#endif
128 return false;
129}
130
131std::ostream &
132operator <<(std::ostream &os, Security::Certificate &cert)
133{
134 const auto name = Security::SubjectName(cert);
135 if (name.isEmpty())
136 os << "[no subject name]";
137 else
138 os << name;
139 return os;
140}
141
static std::ostream & Extra(std::ostream &os)
prefixes each grouped debugs() line after the first one in the group
Definition: Stream.h:117
Definition: SBuf.h:94
SBuf & append(const SBuf &S)
Definition: SBuf.cc:185
#define DBG_PARSE_NOTE(x)
Definition: Stream.h:45
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:196
SBuf IssuerName(Certificate &)
The Issuer field of the given certificate (if found) or an empty SBuf.
Definition: Certificate.cc:28
X509 Certificate
Definition: forward.h:73
SBuf SubjectName(Certificate &)
The SubjectName field of the given certificate (if found) or an empty SBuf.
Definition: Certificate.cc:68
bool IssuedBy(Certificate &cert, Certificate &issuer)
Definition: Certificate.cc:108
const char * ErrorString(const LibErrorCode code)
converts numeric LibErrorCode into a human-friendlier string
Definition: forward.h:146
std::ostream & ReportAndForgetErrors(std::ostream &)
Definition: gadgets.cc:34
UniqueCString OneLineSummary(X509_NAME &)
a RAII wrapper for the memory-allocating flavor of X509_NAME_oneline()
Definition: gadgets.cc:821
void ForgetErrors()
Clear any errors accumulated by OpenSSL in its global storage.
Definition: gadgets.cc:17
const char * MissingLibraryError()
Definition: Certificate.cc:22
std::ostream & operator<<(std::ostream &os, Security::Certificate &cert)
reports a one-line gist of the Certificate Subject Name (for debugging)
Definition: Certificate.cc:132

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors