/* * Dump information on a certificate to the debug log. */ static void pxy_debug_crt(X509 *crt) { char *sj = ssl_x509_subject(crt); if (sj) { log_dbg_printf("Subject DN: %s\n", sj); free(sj); } char *names = ssl_x509_names_to_str(crt); if (names) { log_dbg_printf("Common Names: %s\n", names); free(names); } unsigned char fpr[SSL_X509_FPRSZ]; if (ssl_x509_fingerprint_sha1(crt, fpr) == -1) { log_err_printf("Warning: Error generating X509 fingerprint\n"); } else { log_dbg_printf("Fingerprint: " "%02x:%02x:%02x:%02x:" "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:" "%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n", fpr[0], fpr[1], fpr[2], fpr[3], fpr[4], fpr[5], fpr[6], fpr[7], fpr[8], fpr[9], fpr[10], fpr[11], fpr[12], fpr[13], fpr[14], fpr[15], fpr[16], fpr[17], fpr[18], fpr[19]); } #ifdef DEBUG_CERTIFICATE /* dump certificate */ log_dbg_print_free(ssl_x509_to_str(crt)); log_dbg_print_free(ssl_x509_to_pem(crt)); #endif /* DEBUG_CERTIFICATE */ }
cache_key_t cachefkcrt_mkkey(X509 *keycrt) { unsigned char *fpr; if (!(fpr = (unsigned char*)malloc(SSL_X509_FPRSZ))) return NULL; ssl_x509_fingerprint_sha1(keycrt, fpr); return fpr; }