/* Get information from peer certificate
*/
int get_peer_cert_info(ssl_context *context, char *subject_dn, char *issuer_dn, char *serial_nr, int length) {
if (ssl_has_peer_cert(context) == false) {
return -1;
}
/* Subject DN
*/
if (x509parse_dn_gets(subject_dn, length, &(context->session->peer_cert->subject)) == -1) {
return -1;
}
subject_dn[length - 1] = '\0';
/* Issuer DN
*/
if (x509parse_dn_gets(issuer_dn, length, &(context->session->peer_cert->issuer)) == -1) {
return -1;
}
issuer_dn[length - 1] = '\0';
/* Serial number
*/
if (x509parse_serial_gets(serial_nr, length, &(context->session->peer_cert->serial)) == -1) {
return -1;
}
serial_nr[length - 1] = '\0';
return 0;
}
ngx_int_t
ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
const x509_cert *cert;
int len;
cert = ssl_get_peer_cert(c->ssl->connection);
if (cert == NULL) {
return NGX_OK;
}
len = cert->serial.len * 3 + 1;
s->data = ngx_palloc(pool, len);
if (s->data == NULL) {
return NGX_ERROR;
}
len = x509parse_serial_gets((char *) s->data, len - 1, &cert->serial);
if (len < 0) {
return NGX_ERROR;
}
s->len = len;
return NGX_OK;
}
char *
x509_get_serial (x509_cert *cert, struct gc_arena *gc)
{
int ret = 0;
int i = 0;
char *buf = NULL;
size_t len = cert->serial.len * 3 + 1;
buf = gc_malloc(len, true, gc);
if(x509parse_serial_gets(buf, len-1, &cert->serial) < 0)
buf = NULL;
return buf;
}
