static void ext_print(BIO *out, X509_EXTENSION *ex)
{
ASN1_OBJECT *obj;
int j;
BIO_printf(out,"%12s","");
obj=X509_EXTENSION_get_object(ex);
i2a_ASN1_OBJECT(out,obj);
j=X509_EXTENSION_get_critical(ex);
BIO_printf(out, ": %s\n", j ? "critical":"","");
if(!X509V3_EXT_print(out, ex, 0, 16)) {
BIO_printf(out, "%16s", "");
M_ASN1_OCTET_STRING_print(out,ex->value);
}
BIO_write(out,"\n",1);
}
static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
int indent)
{
long v;
char *tmp;
SXNETID *id;
int i;
v = ASN1_INTEGER_get(sx->version);
BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
tmp = i2s_ASN1_INTEGER(NULL, id->zone);
BIO_printf(out, "\n%*sZone: %s, User: "******"", tmp);
OPENSSL_free(tmp);
M_ASN1_OCTET_STRING_print(out, id->user);
}
return 1;
}
static PyObject *
X509_EXTENSION_value_to_PyString(X509_EXTENSION *ex) {
BIO *bio = NULL;
PyObject *str = NULL;
int str_len;
char *tmp_str;
/* Create a openssl BIO buffer */
bio = BIO_new(BIO_s_mem());
if (bio == NULL) {
goto err;
}
/* These are not the droids you are looking for. */
if (!X509V3_EXT_print(bio, ex, 0, 0)) {
if (M_ASN1_OCTET_STRING_print(bio, ex->value) == 0) {
goto err;
}
}
/* Convert to a Python string. */
str_len = BIO_get_mem_data(bio, &tmp_str);
str = PyBytes_FromStringAndSize(tmp_str, str_len);
/* Cleanup */
BIO_free(bio);
return str;
err:
if (bio) {
BIO_free(bio);
}
if (str) {
Py_DECREF(str);
}
return NULL;
}
int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
{
unsigned long l;
int i;
const char *neg;
X509_REQ_INFO *ri;
EVP_PKEY *pkey;
STACK_OF(X509_ATTRIBUTE) *sk;
STACK_OF(X509_EXTENSION) *exts;
char mlch = ' ';
int nmindent = 0;
if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
mlch = '\n';
nmindent = 12;
}
if(nmflags == X509_FLAG_COMPAT)
nmindent = 16;
ri=x->req_info;
if(!(cflag & X509_FLAG_NO_HEADER))
{
if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
if (BIO_write(bp," Data:\n",10) <= 0) goto err;
}
if(!(cflag & X509_FLAG_NO_VERSION))
{
neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
l=0;
for (i=0; i<ri->version->length; i++)
{ l<<=8; l+=ri->version->data[i]; }
if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
l) <= 0)
goto err;
}
if(!(cflag & X509_FLAG_NO_SUBJECT))
{
if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
if (BIO_write(bp,"\n",1) <= 0) goto err;
}
if(!(cflag & X509_FLAG_NO_PUBKEY))
{
if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
goto err;
if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
goto err;
if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
goto err;
if (BIO_puts(bp, "\n") <= 0)
goto err;
pkey=X509_REQ_get_pubkey(x);
if (pkey == NULL)
{
BIO_printf(bp,"%12sUnable to load Public Key\n","");
ERR_print_errors(bp);
}
else
#ifndef OPENSSL_NO_RSA
if (pkey->type == EVP_PKEY_RSA)
{
BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
BN_num_bits(pkey->pkey.rsa->n));
RSA_print(bp,pkey->pkey.rsa,16);
}
else
#endif
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
{
BIO_printf(bp,"%12sDSA Public Key:\n","");
DSA_print(bp,pkey->pkey.dsa,16);
}
else
#endif
#ifndef OPENSSL_NO_EC
if (pkey->type == EVP_PKEY_EC)
{
BIO_printf(bp, "%12sEC Public Key: \n","");
EC_KEY_print(bp, pkey->pkey.ec, 16);
}
else
#endif
BIO_printf(bp,"%12sUnknown Public Key:\n","");
EVP_PKEY_free(pkey);
}
if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
{
/* may not be */
if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
goto err;
sk=x->req_info->attributes;
if (sk_X509_ATTRIBUTE_num(sk) == 0)
{
if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
goto err;
}
else
{
for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
{
ASN1_TYPE *at;
X509_ATTRIBUTE *a;
ASN1_BIT_STRING *bs=NULL;
ASN1_TYPE *t;
int j,type=0,count=1,ii=0;
a=sk_X509_ATTRIBUTE_value(sk,i);
if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
continue;
if(BIO_printf(bp,"%12s","") <= 0)
goto err;
if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
{
if (a->single)
{
t=a->value.single;
type=t->type;
bs=t->value.bit_string;
}
else
{
ii=0;
count=sk_ASN1_TYPE_num(a->value.set);
get_next:
at=sk_ASN1_TYPE_value(a->value.set,ii);
type=at->type;
bs=at->value.asn1_string;
}
}
for (j=25-j; j>0; j--)
if (BIO_write(bp," ",1) != 1) goto err;
if (BIO_puts(bp,":") <= 0) goto err;
if ( (type == V_ASN1_PRINTABLESTRING) ||
(type == V_ASN1_T61STRING) ||
(type == V_ASN1_IA5STRING))
{
if (BIO_write(bp,(char *)bs->data,bs->length)
!= bs->length)
goto err;
BIO_puts(bp,"\n");
}
else
{
BIO_puts(bp,"unable to print attribute\n");
}
if (++ii < count) goto get_next;
}
}
}
if(!(cflag & X509_FLAG_NO_EXTENSIONS))
{
exts = X509_REQ_get_extensions(x);
if(exts)
{
BIO_printf(bp,"%8sRequested Extensions:\n","");
for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
{
ASN1_OBJECT *obj;
X509_EXTENSION *ex;
int j;
ex=sk_X509_EXTENSION_value(exts, i);
if (BIO_printf(bp,"%12s","") <= 0) goto err;
obj=X509_EXTENSION_get_object(ex);
i2a_ASN1_OBJECT(bp,obj);
j=X509_EXTENSION_get_critical(ex);
if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
goto err;
if(!X509V3_EXT_print(bp, ex, cflag, 16))
{
BIO_printf(bp, "%16s", "");
M_ASN1_OCTET_STRING_print(bp,ex->value);
}
if (BIO_write(bp,"\n",1) <= 0) goto err;
}
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
}
}
if(!(cflag & X509_FLAG_NO_SIGDUMP))
{
if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
}
return(1);
err:
X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB);
return(0);
}
void anubis_dump_server_certificate(SSL *ssl) {
X509 *x509Cert = SSL_get_peer_certificate(ssl);
char buffer[1024];
BIO *bio = NULL;
char *buf = NULL;
if(!x509Cert) {
anubis_ssl_perror("SSL_get_peer_certificate()");
return;
}
bio = BIO_new(BIO_s_mem());
if(!bio) {
anubis_ssl_perror("BIO_new()");
X509_free(x509Cert);
return;
}//end if
BIO_reset(bio);
if(!PEM_write_bio_X509(bio, x509Cert)) {
anubis_ssl_perror("PEM_write_bio_X509()");
BIO_free(bio);
X509_free(x509Cert);
return;
}
BIO_get_mem_data(bio, &buf);
anubis_out("Server certificate:\n%s", buf);
// Cert Version
long version = 0;
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_VERSION)) {
version = X509_get_version(x509Cert);
fprintf(out_stream, "Version: %ld\n", version);
}//end if
// Cert Serial No. - Code adapted from OpenSSL's crypto/asn1/t_x509.c
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SERIAL)) {
ASN1_INTEGER *bs;
long l;
int i;
const char *neg;
bs = X509_get_serialNumber(x509Cert);
if (bs->length <= 4) {
l = ASN1_INTEGER_get(bs);
if (l < 0) {
l= -l;
neg = "-";
}
else
neg = "";
fprintf(out_stream, "Serial Number: %lu (%#lx)\n", l, l);
}
else {
neg = (bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
fprintf(out_stream, "Serial Number: %s", neg);
for (i = 0; i < bs->length; i++) {
fprintf(out_stream, "%02x%c", bs->data[i], (i+1 == bs->length)?'\n':':');
}
}
}
// Signature Algo...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SIGNAME)) {
i2a_ASN1_OBJECT(bio, x509Cert->cert_info->signature->algorithm);
BIO_get_mem_data(bio, &buf);
fprintf(out_stream, "Signature Algorithm:\n%s\n", buf);
}
// SSL Certificate Issuer...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_ISSUER)) {
X509_NAME_oneline(X509_get_issuer_name(x509Cert), buffer, sizeof(buffer) - 1);
fprintf(out_stream, "Issuer: %s\n", buffer);
}
// Validity...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_VALIDITY)) {
BIO_reset(bio);
ASN1_TIME_print(bio, X509_get_notBefore(x509Cert));
BIO_get_mem_data(bio, &buf);
fprintf(out_stream, "Not Valid Before: %s\n", buf);
BIO_reset(bio);
ASN1_TIME_print(bio, X509_get_notAfter(x509Cert));
BIO_get_mem_data(bio, &buf);
fprintf(out_stream, "Not Valid After: %s\n", buf);
}
// SSL Certificate Subject...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_SUBJECT)) {
X509_NAME_oneline(X509_get_subject_name(x509Cert), buffer, sizeof(buffer) - 1);
fprintf(out_stream, "Subject: %s\n", buffer);
}
// Public Key Algo...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_PUBKEY)) {
BIO_reset(bio);
i2a_ASN1_OBJECT(bio, x509Cert->cert_info->key->algor->algorithm);
BIO_get_mem_data(bio, &buf);
fprintf(out_stream, "Public Key Algorithm: %s\n", buf);
// Public Key...
EVP_PKEY *publicKey = NULL;
publicKey = X509_get_pubkey(x509Cert);
if (publicKey == NULL) {
anubis_err("Public Key Could not load\n");
}
else {
BIO_reset(bio);
char *publicKeyType = NULL;
int publicKeyLength = -1;
switch (publicKey->type) {
case EVP_PKEY_RSA:
publicKeyType = "RSA";
if (publicKey->pkey.rsa) {
publicKeyLength = BN_num_bits(publicKey->pkey.rsa->n);
RSA_print(bio, publicKey->pkey.rsa, 0);
BIO_get_mem_data(bio, &buf);
}
break;
case EVP_PKEY_DSA:
publicKeyType = "DSA";
if (publicKey->pkey.dsa) {
DSA_print(bio, publicKey->pkey.dsa, 0);
BIO_get_mem_data(bio, &buf);
}
break;
case EVP_PKEY_EC:
publicKeyType = "EC";
if (publicKey->pkey.ec) {
EC_KEY_print(bio, publicKey->pkey.ec, 0);
BIO_get_mem_data(bio, &buf);
}
break;
default:
publicKeyType = "Unknown";
break;
}
EVP_PKEY_free(publicKey);
fprintf(out_stream, "%d Public Key: ", publicKeyLength);
if(!strcasecmp(publicKeyType, "RSA")) {
fprintf(out_stream, "(%d bits)", publicKeyLength);
}
fprintf(out_stream, "\n");
fprintf(out_stream, "%s\n", buf);
}
}
// X509 v3...
if (!(X509_FLAG_COMPAT & X509_FLAG_NO_EXTENSIONS) && sk_X509_EXTENSION_num(x509Cert->cert_info->extensions) > 0) {
X509_EXTENSION *extension = NULL;
ASN1_OBJECT *asn1Object = NULL;
int tempInt2 = 0;
BIO_reset(bio);
for (int tempInt = 0; tempInt < sk_X509_EXTENSION_num(x509Cert->cert_info->extensions); tempInt++) {
// Get Extension...
extension = sk_X509_EXTENSION_value(x509Cert->cert_info->extensions, tempInt);
asn1Object = X509_EXTENSION_get_object(extension);
i2a_ASN1_OBJECT(bio, asn1Object);
tempInt2 = X509_EXTENSION_get_critical(extension);
BIO_printf(bio, ": %s\n", tempInt2 ? "critical" : "");
// Print Extension value...
if (!X509V3_EXT_print(bio, extension, X509_FLAG_COMPAT, 8)) {
M_ASN1_OCTET_STRING_print(bio, extension->value);
}
BIO_printf(bio, "\n");
}//end for
BIO_get_mem_data(bio, &buf);
fprintf(out_stream, "x509v3 Extensions: %s\n", buf);
}//end if x509v3
/*
long verifyError = 0;
// Verify Certificate...
verifyError = SSL_get_verify_result(ssl);
const char *verifyCertificate = "";
if (verifyError == X509_V_OK)
verifyCertificate = "Certificate passed verification";
else
verifyCertificate = X509_verify_cert_error_string(verifyError);
fprintf(out_stream, "Validation: %s\n", verifyCertificate);
*/
BIO_free(bio);
X509_free(x509Cert);
fflush(out_stream);
}//end anubis_dump_server_certificate
