static const char *check_fp(struct Worker *w, const char *algo, const char *fn, size_t xlen)
{
const char *emsg;
int res;
struct tls_cert *cert = NULL;
static char buf[1024];
if (!fn)
return NULL;
res = tls_get_peer_cert(w->ctx, &cert, algo);
if (res != 0) {
snprintf(buf, sizeof buf, "fp-cert: %s", tls_error(w->ctx));
return buf;
}
if (cert->fingerprint_size != xlen) {
tls_cert_free(cert);
return "FP-sha1-fail";
}
emsg = hexcmp(fn, cert->fingerprint, cert->fingerprint_size);
tls_cert_free(cert);
if (emsg)
return emsg;
return NULL;
}
/**
* check AIDE MD vs given MD (SHA1)
*
* TODO(munetoh) obsolute use checkEventByAide()
*/
int checkFileByAide(AIDE_CONTEXT *ctx, AIDE_METADATA *metadata) {
AIDE_METADATA *md;
int i;
if (ctx == NULL) {
return -1;
}
if (metadata == NULL) {
return -1;
}
md = ctx->start;
for (i = 0; i < ctx->metadata_num; i++) {
if (md == NULL) {
return -1;
}
if ((metadata->sha1 != NULL) && (md->sha1 != NULL)) {
if (!hexcmp(metadata->sha1, md->sha1, SHA1_DIGEST_SIZE)) {
/* hit */
DEBUG_FSM("checkFileByAide - HIT name=[%s]\n", md->name);
md->status = OPENPTS_AIDE_MD_STATUS_HIT;
copyAideMetadata(metadata, md);
return 0;
}
}
md = md->next;
}
DEBUG_FSM("checkFileByAide - MISS\n");
return -2;
}
static const char *check_fp(struct Worker *w, const char *algo, const char *fn, size_t xlen)
{
const char *emsg;
int res;
struct tls_cert *cert;
if (!fn)
return NULL;
res = tls_get_peer_cert(w->ctx, &cert, algo);
if (res != 0 || cert->fingerprint_size != xlen) {
tls_cert_free(cert);
return "FP-sha1-fail";
}
emsg = hexcmp(fn, cert->fingerprint, cert->fingerprint_size);
tls_cert_free(cert);
if (emsg)
return emsg;
return NULL;
}