43 static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, request_rec *r, X509 *xs, char *var);
45 static char *ssl_var_lookup_ssl_cert_san(apr_pool_t *p, X509 *xs, char *var);
48 static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs);
51 static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs);
395     X509 *xs;
446         if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
447             result = ssl_var_lookup_ssl_cert(p, r, xs, var+7);
448             X509_free(xs);
452         if ((xs = SSL_get_certificate(ssl)) != NULL) {
453             result = ssl_var_lookup_ssl_cert(p, r, xs, var+7);
455              * No need to X509_free(xs).
524 static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, request_rec *r, X509 *xs,
536         result = apr_psprintf(p, "%lu", X509_get_version(xs)+1);
540         result = ssl_var_lookup_ssl_cert_serial(p, xs);
543         result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notBefore(xs));
546         result = ssl_var_lookup_ssl_cert_valid(p, X509_get_notAfter(xs));
549         result = ssl_var_lookup_ssl_cert_remain(p, X509_get_notAfter(xs));
554             xsname = X509_get_subject_name(xs);
556             xsname = X509_get_issuer_name(xs);
564             xsname = X509_get_subject_name(xs);
566             xsname = X509_get_issuer_name(xs);
573         result = ssl_var_lookup_ssl_cert_san(p, xs, var+4);
577         nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->signature->algorithm));
583         nid = OBJ_obj2nid((ASN1_OBJECT *)(xs->cert_info->key->algor->algorithm));
589         result = ssl_var_lookup_ssl_cert_PEM(p, xs);
664 static char *ssl_var_lookup_ssl_cert_san(apr_pool_t *p, X509 *xs, char *var)
685     if (SSL_X509_getSAN(p, xs, type, atoi(var), &entries))
753 static char *ssl_var_lookup_ssl_cert_serial(apr_pool_t *p, X509 *xs)
761     i2a_ASN1_INTEGER(bio, X509_get_serialNumber(xs));
773     X509 *xs;
781             xs = sk_X509_value(sk, n);
782             result = ssl_var_lookup_ssl_cert_PEM(p, xs);
792     X509 *xs;
796     if (!(xs = SSL_get_peer_certificate(ssl))) {
802     serialNumber = X509_get_serialNumber(xs);
804         X509_NAME *issuer = X509_get_issuer_name(xs);
816     X509_free(xs);
820 static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, X509 *xs)
828     PEM_write_bio_X509(bio, xs);
845     X509 *xs;
852     xs    = SSL_get_peer_certificate(ssl);
854     if (vrc == X509_V_OK && verr == NULL && xs == NULL)
857     else if (vrc == X509_V_OK && verr == NULL && vinfo == NULL && xs != NULL)
868     if (xs)
869         X509_free(xs);
985     X509 *xs;
1000     xs = SSL_get_certificate(ssl);
1001     if (xs) {
1002         extract_dn(t, nids, "SSL_SERVER_S_DN_", X509_get_subject_name(xs), p);
1003         extract_dn(t, nids, "SSL_SERVER_I_DN_", X509_get_issuer_name(xs), p);
1008     xs = SSL_get_peer_certificate(ssl);
1009     if (xs) {
1010         extract_dn(t, nids, "SSL_CLIENT_S_DN_", X509_get_subject_name(xs), p);
1011         extract_dn(t, nids, "SSL_CLIENT_I_DN_", X509_get_issuer_name(xs), p);
1012         X509_free(xs);
1029     X509 *xs;
1033     xs = SSL_get_certificate(ssl);
1034     if (xs) {
1035         if (SSL_X509_getSAN(p, xs, GEN_EMAIL, -1, &entries)) {
1038         if (SSL_X509_getSAN(p, xs, GEN_DNS, -1, &entries)) {
1041         /* no need to free xs (refcount does not increase) */
1045     xs = SSL_get_peer_certificate(ssl);
1046     if (xs) {
1047         if (SSL_X509_getSAN(p, xs, GEN_EMAIL, -1, &entries)) {
1050         if (SSL_X509_getSAN(p, xs, GEN_DNS, -1, &entries)) {
1053         X509_free(xs);
1084     X509 *xs = NULL;
1105     xs = peer ? SSL_get_peer_certificate(ssl) : SSL_get_certificate(ssl);
1106     if (xs == NULL) {
1110     count = X509_get_ext_count(xs);
1116         X509_EXTENSION *ext = X509_get_ext(xs, j);
1148         X509_free(xs);

Indexes created Tue Jul 24 14:28:13 CEST 2018