File: SSL.xs

package info (click to toggle)
libpoe-filter-ssl-perl 0.41-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 396 kB
  • sloc: perl: 666; makefile: 3
file content (117 lines) | stat: -rwxr-xr-x 2,768 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
#include "EXTERN.h"
#include "perl.h"
#include "XSUB.h"
#include "ppport.h"

#include <openssl/ssl.h>
#include <openssl/bio.h>

#if OPENSSL_VERSION_NUMBER < 0x10100000
static const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
{
	return x->serialNumber;
}
#endif

MODULE = POE::Filter::SSL      PACKAGE = POE::Filter::SSL

long
POE_FILTER_SSL_set_tmp_dh(ssl,dh)
   SSL *	ssl
   DH *	dh
   CODE:
      RETVAL = SSL_set_tmp_dh(ssl,dh);
   OUTPUT:
      RETVAL

long
POE_FILTER_SSL_CTX_set_tmp_dh(ctx,dh)
   SSL_CTX *	ctx
   DH *	dh
   CODE:
      RETVAL = SSL_CTX_set_tmp_dh(ctx,dh);
   OUTPUT:
      RETVAL

long
POE_FILTER_SSL_CTX_set_tmp_rsa(ctx,rsa)
   SSL_CTX *	ctx
   RSA *	rsa
   CODE:
      RETVAL = SSL_CTX_set_tmp_rsa(ctx,rsa);
   OUTPUT:
      RETVAL

int
POE_FILTER_SSL_get_ex_data_X509_STORE_CTX_idx()
   CODE:
      RETVAL = SSL_get_ex_data_X509_STORE_CTX_idx();
   OUTPUT:
      RETVAL

ASN1_INTEGER *
POE_FILTER_X509_get_serialNumber(cert)
   X509 *      cert
   CODE:
      RETVAL = X509_get_serialNumber(cert);
      ST(0) = sv_newmortal();   /* Undefined to start with */
      sv_setpvn( ST(0), RETVAL->data, RETVAL->length);

ASN1_INTEGER *
POE_FILTER_verify_serial_against_crl_file(crlfile, serial)
   CODE:
   X509_CRL *crl=NULL;
   X509_REVOKED *revoked;
   STACK_OF(X509_REVOKED) *revokes;
   BIO *in=NULL;
   int n,i,retval = 0;
   STRLEN len, lenser;
   unsigned char* crlfile = SvPV( ST(0), len);
   unsigned char* serial  = SvPV( ST(1), lenser);
   ST(0) = sv_newmortal();   /* Undefined to start with */

   /* check peer cert against CRL */
   if (len <= 0) {
      sv_setpvn(ST(0), "CRL: No file name given!", 24);
      goto end;
   }

   in=BIO_new(BIO_s_file());
   if (in == NULL) {
      sv_setpvn(ST(0), "CRL: BIO err", 12);
      goto end;
   }

   if (BIO_read_filename(in, crlfile) <= 0) {
      sv_setpvn(ST(0), "CRL: cannot read CRL File", 25);
      goto end;
   }

   crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
   if (crl == NULL) {
      sv_setpvn(ST(0), "CRL: cannot read from CRL File", 30);
      goto end;
   }

   revokes = X509_CRL_get_REVOKED(crl);
   n = sk_X509_REVOKED_num(revokes);
   if (n > 0) {
      for (i = 0; i < n; i++) {
         const ASN1_INTEGER *asn_ser;

         revoked = sk_X509_REVOKED_value(revokes, i);
         asn_ser = X509_REVOKED_get0_serialNumber(revoked);
         if ( (asn_ser->length > 0) &&
              (asn_ser->length == lenser) &&
              (strncmp(asn_ser->data, serial, lenser) == 0)) {
            sv_setpvn( ST(0), asn_ser->data, asn_ser->length);
            goto end;
         }
      }
      sv_setpvn(ST(0), "0", 1);
   } else {
      sv_setpvn(ST(0), "CRL: Empty File", 15);
   }
   end:
   BIO_free(in);
   if (crl) X509_CRL_free (crl);