Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
p2p
go-openssl
Commits
3b86b428
Commit
3b86b428
authored
Sep 05, 2018
by
Jeff Wendling
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add support for get/set x509 version
closes #61
parent
9386dd2f
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
64 additions
and
28 deletions
+64
-28
cert.go
cert.go
+24
-0
cert_test.go
cert_test.go
+29
-4
shim.c
shim.c
+9
-1
shim.h
shim.h
+2
-0
sni_test.go
sni_test.go
+0
-23
No files found.
cert.go
View file @
3b86b428
...
...
@@ -43,6 +43,16 @@ const (
EVP_SHA512
EVP_MD
=
iota
)
// X509_Version represents a version on an x509 certificate.
type
X509_Version
int
// Specify constants for x509 versions because the standard states that they
// are represented internally as one lower than the common version name.
const
(
X509_V1
X509_Version
=
0
X509_V3
X509_Version
=
2
)
type
Certificate
struct
{
x
*
C
.
X509
Issuer
*
Certificate
...
...
@@ -388,3 +398,17 @@ func (c *Certificate) GetSerialNumberHex() (serial string) {
C
.
X_OPENSSL_free
(
unsafe
.
Pointer
(
hex
))
return
}
// GetVersion returns the X509 version of the certificate.
func
(
c
*
Certificate
)
GetVersion
()
X509_Version
{
return
X509_Version
(
C
.
X_X509_get_version
(
c
.
x
))
}
// SetVersion sets the X509 version of the certificate.
func
(
c
*
Certificate
)
SetVersion
(
version
X509_Version
)
error
{
cvers
:=
C
.
long
(
version
)
if
C
.
X_X509_set_version
(
c
.
x
,
cvers
)
!=
1
{
return
errors
.
New
(
"failed to set certificate version"
)
}
return
nil
}
cert_test.go
View file @
3b86b428
...
...
@@ -21,7 +21,7 @@ import (
)
func
TestCertGenerate
(
t
*
testing
.
T
)
{
key
,
err
:=
GenerateRSAKey
(
204
8
)
key
,
err
:=
GenerateRSAKey
(
76
8
)
if
err
!=
nil
{
t
.
Fatal
(
err
)
}
...
...
@@ -43,7 +43,7 @@ func TestCertGenerate(t *testing.T) {
}
func
TestCAGenerate
(
t
*
testing
.
T
)
{
cakey
,
err
:=
GenerateRSAKey
(
204
8
)
cakey
,
err
:=
GenerateRSAKey
(
76
8
)
if
err
!=
nil
{
t
.
Fatal
(
err
)
}
...
...
@@ -70,7 +70,7 @@ func TestCAGenerate(t *testing.T) {
if
err
:=
ca
.
Sign
(
cakey
,
EVP_SHA256
);
err
!=
nil
{
t
.
Fatal
(
err
)
}
key
,
err
:=
GenerateRSAKey
(
204
8
)
key
,
err
:=
GenerateRSAKey
(
76
8
)
if
err
!=
nil
{
t
.
Fatal
(
err
)
}
...
...
@@ -102,7 +102,7 @@ func TestCAGenerate(t *testing.T) {
}
func
TestCertGetNameEntry
(
t
*
testing
.
T
)
{
key
,
err
:=
GenerateRSAKey
(
204
8
)
key
,
err
:=
GenerateRSAKey
(
76
8
)
if
err
!=
nil
{
t
.
Fatal
(
err
)
}
...
...
@@ -137,3 +137,28 @@ func TestCertGetNameEntry(t *testing.T) {
t
.
Fatalf
(
"entry should be empty; got %q"
,
entry
)
}
}
func
TestCertVersion
(
t
*
testing
.
T
)
{
key
,
err
:=
GenerateRSAKey
(
768
)
if
err
!=
nil
{
t
.
Fatal
(
err
)
}
info
:=
&
CertificateInfo
{
Serial
:
big
.
NewInt
(
int64
(
1
)),
Issued
:
0
,
Expires
:
24
*
time
.
Hour
,
Country
:
"US"
,
Organization
:
"Test"
,
CommonName
:
"localhost"
,
}
cert
,
err
:=
NewCertificate
(
info
,
key
)
if
err
!=
nil
{
t
.
Fatal
(
err
)
}
if
err
:=
cert
.
SetVersion
(
X509_V3
);
err
!=
nil
{
t
.
Fatal
(
err
)
}
if
vers
:=
cert
.
GetVersion
();
vers
!=
X509_V3
{
t
.
Fatalf
(
"bad version: %d"
,
vers
)
}
}
shim.c
View file @
3b86b428
...
...
@@ -666,7 +666,7 @@ int X_EVP_CIPHER_CTX_iv_length(EVP_CIPHER_CTX *ctx) {
void
X_EVP_CIPHER_CTX_set_padding
(
EVP_CIPHER_CTX
*
ctx
,
int
padding
)
{
//openssl always returns 1 for set_padding
//hence return value is not checked
//hence return value is not checked
EVP_CIPHER_CTX_set_padding
(
ctx
,
padding
);
}
...
...
@@ -701,3 +701,11 @@ int X_sk_X509_num(STACK_OF(X509) *sk) {
X509
*
X_sk_X509_value
(
STACK_OF
(
X509
)
*
sk
,
int
i
)
{
return
sk_X509_value
(
sk
,
i
);
}
long
X_X509_get_version
(
const
X509
*
x
)
{
return
X509_get_version
(
x
);
}
int
X_X509_set_version
(
X509
*
x
,
long
version
)
{
return
X509_set_version
(
x
,
version
);
}
shim.h
View file @
3b86b428
...
...
@@ -158,6 +158,8 @@ extern const ASN1_TIME *X_X509_get0_notBefore(const X509 *x);
extern
const
ASN1_TIME
*
X_X509_get0_notAfter
(
const
X509
*
x
);
extern
int
X_sk_X509_num
(
STACK_OF
(
X509
)
*
sk
);
extern
X509
*
X_sk_X509_value
(
STACK_OF
(
X509
)
*
sk
,
int
i
);
extern
long
X_X509_get_version
(
const
X509
*
x
);
extern
int
X_X509_set_version
(
X509
*
x
,
long
version
);
/* PEM methods */
extern
int
X_PEM_write_bio_PrivateKey_traditional
(
BIO
*
bio
,
EVP_PKEY
*
key
,
const
EVP_CIPHER
*
enc
,
unsigned
char
*
kstr
,
int
klen
,
pem_password_cb
*
cb
,
void
*
u
);
sni_test.go
deleted
100644 → 0
View file @
9386dd2f
// Copyright (C) 2017. See AUTHORS.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package
openssl
import
"fmt"
// We can implemant SNI rfc6066 (http://tools.ietf.org/html/rfc6066) on the server side using foolowing callback.
// You should implement context storage (tlsCtxStorage) by your self.
func
ExampleSetTLSExtServernameCallback
()
{
fmt
.
Println
(
"Hello"
)
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment