ZOOM now allows inspection of X509 peer certificate for verification.

[yaz-moved-to-github.git] / src / tcpip.c

diff --git a/src/tcpip.c b/src/tcpip.c
index 4425867..5f46f3e 100644 (file)
--- a/src/tcpip.c
+++ b/src/tcpip.c
@@ -1,8 +1,8 @@
 /*
- * Copyright (c) 1995-2003, Index Data
+ * Copyright (c) 1995-2004, Index Data
  * See the file LICENSE for details.
  *
- * $Id: tcpip.c,v 1.1 2003-10-27 12:21:35 adam Exp $
+ * $Id: tcpip.c,v 1.3 2004-04-28 22:44:59 adam Exp $
  */
 
 #include <stdio.h>
@@ -1098,3 +1098,48 @@ int static tcpip_set_blocking(COMSTACK p, int blocking)
     p->blocking = blocking;
     return 1;
 }
+
+#if HAVE_OPENSSL_SSL_H
+void *cs_get_ssl(COMSTACK cs)
+{
+    struct tcpip_state *state;
+    if (!cs || cs->type != ssl_type)
+        return 0;
+    state = (struct tcpip_state *) cs->cprivate;
+    return state->ssl;  
+}
+
+int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
+{
+    SSL *ssl = cs_get_ssl(cs);
+    if (ssl)
+    {
+       X509 *server_cert = SSL_get_peer_certificate (ssl);
+       if (server_cert)
+       {
+           BIO *bio = BIO_new(BIO_s_mem());
+           char *pem_buf;
+           /* get PEM buffer in memory */
+           PEM_write_bio_X509(bio, server_cert);
+           *len = BIO_get_mem_data(bio, &pem_buf);
+           *buf = xmalloc(*len);
+           memcpy(*buf, pem_buf, *len);
+           BIO_free(bio);
+           return 1;
+       }
+    }
+    return 0;
+}
+#else
+void *cs_get_ssl(COMSTACK cs)
+{
+    return 0;
+}
+
+int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len)
+{
+    return 0;
+}
+
+#endif
+