X-Git-Url: http://git.indexdata.com/?p=yaz-moved-to-github.git;a=blobdiff_plain;f=src%2Ftcpip.c;h=0d8eaebbcf4969fdfdee50e0a7f6a03f24a6aff9;hp=610e6ce390a7d1129c657e301c18727ad9ff0949;hb=ebcb0cd09361a4b814ad8b7e629938c474af0be2;hpb=c1f23597ea64485e2362d658f3653211202cc6a8 diff --git a/src/tcpip.c b/src/tcpip.c index 610e6ce..0d8eaeb 100644 --- a/src/tcpip.c +++ b/src/tcpip.c @@ -138,6 +138,7 @@ typedef struct tcpip_state static int tcpip_init(void) { static int initialized = 0; + yaz_init_globals(); if (!initialized) { WORD requested; @@ -153,6 +154,7 @@ static int tcpip_init(void) #else static int tcpip_init(void) { + yaz_init_globals(); return 1; } #endif @@ -572,7 +574,6 @@ int tcpip_rcvconnect(COMSTACK h) #if HAVE_GNUTLS_H if (h->type == ssl_type && !sp->session) { - gnutls_global_init(); tcpip_create_cred(h); gnutls_init(&sp->session, GNUTLS_CLIENT); gnutls_set_default_priority(sp->session); @@ -1510,7 +1511,40 @@ int cs_set_ssl_certificate_file(COMSTACK cs, const char *fname) int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len) { - /* doesn't do anything for GNUTLS */ + +#if HAVE_GNUTLS_H +#if USE_GNUTLS_X509_CRT_PRINT + struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate; + if (cs->type == ssl_type && sp->session) + { + const gnutls_datum_t *cert_list; + unsigned cert_list_size; + if (gnutls_certificate_type_get(sp->session) != GNUTLS_CRT_X509) + return 0; + cert_list = gnutls_certificate_get_peers(sp->session, &cert_list_size); + if (cert_list_size > 0) + { + gnutls_x509_crt_t cert; + int ret; + gnutls_datum_t cinfo; + + gnutls_x509_crt_init(&cert); + gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER); + + ret = gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_FULL, &cinfo); + if (ret == 0) + { + *buf = xstrdup((char *) cinfo.data); + *len = strlen(*buf); + gnutls_free(cinfo.data); + gnutls_x509_crt_deinit(cert); + return 1; + } + gnutls_x509_crt_deinit(cert); + } + } +#endif +#endif return 0; }