From fd13a3c5b8cecdd1327f5db615387c8c0e691ba1 Mon Sep 17 00:00:00 2001
From: Adam Dickmeiss <adam@indexdata.dk>
Date: Fri, 6 Jun 2008 00:19:24 +0200
Subject: [PATCH] Added cs_print_session_info which shows SSL session info.

Added cs_print_session_info which shows SSL session info. This
utility used to be part of yaz-client but is now part of YAZ COMSTACK.
This is deal with GNU TLS session info and avoid having SSL implementation
code outside the YAZ core.
---
 client/Makefile.am     |    4 ++--
 client/client.c        |   37 +------------------------------------
 include/yaz/comstack.h |    2 ++
 src/tcpip.c            |   42 ++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 47 insertions(+), 38 deletions(-)

diff --git a/client/Makefile.am b/client/Makefile.am
index 5b84102..e288efd 100644
--- a/client/Makefile.am
+++ b/client/Makefile.am
@@ -9,9 +9,9 @@ EXTRA_DIST = default.bib
 COMMON=admin.c admin.h tabcomplete.c tabcomplete.h fhistory.c fhistory.h
 yaz_client_SOURCES=client.c $(COMMON)
 
-AM_CPPFLAGS=-I$(top_srcdir)/include $(XML2_CFLAGS) $(SSL_CFLAGS)
+AM_CPPFLAGS=-I$(top_srcdir)/include $(XML2_CFLAGS)
 
-yaz_client_LDADD = ../src/libyaz.la $(SSL_LIBS) $(READLINE_LIBS) 
+yaz_client_LDADD = ../src/libyaz.la $(READLINE_LIBS) 
 bertorture_LDADD = ../src/libyaz.la 
 
 bertorture_SOURCES=bertorture.c
diff --git a/client/client.c b/client/client.c
index e0e1fd7..4fd9406 100644
--- a/client/client.c
+++ b/client/client.c
@@ -33,15 +33,6 @@
 #include <sys/time.h>
 #endif
 
-#if HAVE_OPENSSL_SSL_H
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#endif
-
 #ifdef WIN32
 #include <sys/stat.h>
 #include <io.h>
@@ -676,9 +667,6 @@ int session_connect(const char *arg)
     void *add;
     char type_and_host[101];
     const char *basep = 0;
-#if HAVE_OPENSSL_SSL_H
-    SSL *ssl;
-#endif
     if (conn)
     {
         cs_close(conn);
@@ -731,30 +719,7 @@ int session_connect(const char *arg)
         return 0;
     }
     printf("OK.\n");
-#if HAVE_OPENSSL_SSL_H
-    if ((ssl = (SSL *) cs_get_ssl(conn)))
-    {
-        X509 *server_cert = SSL_get_peer_certificate (ssl);
-
-        if (server_cert)
-        {
-            char *pem_buf;
-            int pem_len;
-            BIO *bio = BIO_new(BIO_s_mem());
-
-            /* get PEM buffer in memory */
-            PEM_write_bio_X509(bio, server_cert);
-            pem_len = BIO_get_mem_data(bio, &pem_buf);
-            fwrite(pem_buf, pem_len, 1, stdout);
-
-            /* print all info on screen .. */
-            X509_print_fp(stdout, server_cert);
-            BIO_free(bio);
-
-            X509_free (server_cert);
-        }
-    }
-#endif
+    cs_print_session_info(conn);
     if (basep && *basep)
         set_base (basep);
     if (protocol == PROTO_Z3950)
diff --git a/include/yaz/comstack.h b/include/yaz/comstack.h
index a25b417..73e10cb 100644
--- a/include/yaz/comstack.h
+++ b/include/yaz/comstack.h
@@ -134,6 +134,8 @@ YAZ_EXPORT int cs_get_peer_certificate_x509(COMSTACK cs, char **buf, int *len);
 YAZ_EXPORT void cs_set_max_recv_bytes(COMSTACK cs, int max_recv_bytes);
 YAZ_EXPORT int completeWAIS(const char *buf, int len);
 
+YAZ_EXPORT void cs_print_session_info(COMSTACK cs);
+
 /*
  * error management.
  */
diff --git a/src/tcpip.c b/src/tcpip.c
index 45bde1e..ae070d7 100644
--- a/src/tcpip.c
+++ b/src/tcpip.c
@@ -50,6 +50,7 @@
 
 #if HAVE_GNUTLS_H
 #include <gnutls/openssl.h>
+#include <gnutls/x509.h>
 #define ENABLE_SSL 1
 #endif
 
@@ -1356,6 +1357,47 @@ int static tcpip_set_blocking(COMSTACK p, int flags)
     return 1;
 }
 
+void cs_print_session_info(COMSTACK cs)
+{
+#if HAVE_GNUTLS_H
+    struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate;
+    SSL *ssl = (SSL *) sp->ssl;
+    if (ssl)
+    {
+        gnutls_session_t session = ssl->gnutls_state;
+        if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509)
+            return;
+        printf("X509 certificate\n");
+    }
+#endif
+#if HAVE_OPENSSL_SSL_H
+    struct tcpip_state *sp = (struct tcpip_state *) cs->cprivate;
+    SSL *ssl = (SSL *) sp->ssl;
+    if (ssl)
+    {
+        X509 *server_cert = SSL_get_peer_certificate(ssl);
+        
+        if (server_cert)
+        {
+            char *pem_buf;
+            int pem_len;
+            BIO *bio = BIO_new(BIO_s_mem());
+
+            /* get PEM buffer in memory */
+            PEM_write_bio_X509(bio, server_cert);
+            pem_len = BIO_get_mem_data(bio, &pem_buf);
+            fwrite(pem_buf, pem_len, 1, stdout);
+
+            /* print all info on screen .. */
+            X509_print_fp(stdout, server_cert);
+            BIO_free(bio);
+
+            X509_free(server_cert);
+        }
+    }
+#endif
+}
+
 void *cs_get_ssl(COMSTACK cs)
 {
 #if HAVE_OPENSSL_SSL_H
-- 
1.7.10.4