summaryrefslogtreecommitdiff
path: root/src/stls/stls_send_environment.c
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2021-05-18 11:19:19 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2021-05-18 11:19:19 +0000
commit6780eee3e0dbe37640f72ed1e37a95c506e23f8c (patch)
treefd89e47869fd422c6a2fb49e361c760a94b60668 /src/stls/stls_send_environment.c
parent8f4d374c931ce12554beb9231c1af9171832e133 (diff)
downloads6-networking-6780eee3e0dbe37640f72ed1e37a95c506e23f8c.tar.xz
Prepare for 2.4.2.0; implement client certificates with bearssl
Also send a bit more environment with libtls
Diffstat (limited to 'src/stls/stls_send_environment.c')
-rw-r--r--src/stls/stls_send_environment.c31
1 files changed, 21 insertions, 10 deletions
diff --git a/src/stls/stls_send_environment.c b/src/stls/stls_send_environment.c
index c7cb9c7..ab7fba2 100644
--- a/src/stls/stls_send_environment.c
+++ b/src/stls/stls_send_environment.c
@@ -9,9 +9,22 @@
#include <s6-networking/stls.h>
+static int add (buffer *b, int h, char const *key, char const *value)
+{
+ if (buffer_puts(b, key) < 0) return 0 ;
+ if (h && value && value[0])
+ {
+ if (buffer_put(b, "=", 1) < 0
+ || buffer_puts(b, value) < 0)
+ return 0 ;
+ }
+ if (buffer_put(b, "", 1) < 0) return 0 ;
+ return 1 ;
+}
+
+
int stls_send_environment (struct tls *ctx, int fd)
{
- char const *name = tls_conn_servername(ctx) ;
char buf[4096] ;
buffer b = BUFFER_INIT(&buffer_write, fd, buf, 4096) ;
if (buffer_puts(&b, "SSL_PROTOCOL=") < 0
@@ -19,15 +32,13 @@ int stls_send_environment (struct tls *ctx, int fd)
|| buffer_put(&b, "", 1) < 0
|| buffer_puts(&b, "SSL_CIPHER=") < 0
|| buffer_puts(&b, tls_conn_cipher(ctx)) < 0
- || buffer_put(&b, "", 1) < 0
- || buffer_puts(&b, "SSL_TLS_SNI_SERVERNAME") < 0)
+ || buffer_put(&b, "", 1) < 0)
return 0 ;
- if (name && name[0])
- {
- if (buffer_put(&b, "=", 1) < 0
- || buffer_puts(&b, name) < 0)
- return 0 ;
- }
- if (buffer_putflush(&b, "\0", 2) < 0) return 0 ;
+
+ if (!add(&b, 1, "SSL_TLS_SNI_SERVERNAME", tls_conn_servername(ctx))) return 0 ;
+ if (!add(&b, tls_peer_cert_provided(ctx), "SSL_PEER_CERT_HASH", tls_peer_cert_hash(ctx))) return 0 ;
+ if (!add(&b, tls_peer_cert_provided(ctx), "SSL_PEER_CERT_SUBJECT", tls_peer_cert_subject(ctx))) return 0 ;
+
+ if (buffer_putflush(&b, "", 1) < 0) return 0 ;
return 1 ;
}