/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2008-2012 The OpenLDAP Foundation.
+ * Copyright 2008-2013 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
int infd = PR_FileDesc2NativeHandle( PR_STDIN );
int isTTY = isatty( infd );
unsigned char phrase[200];
+ char *dummy;
/* Prompt for password */
if ( isTTY ) {
fprintf( stdout,
token_name ? token_name : DEFAULT_TOKEN_NAME );
echoOff( infd );
}
- fgets( (char*)phrase, sizeof(phrase), stdin );
+ dummy = fgets( (char*)phrase, sizeof(phrase), stdin );
+ (void) dummy;
if ( isTTY ) {
fprintf( stdout, "\n" );
echoOn( infd );
return 0;
}
+/* returns true if the given string looks like
+ "tokenname" ":" "certnickname"
+ This is true if there is a ':' colon character
+ in the string and the colon is not the first
+ or the last character in the string
+*/
+static int
+tlsm_is_tokenname_certnick( const char *certfile )
+{
+ if ( certfile ) {
+ const char *ptr = PL_strchr( certfile, ':' );
+ return ptr && (ptr != certfile) && (*(ptr+1));
+ }
+ return 0;
+}
+
static int
tlsm_deferred_ctx_init( void *arg )
{
} else {
char *tmp_certname;
- if ( ctx->tc_certdb_slot ) {
+ if ( tlsm_is_tokenname_certnick( lt->lt_certfile )) {
+ /* assume already in form tokenname:certnickname */
+ tmp_certname = PL_strdup( lt->lt_certfile );
+ } else if ( ctx->tc_certdb_slot ) {
tmp_certname = PR_smprintf( TLSM_CERTDB_DESC_FMT ":%s", ctx->tc_unique, lt->lt_certfile );
} else {
tmp_certname = PR_smprintf( "%s", lt->lt_certfile );
return rc ? 0 : keySize;
}
+static int
+tlsm_session_unique( tls_session *sess, struct berval *buf, int is_server)
+{
+ /* Need upstream support https://bugzilla.mozilla.org/show_bug.cgi?id=563276 */
+ return 0;
+}
+
+/* Yet again, we're pasting in glue that MozNSS ought to provide itself. */
+static struct {
+ const char *name;
+ int num;
+} pvers[] = {
+ { "SSLv2", SSL_LIBRARY_VERSION_2 },
+ { "SSLv3", SSL_LIBRARY_VERSION_3_0 },
+ { "TLSv1", SSL_LIBRARY_VERSION_TLS_1_0 },
+ { "TLSv1.1", SSL_LIBRARY_VERSION_TLS_1_1 },
+ { NULL, 0 }
+};
+
+static const char *
+tlsm_session_version( tls_session *sess )
+{
+ tlsm_session *s = (tlsm_session *)sess;
+ SSLChannelInfo info;
+ int rc;
+ rc = SSL_GetChannelInfo( s, &info, sizeof( info ));
+ if ( rc == 0 ) {
+ int i;
+ for (i=0; pvers[i].name; i++)
+ if (pvers[i].num == info.protocolVersion)
+ return pvers[i].name;
+ }
+ return "unknown";
+}
+
+static const char *
+tlsm_session_cipher( tls_session *sess )
+{
+ tlsm_session *s = (tlsm_session *)sess;
+ SSLChannelInfo info;
+ int rc;
+ rc = SSL_GetChannelInfo( s, &info, sizeof( info ));
+ if ( rc == 0 ) {
+ SSLCipherSuiteInfo csinfo;
+ rc = SSL_GetCipherSuiteInfo( info.cipherSuite, &csinfo, sizeof( csinfo ));
+ if ( rc == 0 )
+ return csinfo.cipherSuiteName;
+ }
+ return "unknown";
+}
+
+static int
+tlsm_session_peercert( tls_session *sess, struct berval *der )
+{
+ tlsm_session *s = (tlsm_session *)sess;
+ CERTCertificate *cert;
+ cert = SSL_PeerCertificate( s );
+ if (!cert)
+ return -1;
+ der->bv_len = cert->derCert.len;
+ der->bv_val = LDAP_MALLOC( der->bv_len );
+ if (!der->bv_val)
+ return -1;
+ memcpy( der->bv_val, cert->derCert.data, der->bv_len );
+ return 0;
+}
+
/*
* TLS support for LBER Sockbufs
*/
tlsm_session_peer_dn,
tlsm_session_chkhost,
tlsm_session_strength,
+ tlsm_session_unique,
+ tlsm_session_version,
+ tlsm_session_cipher,
+ tlsm_session_peercert,
&tlsm_sbio,