diff options
author | Gergely Nagy <ngg@tresorit.com> | 2019-06-16 09:44:21 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-06-18 07:57:31 +0200 |
commit | 6c2b7d44e3171b634f88a6840176d780e08d8790 (patch) | |
tree | 0fc2875dd802163ccf8cc56d6f3a05df0dd3b5d4 /lib/vtls | |
parent | 755083d00deb167667882e775b0885da0e63d034 (diff) |
openssl: fix pubkey/signature algorithm detection in certinfo
Certinfo gives the same result for all OpenSSL versions.
Also made printing RSA pubkeys consistent with older versions.
Reported-by: Michael Wallner
Fixes #3706
Closes #4030
Diffstat (limited to 'lib/vtls')
-rw-r--r-- | lib/vtls/openssl.c | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 1a7a18563..fa6d0201a 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3085,18 +3085,25 @@ static CURLcode get_cert_chain(struct connectdata *conn, #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS) { - const X509_ALGOR *palg = NULL; - ASN1_STRING *a = ASN1_STRING_new(); - if(a) { - X509_get0_signature(&psig, &palg, x); - X509_signature_print(mem, ARG2_X509_signature_print palg, a); - ASN1_STRING_free(a); - - if(palg) { - i2a_ASN1_OBJECT(mem, palg->algorithm); + const X509_ALGOR *sigalg = NULL; + X509_PUBKEY *xpubkey = NULL; + ASN1_OBJECT *pubkeyoid = NULL; + + X509_get0_signature(&psig, &sigalg, x); + if(sigalg) { + i2a_ASN1_OBJECT(mem, sigalg->algorithm); + push_certinfo("Signature Algorithm", i); + } + + xpubkey = X509_get_X509_PUBKEY(x); + if(xpubkey) { + X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey); + if(pubkeyoid) { + i2a_ASN1_OBJECT(mem, pubkeyoid); push_certinfo("Public Key Algorithm", i); } } + X509V3_ext(data, i, X509_get0_extensions(x)); } #else @@ -3148,7 +3155,7 @@ static CURLcode get_cert_chain(struct connectdata *conn, const BIGNUM *e; RSA_get0_key(rsa, &n, &e, NULL); - BN_print(mem, n); + BIO_printf(mem, "%d", BN_num_bits(n)); push_certinfo("RSA Public Key", i); print_pubkey_BN(rsa, n, i); print_pubkey_BN(rsa, e, i); |