summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2015-12-30 20:39:45 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2015-12-30 20:39:45 +0000
commit59b87190a41a0ac34aee74edfff9184785a73485 (patch)
tree9475c507c34819a1cc84d7a5513c4f986bcb266b /src
parent9aa35e9ce70bb9bf61e4e4dbc7089e49eeded1b3 (diff)
Support certificates in base64 expansion operator. Bug 1762
Diffstat (limited to 'src')
-rw-r--r--src/src/expand.c15
-rw-r--r--src/src/functions.h1
-rw-r--r--src/src/tlscert-gnu.c22
-rw-r--r--src/src/tlscert-openssl.c20
4 files changed, 52 insertions, 6 deletions
diff --git a/src/src/expand.c b/src/src/expand.c
index fad8cc7c7..4d3dd6fd5 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -6043,6 +6043,7 @@ while (*s != 0)
case EOP_MD5:
case EOP_SHA1:
case EOP_SHA256:
+ case EOP_BASE64:
if (s[1] == '$')
{
const uschar * s1 = s;
@@ -6888,15 +6889,17 @@ while (*s != 0)
case EOP_STR2B64:
case EOP_BASE64:
- {
- uschar *encstr = b64encode(sub, Ustrlen(sub));
- yield = string_cat(yield, &size, &ptr, encstr, Ustrlen(encstr));
- continue;
- }
+ {
+ uschar * s = vp && *(void **)vp->value
+ ? tls_cert_der_b64(*(void **)vp->value)
+ : b64encode(sub, Ustrlen(sub));
+ yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ continue;
+ }
case EOP_BASE64D:
{
- uschar *s;
+ uschar * s;
int len = b64decode(sub, &s);
if (len < 0)
{
diff --git a/src/src/functions.h b/src/src/functions.h
index d37b7489b..1d2d6b8ae 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -39,6 +39,7 @@ extern uschar * tls_cert_subject(void *, uschar * mod);
extern uschar * tls_cert_subject_altname(void *, uschar * mod);
extern uschar * tls_cert_version(void *, uschar * mod);
+extern uschar * tls_cert_der_b64(void * cert);
extern uschar * tls_cert_fprt_md5(void *);
extern uschar * tls_cert_fprt_sha1(void *);
extern uschar * tls_cert_fprt_sha256(void *);
diff --git a/src/src/tlscert-gnu.c b/src/src/tlscert-gnu.c
index d00258b9e..80b6fb142 100644
--- a/src/src/tlscert-gnu.c
+++ b/src/src/tlscert-gnu.c
@@ -418,6 +418,28 @@ for(index = 0;; index++)
/*****************************************************
* Certificate operator routines
*****************************************************/
+uschar *
+tls_cert_der_b64(void * cert)
+{
+size_t len = 0;
+uschar * cp = NULL;
+int fail;
+
+if ( (fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert,
+ GNUTLS_X509_FMT_DER, cp, &len)) != GNUTLS_E_SHORT_MEMORY_BUFFER
+ || !(cp = store_get((int)len))
+ || (fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert,
+ GNUTLS_X509_FMT_DER, cp, &len))
+ )
+ {
+ log_write(0, LOG_MAIN, "TLS error in certificate export: %s",
+ gnutls_strerror(fail));
+ return NULL;
+ }
+return b64encode(cp, (int)len);
+}
+
+
static uschar *
fingerprint(gnutls_x509_crt_t cert, gnutls_digest_algorithm_t algo)
{
diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c
index 94534d808..4d45ad9f9 100644
--- a/src/src/tlscert-openssl.c
+++ b/src/src/tlscert-openssl.c
@@ -464,6 +464,26 @@ return list;
/*****************************************************
* Certificate operator routines
*****************************************************/
+uschar *
+tls_cert_der_b64(void * cert)
+{
+BIO * bp = BIO_new(BIO_s_mem());
+uschar * cp = NULL;
+
+if (!i2d_X509_bio(bp, (X509 *)cert))
+ log_write(0, LOG_MAIN, "TLS error in certificate export: %s",
+ ERR_error_string(ERR_get_error(), NULL));
+else
+ {
+ long len = BIO_get_mem_data(bp, &cp);
+ cp = b64encode(cp, (int)len);
+ }
+
+BIO_free(bp);
+return cp;
+}
+
+
static uschar *
fingerprint(X509 * cert, const EVP_MD * fdig)
{