New expansion operator sha256 for certificates. Bug 1170

author: Jeremy Harris <jgh146exb@wizmail.org> 2014-05-10 15:37:52 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2014-05-11 21:26:28 +0100
commit: 9ef9101c7dc24878b83931e716021378ae789d78 (patch)
tree: ec80408d5cf1ac2a25e1fb70b7fb2e29bfcd16a1 /src
parent: 2381c830c6f89e3abc2dc153d483251a4403e71f (diff)
4 files changed, 29 insertions, 1 deletions
diff --git a/src/src/expand.c b/src/src/expand.c
index 127134dbc..9afc036fa 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -205,6 +205,7 @@ static uschar *op_table_main[] = {
   US"rxquote",
   US"s",
   US"sha1",
+  US"sha256",
   US"stat",
   US"str2b64",
   US"strlen",
@@ -242,6 +243,7 @@ enum {
   EOP_RXQUOTE,
   EOP_S,
   EOP_SHA1,
+  EOP_SHA256,
   EOP_STAT,
   EOP_STR2B64,
   EOP_STRLEN,
@@ -5745,8 +5747,9 @@ while (*s != 0)
     switch(c)
       {
 #ifdef SUPPORT_TLS
-      case EOP_SHA1:
       case EOP_MD5:
+      case EOP_SHA1:
+      case EOP_SHA256:
 	if (s[1] == '$')
 	  {
 	  uschar * s1 = s;
@@ -5894,6 +5897,18 @@ while (*s != 0)
 	  }
         continue;
 
+      case EOP_SHA256:
+#ifdef SUPPORT_TLS
+	if (vp && *(void **)vp->value)
+	  {
+	  uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
+	  yield = string_cat(yield, &size, &ptr, cp, (int)strlen(cp));
+	  }
+	else
+#endif
+	  expand_string_message = US"sha256 only supported for certificates";
+        continue;
+
       /* Convert hex encoding to base64 encoding */
 
       case EOP_HEX2B64:
diff --git a/src/src/functions.h b/src/src/functions.h
index 38ba7f39d..792f3df4d 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -41,6 +41,7 @@ extern uschar * tls_cert_version(void *, uschar * mod);
 
 extern uschar * tls_cert_fprt_md5(void *);
 extern uschar * tls_cert_fprt_sha1(void *);
+extern uschar * tls_cert_fprt_sha256(void *);
 
 extern int     tls_client_start(int, host_item *, address_item *,
 		 void *);
diff --git a/src/src/tlscert-gnu.c b/src/src/tlscert-gnu.c
index 32b1986b8..5a4c231bb 100644
--- a/src/src/tlscert-gnu.c
+++ b/src/src/tlscert-gnu.c
@@ -421,6 +421,12 @@ tls_cert_fprt_sha1(void * cert)
 return fingerprint((gnutls_x509_crt_t)cert, GNUTLS_DIG_SHA1);
 }
 
+uschar *
+tls_cert_fprt_sha256(void * cert)
+{
+return fingerprint((gnutls_x509_crt_t)cert, GNUTLS_DIG_SHA256);
+}
+
 
 /* vi: aw ai sw=2
 */
diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c
index a36ec2ee2..9903f08f3 100644
--- a/src/src/tlscert-openssl.c
+++ b/src/src/tlscert-openssl.c
@@ -357,6 +357,12 @@ tls_cert_fprt_sha1(void * cert)
 return fingerprint((X509 *)cert, EVP_sha1());
 }
 
+uschar * 
+tls_cert_fprt_sha256(void * cert)
+{
+return fingerprint((X509 *)cert, EVP_sha256());
+}
+
 
 /* vi: aw ai sw=2
 */
author	Jeremy Harris <jgh146exb@wizmail.org>	2014-05-10 15:37:52 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2014-05-11 21:26:28 +0100
commit	9ef9101c7dc24878b83931e716021378ae789d78 (patch)
tree	ec80408d5cf1ac2a25e1fb70b7fb2e29bfcd16a1 /src
parent	2381c830c6f89e3abc2dc153d483251a4403e71f (diff)