def _bio_get_str(biobuf):
bio_buf = ffi.new("char[]", 2048)
length = lib.BIO_gets(biobuf, bio_buf, len(bio_buf) - 1)
if length < 0:
if biobuf: lib.BIO_free(biobuf)
raise ssl_error(None)
return _str_with_len(bio_buf, length)
def _decode_certificate(certificate):
retval = {}
peer = _create_tuple_for_X509_NAME(lib.X509_get_subject_name(certificate))
if not peer:
return None
retval["subject"] = peer
issuer = _create_tuple_for_X509_NAME(lib.X509_get_issuer_name(certificate))
if not issuer:
return None
retval["issuer"] = issuer
version = lib.X509_get_version(certificate) + 1
if version == 0:
return None
retval["version"] = version
try:
biobuf = lib.BIO_new(lib.BIO_s_mem())
lib.BIO_reset(biobuf)
serialNumber = lib.X509_get_serialNumber(certificate)
# should not exceed 20 octets, 160 bits, so buf is big enough
lib.i2a_ASN1_INTEGER(biobuf, serialNumber)
buf = ffi.new("char[]", 2048)
length = lib.BIO_gets(biobuf, buf, len(buf) - 1)
if length < 0:
raise ssl_error(None)
retval["serialNumber"] = _str_with_len(buf, length)
lib.BIO_reset(biobuf)
notBefore = lib.X509_get_notBefore(certificate)
lib.ASN1_TIME_print(biobuf, notBefore)
length = lib.BIO_gets(biobuf, buf,
len(buf) - 1)
if length < 0:
raise ssl_error(None)
retval["notBefore"] = _str_with_len(buf, length)
lib.BIO_reset(biobuf)
notAfter = lib.X509_get_notAfter(certificate)
lib.ASN1_TIME_print(biobuf, notAfter)
length = lib.BIO_gets(biobuf, buf,
len(buf) - 1)
if length < 0:
raise ssl_error(None)
retval["notAfter"] = _str_with_len(buf, length)
# Now look for subjectAltName
peer_alt_names = _get_peer_alt_names(certificate)
if peer_alt_names is None:
return None
if len(peer_alt_names) > 0:
retval["subjectAltName"] = peer_alt_names
# Authority Information Access: OCSP URIs
obj = _get_aia_uri(certificate, lib.NID_ad_OCSP)
if obj:
retval["OCSP"] = obj
obj = _get_aia_uri(certificate, lib.NID_ad_ca_issuers)
if obj:
retval["caIssuers"] = obj
# CDP (CRL distribution points)
obj = _get_crl_dp(certificate)
if obj:
retval["crlDistributionPoints"] = obj
finally:
lib.BIO_free(biobuf)
return retval
def _bio_get_str(biobuf):
length = lib.BIO_gets(biobuf, STATIC_BIO_BUF, len(STATIC_BIO_BUF) - 1)
if length < 0:
if biobuf: lib.BIO_free(biobuf)
raise ssl_error(None)
return _str_with_len(STATIC_BIO_BUF, length)