def _bio_get_str(biobuf): bio_buf = ffi.new("char[]", 2048) length = lib.BIO_gets(biobuf, bio_buf, len(bio_buf) - 1) if length < 0: if biobuf: lib.BIO_free(biobuf) raise ssl_error(None) return _str_with_len(bio_buf, length)
def _decode_certificate(certificate): retval = {} peer = _create_tuple_for_X509_NAME(lib.X509_get_subject_name(certificate)) if not peer: return None retval["subject"] = peer issuer = _create_tuple_for_X509_NAME(lib.X509_get_issuer_name(certificate)) if not issuer: return None retval["issuer"] = issuer version = lib.X509_get_version(certificate) + 1 if version == 0: return None retval["version"] = version try: biobuf = lib.BIO_new(lib.BIO_s_mem()) lib.BIO_reset(biobuf) serialNumber = lib.X509_get_serialNumber(certificate) # should not exceed 20 octets, 160 bits, so buf is big enough lib.i2a_ASN1_INTEGER(biobuf, serialNumber) buf = ffi.new("char[]", 2048) length = lib.BIO_gets(biobuf, buf, len(buf) - 1) if length < 0: raise ssl_error(None) retval["serialNumber"] = _str_with_len(buf, length) lib.BIO_reset(biobuf) notBefore = lib.X509_get_notBefore(certificate) lib.ASN1_TIME_print(biobuf, notBefore) length = lib.BIO_gets(biobuf, buf, len(buf) - 1) if length < 0: raise ssl_error(None) retval["notBefore"] = _str_with_len(buf, length) lib.BIO_reset(biobuf) notAfter = lib.X509_get_notAfter(certificate) lib.ASN1_TIME_print(biobuf, notAfter) length = lib.BIO_gets(biobuf, buf, len(buf) - 1) if length < 0: raise ssl_error(None) retval["notAfter"] = _str_with_len(buf, length) # Now look for subjectAltName peer_alt_names = _get_peer_alt_names(certificate) if peer_alt_names is None: return None if len(peer_alt_names) > 0: retval["subjectAltName"] = peer_alt_names # Authority Information Access: OCSP URIs obj = _get_aia_uri(certificate, lib.NID_ad_OCSP) if obj: retval["OCSP"] = obj obj = _get_aia_uri(certificate, lib.NID_ad_ca_issuers) if obj: retval["caIssuers"] = obj # CDP (CRL distribution points) obj = _get_crl_dp(certificate) if obj: retval["crlDistributionPoints"] = obj finally: lib.BIO_free(biobuf) return retval
def _bio_get_str(biobuf): length = lib.BIO_gets(biobuf, STATIC_BIO_BUF, len(STATIC_BIO_BUF) - 1) if length < 0: if biobuf: lib.BIO_free(biobuf) raise ssl_error(None) return _str_with_len(STATIC_BIO_BUF, length)