diff options
| author | Steven Fackler <[email protected]> | 2014-09-19 18:10:50 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2014-09-19 18:10:50 -0700 |
| commit | a495465b75ffb18ff2303c5a11a103e00a15a13d (patch) | |
| tree | c8d5ddcdd27211d632ef0e814091dacf8e45d237 /src | |
| parent | Merge pull request #47 from vhbit/cert-key-auth (diff) | |
| parent | Get certificate fingerprint (diff) | |
| download | rust-openssl-a495465b75ffb18ff2303c5a11a103e00a15a13d.tar.xz rust-openssl-a495465b75ffb18ff2303c5a11a103e00a15a13d.zip | |
Merge pull request #50 from vhbit/cert-fingerprint
Get certificate fingerprint
Diffstat (limited to 'src')
| -rwxr-xr-x | src/ssl/ffi.rs | 4 | ||||
| -rw-r--r-- | src/ssl/mod.rs | 26 |
2 files changed, 28 insertions, 2 deletions
diff --git a/src/ssl/ffi.rs b/src/ssl/ffi.rs index d1a971c8..2e21a24b 100755 --- a/src/ssl/ffi.rs +++ b/src/ssl/ffi.rs @@ -1,6 +1,7 @@ #![allow(non_camel_case_types)] -use libc::{c_int, c_void, c_long, c_ulong, c_char}; +use libc::{c_int, c_void, c_long, c_ulong, c_char, c_uint}; +use crypto::hash::{EVP_MD}; pub type SSL_CTX = c_void; pub type SSL_METHOD = c_void; @@ -145,6 +146,7 @@ extern "C" { pub fn X509_STORE_CTX_get_error(ctx: *mut X509_STORE_CTX) -> c_int; pub fn X509_get_subject_name(x: *mut X509) -> *mut X509_NAME; + pub fn X509_digest(x: *mut X509, digest: *const EVP_MD, buf: *mut c_char, len: *mut c_uint) -> c_int; pub fn SSL_new(ctx: *mut SSL_CTX) -> *mut SSL; pub fn SSL_free(ssl: *mut SSL); diff --git a/src/ssl/mod.rs b/src/ssl/mod.rs index 31551109..785b8dfc 100644 --- a/src/ssl/mod.rs +++ b/src/ssl/mod.rs @@ -1,4 +1,4 @@ -use libc::{c_int, c_void, c_char}; +use libc::{c_int, c_uint, c_void, c_char}; use std::io::{IoResult, IoError, EndOfFile, Stream, Reader, Writer}; use std::mem; use std::ptr; @@ -6,6 +6,7 @@ use std::rt::mutex::NativeMutex; use std::string; use sync::one::{Once, ONCE_INIT}; +use crypto::hash::{HashType, evpmd}; use ssl::error::{SslError, SslSessionClosed, StreamError}; pub mod error; @@ -230,6 +231,29 @@ impl<'ctx> X509<'ctx> { let name = unsafe { ffi::X509_get_subject_name(self.x509) }; X509Name { x509: self, name: name } } + + /// Returns certificate fingerprint calculated using provided hash + pub fn fingerprint(&self, hash_type: HashType) -> Option<Vec<u8>> { + let (evp, len) = evpmd(hash_type); + let v: Vec<u8> = Vec::from_elem(len, 0); + let act_len: c_uint = 0; + let res = unsafe { + ffi::X509_digest(self.x509, evp, mem::transmute(v.as_ptr()), + mem::transmute(&act_len)) + }; + + match res { + 0 => None, + _ => { + let act_len = act_len as uint; + match len.cmp(&act_len) { + Greater => None, + Equal => Some(v), + Less => fail!("Fingerprint buffer was corrupted!") + } + } + } + } } #[allow(dead_code)] |