← Back to branch summary

~davidstrauss/pyopenssl/set_session_cache_mode

« back to all changes in this revision

Viewing changes to OpenSSL/ssl/connection.c

  • Committer: Jean-Paul Calderone
  • Date: 2011-05-21 00:10:39 UTC
  • mfrom: (151.2.8 get-peer-cert-chain)
  • Revision ID: exarkun@divmod.com-20110521001039-04e364zjijx7j2o6
Add a Connection method for inspecting the certificate chain.

Show diffs side-by-side

added added

removed removed

Lines of Context:
OpenSSL/ssl/connection.c
1098
1098
    }
1099
1099
}
1100
1100
 
 
1101
static char ssl_Connection_get_peer_cert_chain_doc[] = "\n\
 
1102
Retrieve the other side's certificate (if any)\n\
 
1103
\n\
 
1104
@return: A list of X509 instances giving the peer's certificate chain,\n\
 
1105
         or None if it does not have one.\n\
 
1106
";
 
1107
static PyObject *
 
1108
ssl_Connection_get_peer_cert_chain(ssl_ConnectionObj *self, PyObject *args) {
 
1109
    STACK_OF(X509) *sk;
 
1110
    PyObject *chain;
 
1111
    crypto_X509Obj *cert;
 
1112
    Py_ssize_t i;
 
1113
 
 
1114
    if (!PyArg_ParseTuple(args, ":get_peer_cert_chain")) {
 
1115
        return NULL;
 
1116
    }
 
1117
 
 
1118
    sk = SSL_get_peer_cert_chain(self->ssl);
 
1119
    if (sk != NULL) {
 
1120
        chain = PyList_New(sk_X509_num(sk));
 
1121
        for (i = 0; i < sk_X509_num(sk); i++) {
 
1122
            cert = new_x509(sk_X509_value(sk, i), 1);
 
1123
            if (!cert) {
 
1124
                /* XXX Untested */
 
1125
                Py_DECREF(chain);
 
1126
                return NULL;
 
1127
            }
 
1128
            CRYPTO_add(&cert->x509->references, 1, CRYPTO_LOCK_X509);
 
1129
            PyList_SET_ITEM(chain, i, (PyObject *)cert);
 
1130
        }
 
1131
        return chain;
 
1132
    } else {
 
1133
        Py_INCREF(Py_None);
 
1134
        return Py_None;
 
1135
    }
 
1136
 
 
1137
}
 
1138
 
1101
1139
static char ssl_Connection_want_read_doc[] = "\n\
1102
1140
Checks if more data has to be read from the transport layer to complete an\n\
1103
1141
operation.\n\
1175
1213
    ADD_METHOD(master_key),
1176
1214
    ADD_METHOD(sock_shutdown),
1177
1215
    ADD_METHOD(get_peer_certificate),
 
1216
    ADD_METHOD(get_peer_cert_chain),
1178
1217
    ADD_METHOD(want_read),
1179
1218
    ADD_METHOD(want_write),
1180
1219
    ADD_METHOD(set_accept_state),