tls: store all the certificates chain in the written PEM file.

When using the tls.store command, a dump of all certificates in
the chain is now done on the disk.
pull/34/head
Eric Leblond 13 years ago
parent 152b4eaf56
commit b253d1a499

@ -215,6 +215,7 @@ static void LogTlsLogPem(LogTlsLogThread *aft, Packet *p, SSLState *state, LogTl
unsigned long pemlen;
unsigned char* pembase64ptr = NULL;
int ret;
SSLCertsChain *cert;
if ((state->server_connp.cert_input == NULL) || (state->server_connp.cert_input_len == 0))
SCReturn;
@ -231,42 +232,44 @@ static void LogTlsLogPem(LogTlsLogThread *aft, Packet *p, SSLState *state, LogTl
SCReturn;
}
pemlen = (4 * (state->server_connp.cert_input_len + 2) / 3) +1;
if (pemlen > aft->enc_buf_len) {
aft->enc_buf = (uint8_t*) SCRealloc(aft->enc_buf, sizeof(uint8_t) * pemlen);
if (aft->enc_buf == NULL) {
SCLogWarning(SC_ERR_MEM_ALLOC, "Can't allocate data for base64 encoding");
goto end_fp;
TAILQ_FOREACH(cert, &state->server_connp.certs, next) {
pemlen = (4 * (cert->cert_len + 2) / 3) +1;
if (pemlen > aft->enc_buf_len) {
aft->enc_buf = (uint8_t*) SCRealloc(aft->enc_buf, sizeof(uint8_t) * pemlen);
if (aft->enc_buf == NULL) {
SCLogWarning(SC_ERR_MEM_ALLOC, "Can't allocate data for base64 encoding");
goto end_fp;
}
aft->enc_buf_len = pemlen;
}
aft->enc_buf_len = pemlen;
}
memset(aft->enc_buf, 0, aft->enc_buf_len);
ret = Base64Encode((unsigned char*) state->server_connp.cert_input, state->server_connp.cert_input_len, aft->enc_buf, &pemlen);
if (ret != SC_BASE64_OK) {
SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "Invalid return of Base64Encode function");
goto end_fwrite_fp;
}
memset(aft->enc_buf, 0, aft->enc_buf_len);
if (fprintf(fp, PEMHEADER) < 0)
goto end_fwrite_fp;
ret = Base64Encode((unsigned char*) cert->cert_data, cert->cert_len, aft->enc_buf, &pemlen);
if (ret != SC_BASE64_OK) {
SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "Invalid return of Base64Encode function");
goto end_fwrite_fp;
}
pembase64ptr = aft->enc_buf;
while (pemlen > 0) {
size_t loffset = pemlen >= 64 ? 64 : pemlen;
if (fwrite(pembase64ptr, 1, loffset, fp) != loffset)
if (fprintf(fp, PEMHEADER) < 0)
goto end_fwrite_fp;
if (fwrite("\n", 1, 1, fp) != 1)
pembase64ptr = aft->enc_buf;
while (pemlen > 0) {
size_t loffset = pemlen >= 64 ? 64 : pemlen;
if (fwrite(pembase64ptr, 1, loffset, fp) != loffset)
goto end_fwrite_fp;
if (fwrite("\n", 1, 1, fp) != 1)
goto end_fwrite_fp;
pembase64ptr += 64;
if (pemlen < 64)
break;
pemlen -= 64;
}
if (fprintf(fp, PEMFOOTER) < 0)
goto end_fwrite_fp;
pembase64ptr += 64;
if (pemlen < 64)
break;
pemlen -= 64;
}
if (fprintf(fp, PEMFOOTER) < 0)
goto end_fwrite_fp;
fclose(fp);
//Logging certificate informations

Loading…
Cancel
Save