Added tls_socket::peer_certificate()

fpagliughi · fpagliughi · commit 87cfdd8ae878 · 2025-01-16T23:09:18.000-05:00
diff --git a/examples/tls/tlsconn.cpp b/examples/tls/tlsconn.cpp
@@ -36,17 +36,18 @@
 // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 // --------------------------------------------------------------------------
 
-#include <getopt.h>
-
-#include <iostream>
-#include <string>
-
 #include "sockpp/tcp_connector.h"
 #include "sockpp/tls/connector.h"
 #include "sockpp/tls/context.h"
 #include "sockpp/tls/error.h"
 #include "sockpp/version.h"
 
+#include <getopt.h>
+
+#include <iostream>
+#include <fstream>
+#include <string>
+
 using namespace std;
 
 int main(int argc, char* argv[]) {
@@ -138,6 +139,17 @@ int main(int argc, char* argv[]) {
         return 1;
     }
 
+    cout << "Successful connection to " << addr << endl;
+
+    if (auto cert = conn.peer_certificate(); cert.empty()) {
+        cout << "No peer certificate" << endl;
+    }
+    else {
+        ofstream fil("peer.cer", ios::binary);
+        fil.write(reinterpret_cast<const char*>(cert.data()), cert.size());
+        cout << "Wrote peer certificate to peer.cer" << endl;
+    }
+
     if (auto res = conn.write("HELO"); !res) {
         cerr << "Error sending request [0x" << hex << res.error().value()
              << "]: " << res.error_message() << endl;
@@ -150,6 +162,5 @@ int main(int argc, char* argv[]) {
         return 1;
     }
 
-    cout << "Successful connection to " << addr << endl;
     return 0;
 }
diff --git a/include/sockpp/tls/openssl_context.h b/include/sockpp/tls/openssl_context.h
@@ -179,9 +179,9 @@ class tls_context
     );
     /**
      * Sets the verify flag in the context to the specified mode.
-     * This wraps <a
+     * This wraps <A
      * href="https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_verify.html">
-     * SSL_CTX_set_verify</a>
+     * SSL_CTX_set_verify
      * @param mode The verification mode.
      */
     void set_verify(verify_t mode) noexcept;
diff --git a/include/sockpp/tls/openssl_socket.h b/include/sockpp/tls/openssl_socket.h
@@ -113,25 +113,27 @@ class tls_socket : public stream_socket
      *         this may be null if the socket failed on construction.
      */
     SSL* ssl() { return ssl_; }
-
-    uint32_t peer_certificate_status() { return 0; }
-
     /**
-     * Returns an error message describing any problem with the peer's
-     * certificate.
+     * Move assignment.
+     * @param rhs The other socket to move into this one.
+     * @return A reference to this object.
      */
-    string peer_certificate_status_message() { return string{}; }
+    tls_socket& operator=(tls_socket&& rhs);
 
     /**
      * Returns the peer's X.509 certificate data, in binary DER format.
      */
-    string peer_certificate() { return string{}; }
+    binary peer_certificate();
+
     /**
-     * Move assignment.
-     * @param rhs The other socket to move into this one.
-     * @return A reference to this object.
+     *
      */
-    tls_socket& operator=(tls_socket&& rhs);
+    uint32_t peer_certificate_status();
+    /**
+     * Returns an error message describing any problem with the peer's
+     * certificate.
+     */
+    string peer_certificate_status_message();
 
     // I/O primitives
 
diff --git a/include/sockpp/types.h b/include/sockpp/types.h
@@ -49,6 +49,7 @@
 
 #include <chrono>
 #include <string>
+#include <cstdint>
 
 namespace sockpp {
 
@@ -63,6 +64,9 @@ using std::string;
 /** A sockpp::duration is a std::chrono::duration */
 using std::chrono::duration;
 
+/** A binary blob as a basic string/collection of uint8_t */
+using binary = std::basic_string<uint8_t>;
+
 // Time units are std::chrono time unite.
 using std::chrono::microseconds;
 using std::chrono::milliseconds;
diff --git a/src/tls/openssl_socket.cpp b/src/tls/openssl_socket.cpp
@@ -73,6 +73,39 @@ tls_socket& tls_socket::operator=(tls_socket&& rhs) {
     return *this;
 }
 
+binary tls_socket::peer_certificate() {
+    // TODO: Implement this
+    X509* cert = SSL_get0_peer_certificate(ssl_);
+
+    if (!cert)
+        return binary{};
+
+    uint8_t* buf = nullptr;
+    int len = i2d_X509(cert, &buf);
+
+    // TODO: Return an error result on <0?
+    if (len <= 0)
+        return binary{};
+
+    binary certBin{buf, size_t(len)};
+    OPENSSL_free(buf);
+
+    return certBin;
+}
+
+uint32_t tls_socket::peer_certificate_status() {
+    // TODO: Implement this?
+    return 0;
+}
+
+// Returns an error message describing any problem with
+// the peer's certificate.
+string tls_socket::peer_certificate_status_message() {
+    // TODO: Implement this?
+    return string{};
+}
+
+
 result<size_t> tls_socket::read(void* buf, size_t n) {
     size_t nx;
     int ret = ::SSL_read_ex(ssl_, buf, n, &nx);
