Skip to content

Commit

Permalink
add support for get/set x509 version
Browse files Browse the repository at this point in the history
  • Loading branch information
zeebo committed Sep 5, 2018
1 parent 9386dd2 commit 3b86b42
Show file tree
Hide file tree
Showing 5 changed files with 64 additions and 28 deletions.
24 changes: 24 additions & 0 deletions cert.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,16 @@ const (
EVP_SHA512 EVP_MD = iota
)

// X509_Version represents a version on an x509 certificate.
type X509_Version int

// Specify constants for x509 versions because the standard states that they
// are represented internally as one lower than the common version name.
const (
X509_V1 X509_Version = 0
X509_V3 X509_Version = 2
)

type Certificate struct {
x *C.X509
Issuer *Certificate
Expand Down Expand Up @@ -388,3 +398,17 @@ func (c *Certificate) GetSerialNumberHex() (serial string) {
C.X_OPENSSL_free(unsafe.Pointer(hex))
return
}

// GetVersion returns the X509 version of the certificate.
func (c *Certificate) GetVersion() X509_Version {
return X509_Version(C.X_X509_get_version(c.x))
}

// SetVersion sets the X509 version of the certificate.
func (c *Certificate) SetVersion(version X509_Version) error {
cvers := C.long(version)
if C.X_X509_set_version(c.x, cvers) != 1 {
return errors.New("failed to set certificate version")
}
return nil
}
33 changes: 29 additions & 4 deletions cert_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
)

func TestCertGenerate(t *testing.T) {
key, err := GenerateRSAKey(2048)
key, err := GenerateRSAKey(768)
if err != nil {
t.Fatal(err)
}
Expand All @@ -43,7 +43,7 @@ func TestCertGenerate(t *testing.T) {
}

func TestCAGenerate(t *testing.T) {
cakey, err := GenerateRSAKey(2048)
cakey, err := GenerateRSAKey(768)
if err != nil {
t.Fatal(err)
}
Expand All @@ -70,7 +70,7 @@ func TestCAGenerate(t *testing.T) {
if err := ca.Sign(cakey, EVP_SHA256); err != nil {
t.Fatal(err)
}
key, err := GenerateRSAKey(2048)
key, err := GenerateRSAKey(768)
if err != nil {
t.Fatal(err)
}
Expand Down Expand Up @@ -102,7 +102,7 @@ func TestCAGenerate(t *testing.T) {
}

func TestCertGetNameEntry(t *testing.T) {
key, err := GenerateRSAKey(2048)
key, err := GenerateRSAKey(768)
if err != nil {
t.Fatal(err)
}
Expand Down Expand Up @@ -137,3 +137,28 @@ func TestCertGetNameEntry(t *testing.T) {
t.Fatalf("entry should be empty; got %q", entry)
}
}

func TestCertVersion(t *testing.T) {
key, err := GenerateRSAKey(768)
if err != nil {
t.Fatal(err)
}
info := &CertificateInfo{
Serial: big.NewInt(int64(1)),
Issued: 0,
Expires: 24 * time.Hour,
Country: "US",
Organization: "Test",
CommonName: "localhost",
}
cert, err := NewCertificate(info, key)
if err != nil {
t.Fatal(err)
}
if err := cert.SetVersion(X509_V3); err != nil {
t.Fatal(err)
}
if vers := cert.GetVersion(); vers != X509_V3 {
t.Fatalf("bad version: %d", vers)
}
}
10 changes: 9 additions & 1 deletion shim.c
Original file line number Diff line number Diff line change
Expand Up @@ -666,7 +666,7 @@ int X_EVP_CIPHER_CTX_iv_length(EVP_CIPHER_CTX *ctx) {

void X_EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int padding) {
//openssl always returns 1 for set_padding
//hence return value is not checked
//hence return value is not checked
EVP_CIPHER_CTX_set_padding(ctx, padding);
}

Expand Down Expand Up @@ -701,3 +701,11 @@ int X_sk_X509_num(STACK_OF(X509) *sk) {
X509 *X_sk_X509_value(STACK_OF(X509)* sk, int i) {
return sk_X509_value(sk, i);
}

long X_X509_get_version(const X509 *x) {
return X509_get_version(x);
}

int X_X509_set_version(X509 *x, long version) {
return X509_set_version(x, version);
}
2 changes: 2 additions & 0 deletions shim.h
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,8 @@ extern const ASN1_TIME *X_X509_get0_notBefore(const X509 *x);
extern const ASN1_TIME *X_X509_get0_notAfter(const X509 *x);
extern int X_sk_X509_num(STACK_OF(X509) *sk);
extern X509 *X_sk_X509_value(STACK_OF(X509)* sk, int i);
extern long X_X509_get_version(const X509 *x);
extern int X_X509_set_version(X509 *x, long version);

/* PEM methods */
extern int X_PEM_write_bio_PrivateKey_traditional(BIO *bio, EVP_PKEY *key, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
23 changes: 0 additions & 23 deletions sni_test.go

This file was deleted.

0 comments on commit 3b86b42

Please sign in to comment.