diff options
author | Vincent Sanders <vince@kyllikki.org> | 2020-05-09 22:42:12 +0100 |
---|---|---|
committer | Vincent Sanders <vince@kyllikki.org> | 2020-05-09 22:42:12 +0100 |
commit | fbc0847db06fa91765d5b83b34dabee85f65d4ec (patch) | |
tree | 64815b720817fef78e3ce74694903aa927c2575a /utils | |
parent | a98003674be06798ad4e7a6c59b99ee8674ea1fe (diff) | |
download | netsurf-fbc0847db06fa91765d5b83b34dabee85f65d4ec.tar.gz netsurf-fbc0847db06fa91765d5b83b34dabee85f65d4ec.tar.bz2 |
move ssl certificate serialisation into a url to the ssl_cert utility code
Diffstat (limited to 'utils')
-rw-r--r-- | utils/ssl_certs.c | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/utils/ssl_certs.c b/utils/ssl_certs.c index 94e83eba0..d0f2a6c18 100644 --- a/utils/ssl_certs.c +++ b/utils/ssl_certs.c @@ -132,6 +132,9 @@ cert_chain_dup(const struct cert_chain *src, struct cert_chain **dst_out) #define MIN_CERT_LEN 64 +/** + * process a part of a query extracting the certificate of an error code + */ static nserror process_query_section(const char *str, size_t len, struct cert_chain* chain) { @@ -216,6 +219,76 @@ nserror cert_chain_from_query(struct nsurl *url, struct cert_chain **chain_out) /* + * create a fetch query string from a certificate chain + * + * exported interface documented in netsurf/ssl_certs.h + */ +nserror cert_chain_to_query(struct cert_chain *chain, struct nsurl **url_out ) +{ + nserror res; + nsurl *url; + size_t allocsize; + size_t urlstrlen; + uint8_t *urlstr; + size_t depth; + + allocsize = 20; + for (depth = 0; depth < chain->depth; depth++) { + allocsize += 7; /* allow for &cert= */ + allocsize += 4 * ((chain->certs[depth].der_length + 2) / 3); + if (chain->certs[depth].err != SSL_CERT_ERR_OK) { + allocsize += 20; /* allow for &certerr=4000000000 */ + } + } + + urlstr = malloc(allocsize); + if (urlstr == NULL) { + return NSERROR_NOMEM; + } + + urlstrlen = snprintf((char *)urlstr, allocsize, "about:certificate"); + for (depth = 0; depth < chain->depth; depth++) { + nsuerror nsures; + size_t output_length; + + urlstrlen += snprintf((char *)urlstr + urlstrlen, + allocsize - urlstrlen, + "&cert="); + + output_length = allocsize - urlstrlen; + nsures = nsu_base64_encode_url( + chain->certs[depth].der, + chain->certs[depth].der_length, + (uint8_t *)urlstr + urlstrlen, + &output_length); + if (nsures != NSUERROR_OK) { + free(urlstr); + return (nserror)nsures; + } + urlstrlen += output_length; + + if (chain->certs[depth].err != SSL_CERT_ERR_OK) { + urlstrlen += snprintf((char *)urlstr + urlstrlen, + allocsize - urlstrlen, + "&certerr=%d", + chain->certs[depth].err); + } + + } + urlstr[17] = '?'; + urlstr[urlstrlen] = 0; + + res = nsurl_create((const char *)urlstr, &url); + free(urlstr); + + if (res == NSERROR_OK) { + *url_out = url; + } + + return res; +} + +/* * free certificate chain * * exported interface documented in netsurf/ssl_certs.h |