XRootD
XrdTlsPeerCerts.cc
Go to the documentation of this file.
1 /******************************************************************************/
2 /* */
3 /* X r d T l s P e e r C e r t s . c c */
4 /* */
5 /* (c) 2020 by the Board of Trustees of the Leland Stanford, Jr., University */
6 /* Produced by Andrew Hanushevsky for Stanford University under contract */
7 /* DE-AC02-76-SFO0515 with the Department of Energy */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /******************************************************************************/
29 
31 
32 /******************************************************************************/
33 /* L o c a l C o m p a t a b i l i t y F u n c t i o n s */
34 /******************************************************************************/
35 
36 // Version of OpenSSL < 1.1 do not have X509_up_ref() so we need to implement
37 // it using basic functions which only appear in 1.0.x. What a hack!
38 //
39 #if OPENSSL_VERSION_NUMBER < 0x10100000L
40 #include <openssl/crypto.h>
41 namespace
42 {
43 int X509_up_ref(X509 *cert)
44 {
45 #ifdef CRYPTO_add
46  if (cert && (CRYPTO_add(&(cert->references), 1, CRYPTO_LOCK_X509)) > 1)
47  return 1;
48 #endif
49 
50  return 0;
51 }
52 }
53 #else
54 #include <openssl/x509.h>
55 #endif
56 
57 /******************************************************************************/
58 /* D e s t r u c t o r */
59 /******************************************************************************/
60 
62 {
63 // Free the peer cert
64 //
65 if (cert) X509_free(cert);
66 
67 // Free the chain (we don't have to as only get1 call creates a copy.
68 //
69 // if (chain) sk_X509_pop_free(chain, X509_free);
70 }
71 
72 /******************************************************************************/
73 /* g e t C e r t */
74 /******************************************************************************/
75 
76 X509 *XrdTlsPeerCerts::getCert(bool upref)
77 {
78 // If we have a cert and we need to up the reference, do so. Note that upref
79 // may fail; in which case we return a nil pointer to avoid a future segv.
80 //
81  if (cert && upref && !X509_up_ref(cert)) return 0;
82  return cert;
83 }
X509 * getCert(bool upref=true)