diff options
| -rw-r--r-- | .gitlab-ci.yml | 159 | ||||
| -rw-r--r-- | CMakeLists.txt | 7 | ||||
| -rw-r--r-- | ci/travis.sh | 10 | ||||
| -rw-r--r-- | cmake/Package.cmake | 21 | ||||
| -rw-r--r-- | src/SSL_Certificate.c | 159 | ||||
| -rw-r--r-- | support/CMakeLists.txt | 28 | ||||
| -rw-r--r-- | support/openssl-1.1.1m.tar.gz | bin | 0 -> 9847315 bytes |
7 files changed, 236 insertions, 148 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6a72925..2b0aeae 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,29 +1,50 @@ -image: "git.mesalab.cn:7443/mesa_platform/build-env:master" variables: GIT_STRATEGY: "clone" + BUILD_IMAGE_CENTOS7: "git.mesalab.cn:7443/mesa_platform/build-env:master" + BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux" BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/ - INSTALL_PREFIX: "/opt/MESA/lib/" - INSTALL_DEPENDENCY_LIBRARY: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel sapp-devel framework_env libMESA_prof_load-devel sapp-devel openssl-devel libasan + INSTALL_DEPENDENCY_PLATFORM: sapp-devel libasan systemd-devel libnsl + INSTALL_DEPENDENCY_FRAMEWORK: libMESA_handle_logger-devel libcjson-devel libMESA_field_stat2-devel framework_env libMESA_prof_load-devel libbreakpad_mini-devel libMESA_htable-devel + INSTALL_PREFIX: "/home/mesasoft/sapp_run/" stages: +#- analysis - build +#- test +- package -.build_by_travis: +.build_before_script: before_script: - mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/ - ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH - cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH - chmod +x ./ci/travis.sh - script: - yum makecache - - ./ci/travis.sh - - cd build + - yum install -y elfutils-libelf-devel + + +.build_by_travis_for_centos7: + stage: build + image: $BUILD_IMAGE_CENTOS7 + extends: .build_before_script + script: + - ./ci/travis.sh + - cd build tags: - share -branch_build_debug: +.build_by_travis_for_centos8: stage: build - extends: .build_by_travis + image: $BUILD_IMAGE_CENTOS8 + extends: .build_before_script + script: + - ./ci/travis.sh + tags: + - share + +branch_build_debug_for_centos7: + stage: build + extends: .build_by_travis_for_centos7 variables: BUILD_TYPE: Debug except: @@ -31,19 +52,19 @@ branch_build_debug: - /^master.*$/i - tags -branch_build_release: +branch_build_release_for_centos7: stage: build variables: BUILD_TYPE: RelWithDebInfo - extends: .build_by_travis + extends: .build_by_travis_for_centos7 except: - /^develop.*$/i - /^master.*$/i - tags -develop_build_debug: +develop_build_debug_for_centos7: stage: build - extends: .build_by_travis + extends: .build_by_travis_for_centos7 variables: BUILD_TYPE: Debug PACKAGE: 1 @@ -60,14 +81,13 @@ develop_build_debug: - /^develop.*$/i - /^master.*$/i -develop_build_release: +develop_build_release_for_centos7: stage: build - extends: .build_by_travis + extends: .build_by_travis_for_centos7 variables: BUILD_TYPE: RelWithDebInfo PACKAGE: 1 UPLOAD_RPM: 1 - ASAN_OPTION: "OFF" TESTING_VERSION_BUILD: 1 PULP3_REPO_NAME: protocol-testing-x86_64.el7 PULP3_DIST_NAME: protocol-testing-x86_64.el7 @@ -79,24 +99,24 @@ develop_build_release: - /^develop.*$/i - /^master.*$/i -release_build_debug: - stage: build +release_build_debug_for_centos7: + stage: package variables: BUILD_TYPE: Debug PACKAGE: 1 UPLOAD_RPM: 1 PULP3_REPO_NAME: protocol-stable-x86_64.el7 PULP3_DIST_NAME: protocol-stable-x86_64.el7 - extends: .build_by_travis + extends: .build_by_travis_for_centos7 artifacts: - name: "ssl-$CI_COMMIT_REF_NAME-release" + name: "ssl-$CI_COMMIT_REF_NAME-debug" paths: - build/*.rpm only: - tags -release_build_release: - stage: build +release_build_release_for_centos7: + stage: package variables: BUILD_TYPE: RelWithDebInfo PACKAGE: 1 @@ -105,10 +125,101 @@ release_build_release: SYMBOL_TARGET: ssl PULP3_REPO_NAME: protocol-stable-x86_64.el7 PULP3_DIST_NAME: protocol-stable-x86_64.el7 - extends: .build_by_travis + extends: .build_by_travis_for_centos7 artifacts: name: "ssl-$CI_COMMIT_REF_NAME-release" paths: - build/*.rpm only: - - tags
\ No newline at end of file + - tags + +branch_build_debug_for_centos8: + stage: build + extends: .build_by_travis_for_centos8 + variables: + BUILD_TYPE: Debug + except: + - /^develop.*$/i + - /^master.*$/i + - tags + +branch_build_release_for_centos8: + stage: build + variables: + BUILD_TYPE: RelWithDebInfo + extends: .build_by_travis_for_centos8 + except: + - /^develop.*$/i + - /^master.*$/i + - tags + +develop_build_debug_for_centos8: + stage: build + extends: .build_by_travis_for_centos8 + variables: + BUILD_TYPE: Debug + PACKAGE: 1 + UPLOAD_RPM: 1 + ASAN_OPTION: ADDRESS + TESTING_VERSION_BUILD: 1 + PULP3_REPO_NAME: protocol-testing-x86_64.el8 + PULP3_DIST_NAME: protocol-testing-x86_64.el8 + artifacts: + name: "ssl-$CI_COMMIT_REF_NAME-debug" + paths: + - build/*.rpm + only: + - /^develop.*$/i + - /^master.*$/i + +develop_build_release_for_centos8: + stage: build + extends: .build_by_travis_for_centos8 + variables: + BUILD_TYPE: RelWithDebInfo + PACKAGE: 1 + UPLOAD_RPM: 1 + TESTING_VERSION_BUILD: 1 + PULP3_REPO_NAME: protocol-testing-x86_64.el8 + PULP3_DIST_NAME: protocol-testing-x86_64.el8 + artifacts: + name: "ssl-$CI_COMMIT_REF_NAME-release" + paths: + - build/*.rpm + only: + - /^develop.*$/i + - /^master.*$/i + +release_build_debug_for_centos8: + stage: package + variables: + BUILD_TYPE: Debug + PACKAGE: 1 + UPLOAD_RPM: 1 + PULP3_REPO_NAME: protocol-stable-x86_64.el8 + PULP3_DIST_NAME: protocol-stable-x86_64.el8 + extends: .build_by_travis_for_centos8 + artifacts: + name: "ssl-$CI_COMMIT_REF_NAME-debug" + paths: + - build/*.rpm + only: + - tags + +release_build_release_for_centos8: + stage: package + variables: + BUILD_TYPE: RelWithDebInfo + PACKAGE: 1 + UPLOAD_RPM: 1 + UPLOAD_SYMBOL_FILES: 1 + SYMBOL_TARGET: ssl + PULP3_REPO_NAME: protocol-stable-x86_64.el8 + PULP3_DIST_NAME: protocol-stable-x86_64.el8 + extends: .build_by_travis_for_centos8 + artifacts: + name: "ssl-$CI_COMMIT_REF_NAME-release" + paths: + - build/*.rpm + only: + - tags diff --git a/CMakeLists.txt b/CMakeLists.txt index 2df4eb0..c4af0d1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -33,18 +33,21 @@ endif() include_directories(/opt/MESA/include/MESA/) include_directories(./src/inc/) include_directories(./src/) +include_directories(include) + +add_subdirectory(support) file(GLOB SRC "src/*.c" "src/*.cpp" ) -set(DNS_DEPEND_DYN_LIB MESA_handle_logger MESA_field_stat2 MESA_prof_load) +set(DEPEND_DYN_LIB MESA_handle_logger MESA_field_stat2 MESA_prof_load) # Shared Library Output add_library(ssl SHARED ${SRC}) set_target_properties(ssl PROPERTIES PREFIX "") -target_link_libraries(ssl ${DNS_DEPEND_DYN_LIB}) +target_link_libraries(ssl ${DEPEND_DYN_LIB} -Wl,--no-whole-archive openssl-crypto-static -Wl,--no-whole-archive openssl-ssl-static) #target_link_libraries(ssl "openssl.so") if(DEFINED MESA_SHARED_INSTALL_DIR) set_target_properties(ssl PROPERTIES OUTPUT_NAME ${lib_name} LIBRARY_OUTPUT_DIRECTORY ${MESA_SHARED_INSTALL_DIR}) diff --git a/ci/travis.sh b/ci/travis.sh index 24fe71f..80df870 100644 --- a/ci/travis.sh +++ b/ci/travis.sh @@ -33,12 +33,16 @@ env | sort : "${COMPILER_IS_GNUCXX:=OFF}" # Install dependency from YUM -if [ -n "${INSTALL_DEPENDENCY_LIBRARY}" ]; then - yum install -y $INSTALL_DEPENDENCY_LIBRARY +if [ -n "${INSTALL_DEPENDENCY_FRAMEWORK}" ]; then + yum install -y $INSTALL_DEPENDENCY_FRAMEWORK source /etc/profile.d/framework.sh fi -if [ $ASAN_OPTION ];then +if [ -n "${INSTALL_DEPENDENCY_PLATFORM}" ]; then + yum install -y $INSTALL_DEPENDENCY_PLATFORM +fi + +if [ $ASAN_OPTION ] && [ -f "/opt/rh/devtoolset-7/enable" ] ;then source /opt/rh/devtoolset-7/enable fi diff --git a/cmake/Package.cmake b/cmake/Package.cmake index 20e7cfa..9a01423 100644 --- a/cmake/Package.cmake +++ b/cmake/Package.cmake @@ -12,18 +12,18 @@ set(CPACK_PACKAGE_VERSION_MINOR "${VERSION_MINOR}") set(CPACK_PACKAGE_VERSION_PATCH "${VERSION_PATCH}.${VERSION_BUILD}") set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX}) set(CPACK_PACKAGE_VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_BUILD}") -execute_process(COMMAND bash -c "echo -ne \"`uname -r | awk -F'.' '{print $5\".\"$6\".\"$7}'`\"" OUTPUT_VARIABLE SYSTEM_VERSION) -#execute_process(COMMAND sh changelog.sh ${CMAKE_BINARY_DIR} WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/cmake) -#SET(CPACK_RPM_CHANGELOG_FILE ${CMAKE_BINARY_DIR}/changelog.txt) +execute_process(COMMAND sh changelog.sh ${CMAKE_BINARY_DIR} WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/cmake) +SET(CPACK_RPM_CHANGELOG_FILE ${CMAKE_BINARY_DIR}/changelog.txt) # RPM Build set(CPACK_GENERATOR "RPM") +set(CPACK_RPM_AUTO_GENERATED_FILE_NAME ON) +set(CPACK_RPM_FILE_NAME "RPM-DEFAULT") set(CPACK_RPM_PACKAGE_VENDOR "MESA") set(CPACK_RPM_PACKAGE_AUTOREQPROV "yes") -set(CPACK_RPM_PACKAGE_RELEASE_LIBRARY "on") +set(CPACK_RPM_PACKAGE_RELEASE_DIST "on") set(CPACK_RPM_DEBUGINFO_PACKAGE "on") -set(CPACK_RPM_PACKAGE_DEBUG 1) set(CPACK_RPM_COMPONENT_INSTALL ON) set(CPACK_COMPONENTS_IGNORE_GROUPS 1) @@ -32,17 +32,12 @@ set(CPACK_COMPONENT_HEADER_DISPLAY_NAME "develop") set(CPACK_COMPONENT_LIBRARIES_REQUIRED TRUE) set(CPACK_RPM_LIBRARIES_PACKAGE_NAME ${MY_RPM_NAME_PREFIX}) -set(CPACK_RPM_LIBRARIES_FILE_NAME "${CPACK_RPM_LIBRARIES_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm") -set(CPACK_RPM_LIBRARIES_DEBUGINFO_FILE_NAME "${CPACK_RPM_LIBRARIES_PACKAGE_NAME}-debuginfo-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm") - -set(CPACK_COMPONENT_PROFILE_GROUP "libraries") -set(CPACK_COMPONENT_LIBRARIES_GROUP "libraries") +set(CPACK_COMPONENT_PROFILE_GROUP "LIBRARIES") +set(CPACK_COMPONENT_LIBRARIES_GROUP "LIBRARIES") set(CPACK_COMPONENT_HEADER_REQUIRED TRUE) set(CPACK_RPM_HEADER_PACKAGE_NAME "${MY_RPM_NAME_PREFIX}-devel") -set(CPACK_RPM_HEADER_FILE_NAME "${CPACK_RPM_HEADER_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm") -set(CPACK_RPM_HEADER_DEBUGINFO_FILE_NAME "${CPACK_RPM_HEADER_PACKAGE_NAME}-debuginfo-${CPACK_PACKAGE_VERSION}-${SYSTEM_VERSION}.rpm") -set(CPACK_COMPONENT_HEADER_GROUP "header") +set(CPACK_COMPONENT_HEADER_GROUP "HEADER") set(CPACK_RPM_HEADER_PACKAGE_REQUIRES_PRE ${CPACK_RPM_LIBRARIES_PACKAGE_NAME}) set(CPACK_RPM_HEADER_PACKAGE_CONFLICTS ${CPACK_RPM_HEADER_PACKAGE_NAME}) diff --git a/src/SSL_Certificate.c b/src/SSL_Certificate.c index 60fbae3..36dc565 100644 --- a/src/SSL_Certificate.c +++ b/src/SSL_Certificate.c @@ -10,21 +10,21 @@ #include <string.h> #include <pthread.h> #include <assert.h> + +#include <openssl/x509.h> +#include <openssl/objects.h> +#include <openssl/safestack.h> +#include <openssl/cms.h> +#include <openssl/ocsp.h> +#include <openssl/ts.h> +#include <openssl/x509v3.h> + #include "SSL_Analyze.h" #include "ssl.h" #include "SSL_Message.h" #include "SSL_Certificate.h" #include "SSL_Proc.h" -#include "openssl/x509.h" -#include "openssl/objects.h" -#include "openssl/safestack.h" -#include "openssl/cms.h" -#include "openssl/ocsp.h" -#include "openssl/ts.h" -#include "openssl/ts.h" -#include "openssl/x509v3.h" - //debug #define PRINTF_CERTIFICATE 0 @@ -63,7 +63,7 @@ const stSerialString_t g_astUserItemId[] = {{0}, NULL}, }; -/*return : 1 ���ڣ�0 ������*/ +/*return : 1 ���ڣ�0 ������*/ int ssl_read_specific_cert(const char* conj_cert_buf, uint32_t conj_buflen, uint8_t cert_type, char** cert, uint32_t* cert_len) { if(NULL==conj_cert_buf || 0==conj_buflen) return 0; @@ -144,7 +144,7 @@ int ssl_read_specific_cert(const char* conj_cert_buf, uint32_t conj_buflen, uint return 0; } -/*return : chain ����*/ +/*return : chain ����*/ int ssl_read_all_cert(const char* conj_cert_buf, uint32_t conj_buflen, cert_chain_t* cert_unit, uint32_t unit_size) { if(NULL==conj_cert_buf || 0==conj_buflen) return 0; @@ -295,7 +295,7 @@ UCHAR ssl_AnalyseCertificate(char *pcSslCertificateData, int iDataLen, ssl_strea a_ssl_stream->p_output_buffer->p_data = NULL; a_ssl_stream->p_output_buffer->data_size = 0; cert_num++; - /*�ͷ�san�ڴ�*/ + /*�ͷ�san�ڴ�*/ if(a_ssl_stream->stSSLCert->SSLSubAltName!=NULL) { if(a_ssl_stream->stSSLCert->SSLSubAltName->san_array!=NULL) @@ -1037,8 +1037,28 @@ UCHAR fn_pGetSSLInfo_v1(char *pcCert, int iLen, ssl_stream *a_ssl_stream, stru UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct streaminfo *a_tcp, unsigned long long region_flag, int thread_seq, void *a_packet) -{ - //return SSL_RETURN_NORM; +{ + int cnt; + int i = 0; + char *san = NULL; + + X509_NAME *issuer = NULL; + X509_NAME *subject = NULL; + + ASN1_STRING *serial = NULL; + ASN1_STRING *san_name = NULL; + + GENERAL_NAME *generalName = NULL; + GENERAL_NAMES *subjectAltNames = NULL; + + ASN1_TIME *start = NULL; + ASN1_TIME *end = NULL; + + EVP_PKEY *pkey = NULL; + const ASN1_OBJECT *salg; + const X509_ALGOR *tsig_alg; + + //return SSL_RETURN_NORM; X509 *x509_handle = d2i_X509(NULL, (unsigned char const **)&pcCert, iLen); if (x509_handle == NULL) @@ -1046,7 +1066,7 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct return SSL_RETURN_NORM; } - if(NULL!=x509_handle->cert_info) + if(NULL!=x509_handle) { /*version*/ int ver = X509_get_version(x509_handle); @@ -1056,20 +1076,20 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct 1 + strlen((const char *)g_astCertVersions[ver].pcString)); /*serial num*/ - if(NULL!=x509_handle->cert_info->serialNumber) - { - a_ssl_stream->stSSLCert->SSLSerialNumLen = x509_handle->cert_info->serialNumber->length; - memcpy(a_ssl_stream->stSSLCert->SSLSerialNum, - x509_handle->cert_info->serialNumber->data, - MIN(x509_handle->cert_info->serialNumber->length,sizeof(a_ssl_stream->stSSLCert->SSLSerialNum))); - } - - /*SSL AgID*/ - ASN1_OBJECT* salg = x509_handle->cert_info->signature->algorithm; + serial = X509_get_serialNumber(x509_handle); + if (NULL != serial) + { + a_ssl_stream->stSSLCert->SSLSerialNumLen = MIN(ASN1_STRING_length(serial), sizeof(a_ssl_stream->stSSLCert->SSLSerialNum)); + memcpy(a_ssl_stream->stSSLCert->SSLSerialNum, ASN1_STRING_get0_data(serial), a_ssl_stream->stSSLCert->SSLSerialNumLen); + } + + /*SSL AgID*/ + tsig_alg = X509_get0_tbs_sigalg(x509_handle); + X509_ALGOR_get0(&salg, NULL, NULL, tsig_alg); OBJ_obj2txt(a_ssl_stream->stSSLCert->SSLAgID, sizeof(a_ssl_stream->stSSLCert->SSLAgID), salg, 1); /*SSL Issuer*/ - X509_NAME* issuer = X509_get_issuer_name(x509_handle); + issuer = X509_get_issuer_name(x509_handle); if(NULL!=issuer) { X509_NAME_get_text_by_NID(issuer, NID_commonName, a_ssl_stream->stSSLCert->SSLIssuerCN, sizeof(a_ssl_stream->stSSLCert->SSLIssuerCN)); @@ -1094,7 +1114,7 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct } /*SSL Subject*/ - X509_NAME* subject = X509_get_subject_name(x509_handle); + subject = X509_get_subject_name(x509_handle); if(NULL!=subject) { X509_NAME_get_text_by_NID(subject, NID_commonName, a_ssl_stream->stSSLCert->SSLSubCN, sizeof(a_ssl_stream->stSSLCert->SSLSubCN)); @@ -1124,7 +1144,7 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct } /*SSL Subject keyInfo*/ - EVP_PKEY* pkey = X509_get_pubkey(x509_handle); + pkey = X509_get_pubkey(x509_handle); if(pkey!=NULL) { int pkeyLen=0; @@ -1137,25 +1157,21 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct } /*validity*/ - ASN1_TIME *start = X509_get_notBefore(x509_handle); - ASN1_TIME *end = X509_get_notAfter(x509_handle); + start = X509_get_notBefore(x509_handle); + end = X509_get_notAfter(x509_handle); sprintf(a_ssl_stream->stSSLCert->SSLFrom, "%s", start->data); sprintf(a_ssl_stream->stSSLCert->SSLTo, "%s", end->data); /*subject bak*/ - GENERAL_NAMES* subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x509_handle, NID_subject_alt_name, NULL, NULL); + subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x509_handle, NID_subject_alt_name, NULL, NULL); if(!subjectAltNames) goto cert_return; - int cnt = sk_GENERAL_NAME_num(subjectAltNames); - char* san = NULL; - ASN1_STRING *san_name; - GENERAL_NAME* generalName; + cnt = sk_GENERAL_NAME_num(subjectAltNames); if(cnt>0) { a_ssl_stream->stSSLCert->SSLSubAltName = (st_san_t*)dictator_malloc(thread_seq, sizeof(st_san_t)); a_ssl_stream->stSSLCert->SSLSubAltName->san_array = (san_t*)dictator_malloc(thread_seq, cnt*sizeof(san_t)); memset(a_ssl_stream->stSSLCert->SSLSubAltName->san_array,0,cnt*sizeof(san_t)); a_ssl_stream->stSSLCert->SSLSubAltName->count = 0; - int i=0; for (i = 0; i < cnt; i++) { generalName = sk_GENERAL_NAME_value(subjectAltNames, i); @@ -1165,7 +1181,7 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct san_name = (ASN1_STRING*)GENERAL_NAME_get0_value(generalName, NULL); if(ASN1_STRING_length(san_name)>0) { - san = (char*)ASN1_STRING_data(san_name); + san = (char*)ASN1_STRING_get0_data(san_name); snprintf(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san, sizeof(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san), "%s", @@ -1178,76 +1194,7 @@ UCHAR fn_pGetSSLInfo(char *pcCert, int iLen, ssl_stream *a_ssl_stream, struct if(subjectAltNames) { GENERAL_NAMES_free(subjectAltNames); - } - - /*extension*/ - /*SCT*/ - /* - GENERAL_NAMES* subjectAltNames = (GENERAL_NAMES*)X509_get_ext_d2i(x509_handle, NID_subject_alt_name, NULL, NULL); - if(!subjectAltNames) goto cert_return; - int cnt = sk_GENERAL_NAME_num(subjectAltNames); - char* san = NULL; - ASN1_STRING *san_name; - GENERAL_NAME* generalName; - if(cnt>0) - { - a_ssl_stream->stSSLCert->SSLSubAltName = (st_san_t*)dictator_malloc(thread_seq, sizeof(st_san_t)); - a_ssl_stream->stSSLCert->SSLSubAltName->san_array = (san_t*)dictator_malloc(thread_seq, cnt*sizeof(san_t)); - memset(a_ssl_stream->stSSLCert->SSLSubAltName->san_array,0,cnt*sizeof(san_t)); - a_ssl_stream->stSSLCert->SSLSubAltName->count = 0; - for (int i = 0; i < cnt; i++) - { - generalName = sk_GENERAL_NAME_value(subjectAltNames, i); - if(!generalName) goto cert_return; - if(GEN_DNS == generalName->type) - { - san_name = (ASN1_STRING*)GENERAL_NAME_get0_value(generalName, NULL); - if(ASN1_STRING_length(san_name)>0) - { - san = (char*)ASN1_STRING_data(san_name); - snprintf(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san, - sizeof(a_ssl_stream->stSSLCert->SSLSubAltName->san_array[a_ssl_stream->stSSLCert->SSLSubAltName->count].san), - "%s", - san); - a_ssl_stream->stSSLCert->SSLSubAltName->count++; - } - } - } - - /* GET ALL EXTENSION - int ext_num = X509_get_ext_count(x509_handle); - X509_EXTENSION* ext; - ASN1_OBJECT* obj; - int oid; - STACK_OF(CONF_VALUE)* item; - int item_num=0; - CONF_VALUE *val; - for(int i=0;i<ext_num;i++) - { - ext = X509_get_ext(x509_handle, i); - if(ext!=NULL) - { - item = X509V3_parse_list((const char *)ext->value->data); - item_num = sk_CONF_VALUE_num(item); - for (int j = 0; j<item_num; j++) - { - val = sk_CONF_VALUE_value(item, i); - //val->section; - //val->name; - } - obj = X509_EXTENSION_get_object(ext); - if(obj!=NULL) - { - oid = OBJ_obj2nid(obj); - ///*SCT: Signed Certificate Timestamp; OID is 1.3.6.1.4.1.11129.2.4.2; NID: NID_ct_cert_scts - if(oid=SCT_OID) - { - - } - } - } } - */ } cert_return: diff --git a/support/CMakeLists.txt b/support/CMakeLists.txt new file mode 100644 index 0000000..db6c0e1 --- /dev/null +++ b/support/CMakeLists.txt @@ -0,0 +1,28 @@ +# CMakeFiles for 3rd vendor library + +include(ExternalProject) + +### OpenSSL 1.1.1m +ExternalProject_Add(openssl PREFIX openssl + URL ${CMAKE_CURRENT_SOURCE_DIR}/openssl-1.1.1m.tar.gz + URL_MD5 8ec70f665c145c3103f6e330f538a9db + CONFIGURE_COMMAND ./Configure linux-x86_64 --prefix=<INSTALL_DIR> --openssldir=<INSTALL_DIR>/lib/ssl -fPIC no-shared + BUILD_COMMAND ${MAKE_COMMAND} + INSTALL_COMMAND make install_sw + BUILD_IN_SOURCE 1) + +ExternalProject_Get_Property(openssl INSTALL_DIR) +set(OPENSSL_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include) +set(OPENSSL_LINK_DIRECTORIES ${INSTALL_DIR}/lib) +set(OPENSSL_PKGCONFIG_PATH ${INSTALL_DIR}/lib/pkgconfig/) +file(MAKE_DIRECTORY ${INSTALL_DIR}/include) + +add_library(openssl-crypto-static STATIC IMPORTED GLOBAL) +add_dependencies(openssl-crypto-static openssl) +set_property(TARGET openssl-crypto-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libcrypto.a) +set_property(TARGET openssl-crypto-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include) + +add_library(openssl-ssl-static STATIC IMPORTED GLOBAL) +add_dependencies(openssl-ssl-static openssl) +set_property(TARGET openssl-ssl-static PROPERTY IMPORTED_LOCATION ${INSTALL_DIR}/lib/libssl.a) +set_property(TARGET openssl-ssl-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${INSTALL_DIR}/include) diff --git a/support/openssl-1.1.1m.tar.gz b/support/openssl-1.1.1m.tar.gz Binary files differnew file mode 100644 index 0000000..2db4ee8 --- /dev/null +++ b/support/openssl-1.1.1m.tar.gz |