Add support to obtain peer certificate from Python

This will return the DER encoded bytes representing the peer certificate.
2018-11-28 11:28:07 +01:00 · 2018-11-28 11:28:07 +01:00 · c431c2bf72
parent 6d78ae04b4
commit c431c2bf72
2 changed files with 40 additions and 0 deletions
--- a/include/kore/python_methods.h
+++ b/include/kore/python_methods.h
@ -480,9 +480,16 @@ static PyMethodDef pyconnection_methods[] = {
 static PyObject	*pyconnection_get_fd(struct pyconnection *, void *);
 static PyObject	*pyconnection_get_addr(struct pyconnection *, void *);

+#if !defined(KORE_NO_TLS)
+static PyObject	*pyconnection_get_peer_x509(struct pyconnection *, void *);
+#endif
+
 static PyGetSetDef pyconnection_getset[] = {
 	GETTER("fd", pyconnection_get_fd),
 	GETTER("addr", pyconnection_get_addr),
+#if !defined(KORE_NO_TLS)
+	GETTER("x509", pyconnection_get_peer_x509),
+#endif
 	GETTER(NULL, NULL),
 };

--- a/src/python.c
+++ b/src/python.c
@ -1409,6 +1409,39 @@ pyconnection_get_addr(struct pyconnection *pyc, void *closure)
 	return (result);
 }

+#if !defined(KORE_NO_TLS)
+static PyObject *
+pyconnection_get_peer_x509(struct pyconnection *pyc, void *closure)
+{
+	int			len;
+	PyObject		*bytes;
+	u_int8_t		*der, *pp;
+
+	if (pyc->c->cert == NULL) {
+		Py_RETURN_NONE;
+	}
+
+	if ((len = i2d_X509(pyc->c->cert, NULL)) <= 0) {
+		PyErr_SetString(PyExc_RuntimeError, "i2d_X509 failed");
+		return (NULL);
+	}
+
+	der = kore_calloc(1, len);
+	pp = der;
+
+	if (i2d_X509(pyc->c->cert, &pp) <= 0) {
+		kore_free(der);
+		PyErr_SetString(PyExc_RuntimeError, "i2d_X509 failed");
+		return (NULL);
+	}
+
+	bytes = PyBytes_FromStringAndSize((char *)der, len);
+	kore_free(der);
+
+	return (bytes);
+}
+#endif
+
 static void
 pytimer_run(void *arg, u_int64_t now)
 {