1/*++ 2/* NAME 3/* tls_proxy_scan 4/* SUMMARY 5/* read TLS session state from stream 6/* SYNOPSIS 7/* #include <tls_proxy.h> 8/* 9/* int tls_proxy_context_scan(scan_fn, stream, flags, ptr) 10/* ATTR_SCAN_MASTER_FN scan_fn; 11/* VSTREAM *stream; 12/* int flags; 13/* void *ptr; 14/* DESCRIPTION 15/* tls_proxy_context_scan() reads a TLS_SESS_STATE structure 16/* from the named stream using the specified attribute scan 17/* routine. tls_proxy_context_scan() is meant to be passed as 18/* a call-back to attr_scan(), thusly: 19/* 20/* ... ATTR_TYPE_FUNC, tls_proxy_context_scan, (void *) tls_context, ... 21/* DIAGNOSTICS 22/* Fatal: out of memory. 23/* LICENSE 24/* .ad 25/* .fi 26/* The Secure Mailer license must be distributed with this software. 27/* AUTHOR(S) 28/* Wietse Venema 29/* IBM T.J. Watson Research 30/* P.O. Box 704 31/* Yorktown Heights, NY 10598, USA 32/*--*/ 33 34#ifdef USE_TLS 35 36/* System library. */ 37 38#include <sys_defs.h> 39 40/* Utility library */ 41 42#include <attr.h> 43 44/* Global library. */ 45 46#include <mail_proto.h> 47 48/* TLS library. */ 49 50#include <tls.h> 51#include <tls_proxy.h> 52 53/* tls_proxy_context_scan - receive TLS session state from stream */ 54 55int tls_proxy_context_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, 56 int flags, void *ptr) 57{ 58 TLS_SESS_STATE *tls_context = (TLS_SESS_STATE *) ptr; 59 int ret; 60 VSTRING *peer_CN = vstring_alloc(25); 61 VSTRING *issuer_CN = vstring_alloc(25); 62 VSTRING *peer_cert_fprint = vstring_alloc(60); /* 60 for SHA-1 */ 63 VSTRING *peer_pkey_fprint = vstring_alloc(60); /* 60 for SHA-1 */ 64 VSTRING *protocol = vstring_alloc(25); 65 VSTRING *cipher_name = vstring_alloc(25); 66 67 /* 68 * Note: memset() is not a portable way to initialize non-integer types. 69 */ 70 memset(ptr, 0, sizeof(TLS_SESS_STATE)); 71 ret = scan_fn(fp, flags | ATTR_FLAG_MORE, 72 ATTR_TYPE_STR, MAIL_ATTR_PEER_CN, peer_CN, 73 ATTR_TYPE_STR, MAIL_ATTR_ISSUER_CN, issuer_CN, 74 ATTR_TYPE_STR, MAIL_ATTR_PEER_CERT_FPT, peer_cert_fprint, 75 ATTR_TYPE_STR, MAIL_ATTR_PEER_PKEY_FPT, peer_pkey_fprint, 76 ATTR_TYPE_INT, MAIL_ATTR_PEER_STATUS, 77 &tls_context->peer_status, 78 ATTR_TYPE_STR, MAIL_ATTR_CIPHER_PROTOCOL, protocol, 79 ATTR_TYPE_STR, MAIL_ATTR_CIPHER_NAME, cipher_name, 80 ATTR_TYPE_INT, MAIL_ATTR_CIPHER_USEBITS, 81 &tls_context->cipher_usebits, 82 ATTR_TYPE_INT, MAIL_ATTR_CIPHER_ALGBITS, 83 &tls_context->cipher_algbits, 84 ATTR_TYPE_END); 85 tls_context->peer_CN = vstring_export(peer_CN); 86 tls_context->issuer_CN = vstring_export(issuer_CN); 87 tls_context->peer_cert_fprint = vstring_export(peer_cert_fprint); 88 tls_context->peer_pkey_fprint = vstring_export(peer_pkey_fprint); 89 tls_context->protocol = vstring_export(protocol); 90 tls_context->cipher_name = vstring_export(cipher_name); 91 return (ret == 9 ? 1 : -1); 92} 93 94#endif 95