Commit 4720c5cb authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

nghttpx: Make client serial available in mruby script

parent cd55ab28
...@@ -384,6 +384,11 @@ respectively. ...@@ -384,6 +384,11 @@ respectively.
Return the subject name of a client certificate. Return the subject name of a client certificate.
.. rb:attr_reader:: tls_client_serial
Return the serial number of a client certificate in a format
like "ff:ff:ff:ff:ff:ff:ff:ff".
.. rb:attr_reader:: tls_cipher .. rb:attr_reader:: tls_cipher
Return a TLS cipher negotiated in this connection. Return a TLS cipher negotiated in this connection.
......
...@@ -235,6 +235,30 @@ mrb_value env_get_tls_client_issuer_name(mrb_state *mrb, mrb_value self) { ...@@ -235,6 +235,30 @@ mrb_value env_get_tls_client_issuer_name(mrb_state *mrb, mrb_value self) {
} }
} // namespace } // namespace
namespace {
mrb_value env_get_tls_client_serial(mrb_state *mrb, mrb_value self) {
auto data = static_cast<MRubyAssocData *>(mrb->ud);
auto downstream = data->downstream;
auto upstream = downstream->get_upstream();
auto handler = upstream->get_client_handler();
auto ssl = handler->get_ssl();
if (!ssl) {
return mrb_str_new_static(mrb, "", 0);
}
auto x = SSL_get_peer_certificate(ssl);
if (!x) {
return mrb_str_new_static(mrb, "", 0);
}
auto &balloc = downstream->get_block_allocator();
auto sn = tls::get_x509_serial(balloc, x);
X509_free(x);
return mrb_str_new(mrb, sn.c_str(), sn.size());
}
} // namespace
namespace { namespace {
mrb_value env_get_tls_cipher(mrb_state *mrb, mrb_value self) { mrb_value env_get_tls_cipher(mrb_state *mrb, mrb_value self) {
auto data = static_cast<MRubyAssocData *>(mrb->ud); auto data = static_cast<MRubyAssocData *>(mrb->ud);
...@@ -348,6 +372,8 @@ void init_env_class(mrb_state *mrb, RClass *module) { ...@@ -348,6 +372,8 @@ void init_env_class(mrb_state *mrb, RClass *module) {
env_get_tls_client_issuer_name, MRB_ARGS_NONE()); env_get_tls_client_issuer_name, MRB_ARGS_NONE());
mrb_define_method(mrb, env_class, "tls_client_subject_name", mrb_define_method(mrb, env_class, "tls_client_subject_name",
env_get_tls_client_subject_name, MRB_ARGS_NONE()); env_get_tls_client_subject_name, MRB_ARGS_NONE());
mrb_define_method(mrb, env_class, "tls_client_serial",
env_get_tls_client_serial, MRB_ARGS_NONE());
mrb_define_method(mrb, env_class, "tls_cipher", env_get_tls_cipher, mrb_define_method(mrb, env_class, "tls_cipher", env_get_tls_cipher,
MRB_ARGS_NONE()); MRB_ARGS_NONE());
mrb_define_method(mrb, env_class, "tls_protocol", env_get_tls_protocol, mrb_define_method(mrb, env_class, "tls_protocol", env_get_tls_protocol,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment