From 6c2b7d44e3171b634f88a6840176d780e08d8790 Mon Sep 17 00:00:00 2001 From: Gergely Nagy Date: Sun, 16 Jun 2019 09:44:21 +0200 Subject: openssl: fix pubkey/signature algorithm detection in certinfo Certinfo gives the same result for all OpenSSL versions. Also made printing RSA pubkeys consistent with older versions. Reported-by: Michael Wallner Fixes #3706 Closes #4030 --- lib/vtls/openssl.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 1a7a18563..fa6d0201a 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3085,18 +3085,25 @@ static CURLcode get_cert_chain(struct connectdata *conn, #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS) { - const X509_ALGOR *palg = NULL; - ASN1_STRING *a = ASN1_STRING_new(); - if(a) { - X509_get0_signature(&psig, &palg, x); - X509_signature_print(mem, ARG2_X509_signature_print palg, a); - ASN1_STRING_free(a); - - if(palg) { - i2a_ASN1_OBJECT(mem, palg->algorithm); + const X509_ALGOR *sigalg = NULL; + X509_PUBKEY *xpubkey = NULL; + ASN1_OBJECT *pubkeyoid = NULL; + + X509_get0_signature(&psig, &sigalg, x); + if(sigalg) { + i2a_ASN1_OBJECT(mem, sigalg->algorithm); + push_certinfo("Signature Algorithm", i); + } + + xpubkey = X509_get_X509_PUBKEY(x); + if(xpubkey) { + X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey); + if(pubkeyoid) { + i2a_ASN1_OBJECT(mem, pubkeyoid); push_certinfo("Public Key Algorithm", i); } } + X509V3_ext(data, i, X509_get0_extensions(x)); } #else @@ -3148,7 +3155,7 @@ static CURLcode get_cert_chain(struct connectdata *conn, const BIGNUM *e; RSA_get0_key(rsa, &n, &e, NULL); - BN_print(mem, n); + BIO_printf(mem, "%d", BN_num_bits(n)); push_certinfo("RSA Public Key", i); print_pubkey_BN(rsa, n, i); print_pubkey_BN(rsa, e, i); -- cgit v1.2.1