[ovs-dev] [PATCH 1/6] stream: store stream peer id with stream state
Ben Pfaff
blp at ovn.org
Thu May 4 22:18:28 UTC 2017
On Mon, May 01, 2017 at 10:13:02AM -0400, Lance Richardson wrote:
> Track authenticated stream peer ID. For SSL connections, the
> authenticated ID is the CN (Common Name) field extracted from
> the peer's SSL certificate.
>
> Signed-off-by: Lance Richardson <lrichard at redhat.com>
Looks good, thanks!
I moved declarations closer to initializations, to make it easier to
convince myself that variables were not used uninitialized, as shown
below, and applied this to master.
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
index b083da64d71b..97d6e7464bf5 100644
--- a/lib/stream-ssl.c
+++ b/lib/stream-ssl.c
@@ -423,32 +423,29 @@ do_ca_cert_bootstrap(struct stream *stream)
static char *
get_peer_common_name(const struct ssl_stream *sslv)
{
- X509_NAME_ENTRY *cn_entry;
- ASN1_STRING *cn_data;
- X509 *peer_cert;
- int cn_index;
- const char *cn;
-
- peer_cert = SSL_get_peer_certificate(sslv->ssl);
+ X509 *peer_cert = SSL_get_peer_certificate(sslv->ssl);
if (!peer_cert) {
return NULL;
}
- cn_index = X509_NAME_get_index_by_NID(X509_get_subject_name(peer_cert),
- NID_commonName, -1);
+
+ int cn_index = X509_NAME_get_index_by_NID(X509_get_subject_name(peer_cert),
+ NID_commonName, -1);
if (cn_index < 0) {
return NULL;
}
- cn_entry = X509_NAME_get_entry(X509_get_subject_name(peer_cert), cn_index);
+ X509_NAME_ENTRY *cn_entry = X509_NAME_get_entry(
+ X509_get_subject_name(peer_cert), cn_index);
if (!cn_entry) {
return NULL;
}
- cn_data = X509_NAME_ENTRY_get_data(cn_entry);
+ ASN1_STRING *cn_data = X509_NAME_ENTRY_get_data(cn_entry);
if (!cn_data) {
return NULL;
}
+ const char *cn;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* ASN1_STRING_data() is deprecated as of OpenSSL version 1.1 */
cn = (const char *)ASN1_STRING_data(cn_data);
More information about the dev
mailing list