planix.org/actube
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Certificate stuff

Browse Source 
FossilOrigin-Name: f5efe9f37f9bcc74b5f814cdb48dd4986ccbc6088bf5431f4a51583b97e182e3
This commit is contained in:
7u83@mail.ru 2015-02-09 21:04:54 +00:00
parent d86b7cd652
commit 57a8e57f54
6 changed files with 46 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/ac/wtpman.c
View File

@ -490,6 +490,25 @@ static int wtpman_establish_dtls(void *arg)
cw_dbg(DBG_DTLS,"DTLS session established with %s, cipher=%s", CLIENT_IP,dtls_get_cipher(wtpman->conn)); cw_dbg(DBG_DTLS,"DTLS session established with %s, cipher=%s", CLIENT_IP,dtls_get_cipher(wtpman->conn));
/* DTLS handshake done */ /* DTLS handshake done */
int cert_len;
struct dtls_ssl_cert cert;
FILE *f;
f = fopen ("pcert.der","wb");
printf("Calling peers cert\n");
cert = dtls_get_peers_cert(wtpman->conn,0);
printf("Back from peers cert\n");
printf("Have Peers Cert: %p, %d\n",cert.data,cert.size);
fwrite(cert.data,1,cert.size,f);
exit(0);
// dtls_get_peers_cert(cert_len,&cert_len);
return 1; return 1;
} }

3
src/capwap/Makefile
View File

@ -156,7 +156,8 @@ DTLSOBJS+= dtls_gnutls.o \
dtls_gnutls_accept.o \ dtls_gnutls_accept.o \
dtls_gnutls_connect.o \ dtls_gnutls_connect.o \
dtls_gnutls_bio.o \ dtls_gnutls_bio.o \
dtls_gnutls_get_cipher.o dtls_gnutls_get_cipher.o \
dtls_gnutls_get_peers_cert.o
endif endif
DTLSOBJS+=dtls_bio.o DTLSOBJS+=dtls_bio.o

16
src/capwap/dtls.h
View File

@ -19,6 +19,19 @@
#ifndef __DTLS_H #ifndef __DTLS_H
#define __DTLS_H #define __DTLS_H
struct dtls_ssl_cert
{
int size;
int type;
uint8_t * data;
};
extern int dtls_bio_read(struct conn *conn, char *out, int maxlen);
extern int dtls_bio_write(struct conn * conn, const char *data, int len);
#ifdef WITH_GNUTLS #ifdef WITH_GNUTLS
#include "dtls_gnutls.h" #include "dtls_gnutls.h"
#define dtls_init dtls_gnutls_init #define dtls_init dtls_gnutls_init
@ -26,6 +39,7 @@
#define dtls_connect dtls_gnutls_connect #define dtls_connect dtls_gnutls_connect
#define dtls_shutdown dtls_gnutls_shutdown #define dtls_shutdown dtls_gnutls_shutdown
#define dtls_get_cipher dtls_gnutls_get_cipher #define dtls_get_cipher dtls_gnutls_get_cipher
#define dtls_get_peers_cert dtls_gnutls_get_peers_cert
#else #else
#include "dtls_openssl.h" #include "dtls_openssl.h"
@ -37,8 +51,6 @@
#endif #endif
extern int dtls_bio_read(struct conn *conn, char *out, int maxlen);
extern int dtls_bio_write(struct conn * conn, const char *data, int len);
#endif #endif

1
src/capwap/dtls_gnutls.h
View File

@ -32,6 +32,7 @@ extern int dtls_gnutls_init();
extern int dtls_gnutls_accept(struct conn * conn); extern int dtls_gnutls_accept(struct conn * conn);
extern int dtls_gnutls_connect(struct conn * conn); extern int dtls_gnutls_connect(struct conn * conn);
extern const char * dtls_gnutls_get_cipher(struct conn * conn); extern const char * dtls_gnutls_get_cipher(struct conn * conn);
struct dtls_ssl_cert dtls_gnutls_get_peers_cert(struct conn * conn,unsigned int n);
/* functions used only by capwap libray */ /* functions used only by capwap libray */

10
ssl/mkcert.sh
View File

@ -38,7 +38,7 @@ createcert()
-subj "$SUBJ" -subj "$SUBJ"
$OPENSSL ca -config openssl-int.cnf \ $OPENSSL ca -config openssl-crt.cnf \
-keyfile $INT_CA_DIR/${PREF}int-ca.key \ -keyfile $INT_CA_DIR/${PREF}int-ca.key \
-cert $INT_CA_DIR/${PREF}int-ca.crt \ -cert $INT_CA_DIR/${PREF}int-ca.crt \
-batch \ -batch \
@ -48,7 +48,12 @@ createcert()
$OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem $OPENSSL x509 -in $DIR/$NAME.crt -out $DIR/$NAME.pem
cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem cat $INT_CA_DIR/${PREF}int-ca.crt >> $DIR/$NAME.pem
cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem cat $ROOT_CA_DIR/${PREF}root-ca.crt >> $DIR/$NAME.pem
echo "Root finger print:"
$OPENSSL x509 -in $ROOT_CA_DIR/${PREF}root-ca.crt -noout -sha1 -fingerprint
echo "Int finger print:"
$OPENSSL x509 -in $INT_CA_DIR/${PREF}int-ca.crt -noout -sha1 -fingerprint $OPENSSL x509 -in $INT_CA_DIR/${PREF}int-ca.crt -noout -sha1 -fingerprint
echo "Cert finger print:"
$OPENSSL x509 -in $DIR/${NAME}.crt -noout -sha1 -fingerprint
} }
@ -76,7 +81,8 @@ then
#SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com" #SUBJ="/ST=California/L=San Jose/C=US/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
# SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com" # SUBJ="/C=US/ST=California/L=San Jose/O=airespace Inc/CN=C1130-f866f2a342fc/emailAddress=support@airespace.com"
# SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com" # SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com" # SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-0019dbe09327/emailAddress=support@cisco.com"
createcert "$SUBJ" createcert "$SUBJ"

3
ssl/mkrootca.sh
View File

@ -83,7 +83,8 @@ mkrootca "$ROOT_SUBJ" "$INT_SUBJ" cisco-ac
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com" #ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1200-c80aa9cd7fa4/emailAddress=support@cisco.com"
#ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=Cisrot/emailAddress=support@cisco.com" #ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=Cisrot/emailAddress=support@cisco.com"
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com" #ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-c80aa9cd7fa4/emailAddress=support@cisco.com"
ROOT_SUBJ="/C=US/ST=California/L=San Jose/O=Cisco Systems/CN=C1130-0019dbe09327/emailAddress=support@cisco.com"
INT_SUBJ="$ROOT_SUBJ" INT_SUBJ="$ROOT_SUBJ"
mkrootca "$ROOT_SUBJ" "$INT_SUBJ" cisco-ap mkrootca "$ROOT_SUBJ" "$INT_SUBJ" cisco-ap