MINOR: ssl: add ssl_sock_get_cert_sig function
ssl_sock_get_cert_sig can be used to report cert signature short name
to log and ppv2 (RSA-SHA256).
diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index 91456e2..d43ad69 100644
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -50,6 +50,7 @@
void ssl_sock_free_all_ctx(struct bind_conf *bind_conf);
int ssl_sock_load_ca(struct bind_conf *bind_conf);
void ssl_sock_free_ca(struct bind_conf *bind_conf);
+const char *ssl_sock_get_cert_sig(struct connection *conn);
const char *ssl_sock_get_cipher_name(struct connection *conn);
const char *ssl_sock_get_proto_version(struct connection *conn);
void ssl_sock_set_servername(struct connection *conn, const char *hostname);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 555c7c4..0e39d10 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5768,6 +5768,21 @@
return 1;
}
+/* used for ppv2 cert signature (can be used for logging) */
+const char *ssl_sock_get_cert_sig(struct connection *conn)
+{
+ __OPENSSL_110_CONST__ ASN1_OBJECT *algorithm;
+ X509 *crt;
+
+ if (!ssl_sock_is_ssl(conn))
+ return NULL;
+ crt = SSL_get_certificate(conn->xprt_ctx);
+ if (!crt)
+ return NULL;
+ X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt));
+ return OBJ_nid2sn(OBJ_obj2nid(algorithm));
+}
+
/* used for logging/ppv2, may be changed for a sample fetch later */
const char *ssl_sock_get_cipher_name(struct connection *conn)
{