Merge branch 'develop' of github.com:getdnsapi/getdns into develop

2017-03-25 20:22:54 -05:00 · 2017-03-25 20:22:54 -05:00 · 007208a122
parent 9fa6ab5994 01eedd5ea8
commit 007208a122
5 changed files with 28 additions and 2 deletions
--- a/src/context.c
+++ b/src/context.c
@ -693,9 +693,10 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 			upstream->finished_dnsreqs = dnsreq->finished_next;
 			_getdns_context_cancel_request(dnsreq);
 		}
+		if (upstream->tls_session != NULL)
+			SSL_SESSION_free(upstream->tls_session);
+
 		if (upstream->tls_obj != NULL) {
-		    if (upstream->tls_session != NULL)
-				SSL_SESSION_free(upstream->tls_session);
 			SSL_shutdown(upstream->tls_obj);
 			SSL_free(upstream->tls_obj);
 		}
--- a/src/request-internal.c
+++ b/src/request-internal.c
@ -110,6 +110,9 @@ network_req_cleanup(getdns_network_req *net_req)
 	if (net_req->response && (net_req->response < net_req->wire_data ||
 	    net_req->response > net_req->wire_data+ net_req->wire_data_sz))
 		GETDNS_FREE(net_req->owner->my_mf, net_req->response);
+	if (net_req->debug_tls_peer_cert.size &&
+	    net_req->debug_tls_peer_cert.data)
+		OPENSSL_free(net_req->debug_tls_peer_cert.data);
 }

 static uint8_t *
@ -182,6 +185,8 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
 	net_req->write_queue_tail = NULL;
 	/* Some fields to record info for return_call_reporting */
 	net_req->debug_tls_auth_status = GETDNS_AUTH_NONE;
+	net_req->debug_tls_peer_cert.size = 0;
+	net_req->debug_tls_peer_cert.data = NULL;
 	net_req->debug_udp = 0;

 	/* Scheduling, touch only via _getdns_netreq_change_state!
--- a/src/stub.c
+++ b/src/stub.c
@ -1618,6 +1618,7 @@ upstream_write_cb(void *userarg)
 	getdns_upstream *upstream = (getdns_upstream *)userarg;
 	getdns_network_req *netreq = upstream->write_queue;
 	int q;
+	X509 *cert;

 	if (!netreq) {
 		GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
@ -1672,6 +1673,15 @@ upstream_write_cb(void *userarg)
 		return;

 	default:
+		if (netreq->owner->return_call_reporting &&
+		    netreq->upstream->tls_obj &&
+		    (cert = SSL_get_peer_certificate(netreq->upstream->tls_obj))) {
+			assert(netreq->debug_tls_peer_cert.data == NULL);
+
+			netreq->debug_tls_peer_cert.size = i2d_X509(
+			    cert, &netreq->debug_tls_peer_cert.data);
+			X509_free(cert);
+		}
 		/* Need this because auth status is reset on connection close */
 		netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
 		upstream->queries_sent++;
--- a/src/types-internal.h
+++ b/src/types-internal.h
@ -240,6 +240,7 @@ typedef struct getdns_network_req
 	uint64_t                debug_start_time;
 	uint64_t                debug_end_time;
 	getdns_auth_state_t     debug_tls_auth_status;
+	getdns_bindata          debug_tls_peer_cert;
 	size_t                  debug_udp;

 	/* When more space is needed for the wire_data response than is
--- a/src/util-internal.c
+++ b/src/util-internal.c
@ -904,6 +904,15 @@ _getdns_create_call_reporting_dict(
 		getdns_dict_destroy(netreq_debug);
 		return NULL;
 	}
+	if (getdns_dict_set_bindata(netreq_debug, "tls_peer_cert",
+	    &netreq->debug_tls_peer_cert)) {
+
+		getdns_dict_destroy(netreq_debug);
+		return NULL;
+	}
+	netreq->debug_tls_peer_cert.size = 0;
+	OPENSSL_free(netreq->debug_tls_peer_cert.data);
+	netreq->debug_tls_peer_cert.data = NULL;
 	return netreq_debug;
 }