From 46c49cbcfe1f385161381fe7ba6687515753d513 Mon Sep 17 00:00:00 2001 From: Jim Hague Date: Thu, 6 Dec 2018 16:32:20 +0000 Subject: [PATCH] Modify getdns_server_mon to use GnuTLS or OpenSSL. Untested. --- src/tools/getdns_server_mon.c | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/src/tools/getdns_server_mon.c b/src/tools/getdns_server_mon.c index 360bf520..3b2d1045 100644 --- a/src/tools/getdns_server_mon.c +++ b/src/tools/getdns_server_mon.c @@ -36,9 +36,13 @@ #include #include +#ifdef USE_GNUTLS +#include +#else #include #include #include +#endif #include #include @@ -181,7 +185,7 @@ static const char *rcode_text(int rcode) return getdns_intval_text(rcode, "rcode", "GETDNS_RCODE_"); } -#if OPENSSL_VERSION_NUMBER < 0x10002000 || defined(LIBRESSL_VERSION_NUMBER) +#if !defined(USE_GNUTLS) && (OPENSSL_VERSION_NUMBER < 0x10002000 || defined(LIBRESSL_VERSION_NUMBER)) /* * Convert date to Julian day. * See https://en.wikipedia.org/wiki/Julian_day @@ -212,6 +216,27 @@ static long secs_in_day(const struct tm *tm) */ static bool extract_cert_expiry(const unsigned char *data, size_t len, time_t *t) { +#ifdef USE_GNUTLS + gnutls_x509_crt_t cert; + gnutls_datum_t datum; + bool res = false; + + datum.data = (unsigned char*) data; + datum.size = len; + + if (gnutls_x509_crt_init(&cert) != GNUTLS_E_SUCCESS) + return false; + + if (gnutls_x509_crt_import(cert, &datum, GNUTLS_X509_FMT_DER) == GNUTLS_E_SUCCESS) { + time_t expiry = gnutls_x509_crt_get_expiration_time(cert); + if (expiry != GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION) { + res = true; + *t = expiry; + } + } + gnutls_x509_crt_deinit(cert); + return res; +#else X509 *cert = d2i_X509(NULL, &data, len); if (!cert) return false; @@ -299,6 +324,7 @@ static bool extract_cert_expiry(const unsigned char *data, size_t len, time_t *t X509_free(cert); #endif *t += day_diff * SECS_IN_DAY + sec_diff; +#endif /* USE_GNUTLS */ return true; }