Full certificate chain details for NSM

* lisp/net/nsm.el (nsm-check-tls-connection): Fix issue with plural problems in message. Prefix every problem with a bullet. (nsm-query-user): Add new view the full certificate chain by pressing d. (nsm-format-certificate): Improve basic certificate and session info formatting. * src/gnutls.c (emacs_gnutls_certificate_export_pem): New function. (gnutls_certificate_details): Rename to emacs_gnutls_certificate_details. Add :pem to result list. (Fgnutls_format_certificate): New function for formatting a PEM to human-readable text.
author: Jimmy Yuen Ho Wong 2018-07-10 18:38:11 +0100
committer: Jimmy Yuen Ho Wong 2018-07-14 17:50:45 +0100
commit: 87484dc27ec7a6e708c7e0ceaf96bff1ee064174 (patch)
tree: 6fe88ce6a09786a9540be92f78444fc274f3246e /src
parent: 682578fcf74d4598e39eca81e09d81810d3fc28d (diff)
download: emacs-87484dc27ec7a6e708c7e0ceaf96bff1ee064174.tar.gz
emacs-87484dc27ec7a6e708c7e0ceaf96bff1ee064174.zip
1 files changed, 92 insertions, 2 deletions
diff --git a/src/gnutls.c b/src/gnutls.c
index 448f6732e6b..117278df35b 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -152,6 +152,8 @@ DEF_DLL_FN (int, gnutls_x509_crt_check_hostname,
 DEF_DLL_FN (int, gnutls_x509_crt_check_issuer,
              (gnutls_x509_crt_t, gnutls_x509_crt_t));
 DEF_DLL_FN (void, gnutls_x509_crt_deinit, (gnutls_x509_crt_t));
+DEF_DLL_DN (int, gnutls_x509_crt_export,
+            (gnutls_x509_crt_t, gnutls_x509_crt_fmt_t, void *, size_t *));
 DEF_DLL_FN (int, gnutls_x509_crt_import,
            (gnutls_x509_crt_t, const gnutls_datum_t *,
             gnutls_x509_crt_fmt_t));
@@ -173,6 +175,9 @@ DEF_DLL_FN (int, gnutls_x509_crt_get_dn,
            (gnutls_x509_crt_t, char *, size_t *));
 DEF_DLL_FN (int, gnutls_x509_crt_get_pk_algorithm,
            (gnutls_x509_crt_t, unsigned int *));
+DEF_DLL_FN (int, gnutls_x509_crt_print,
+            (gnutls_x509_crt_t, gnutls_certificate_print_formats_t,
+             gnutls_datum_t *));
 DEF_DLL_FN (const char *, gnutls_pk_algorithm_get_name,
            (gnutls_pk_algorithm_t));
 DEF_DLL_FN (int, gnutls_pk_bits_to_sec_param,
@@ -317,6 +322,7 @@ init_gnutls_functions (void)
  LOAD_DLL_FN (library, gnutls_x509_crt_check_hostname);
  LOAD_DLL_FN (library, gnutls_x509_crt_check_issuer);
  LOAD_DLL_FN (library, gnutls_x509_crt_deinit);
+  LOAD_DLL_FN (library, gnutls_x509_crt_export);
  LOAD_DLL_FN (library, gnutls_x509_crt_import);
  LOAD_DLL_FN (library, gnutls_x509_crt_init);
  LOAD_DLL_FN (library, gnutls_x509_crt_get_fingerprint);
@@ -327,6 +333,7 @@ init_gnutls_functions (void)
  LOAD_DLL_FN (library, gnutls_x509_crt_get_expiration_time);
  LOAD_DLL_FN (library, gnutls_x509_crt_get_dn);
  LOAD_DLL_FN (library, gnutls_x509_crt_get_pk_algorithm);
+  LOAD_DLL_FN (library, gnutls_x509_crt_print)
  LOAD_DLL_FN (library, gnutls_pk_algorithm_get_name);
  LOAD_DLL_FN (library, gnutls_pk_bits_to_sec_param);
  LOAD_DLL_FN (library, gnutls_x509_crt_get_issuer_unique_id);
@@ -455,6 +462,7 @@ init_gnutls_functions (void)
 #  define gnutls_x509_crt_check_hostname fn_gnutls_x509_crt_check_hostname
 #  define gnutls_x509_crt_check_issuer fn_gnutls_x509_crt_check_issuer
 #  define gnutls_x509_crt_deinit fn_gnutls_x509_crt_deinit
+#  define gnutls_x509_crt_export fn_gnutls_x509_crt_export
 #  define gnutls_x509_crt_get_activation_time fn_gnutls_x509_crt_get_activation_time
 #  define gnutls_x509_crt_get_dn fn_gnutls_x509_crt_get_dn
 #  define gnutls_x509_crt_get_expiration_time fn_gnutls_x509_crt_get_expiration_time
@@ -463,6 +471,7 @@ init_gnutls_functions (void)
 #  define gnutls_x509_crt_get_issuer_unique_id fn_gnutls_x509_crt_get_issuer_unique_id
 #  define gnutls_x509_crt_get_key_id fn_gnutls_x509_crt_get_key_id
 #  define gnutls_x509_crt_get_pk_algorithm fn_gnutls_x509_crt_get_pk_algorithm
+#  define gnutls_x509_crt_print fn_gnutls_x509_crt_print
 #  define gnutls_x509_crt_get_serial fn_gnutls_x509_crt_get_serial
 #  define gnutls_x509_crt_get_signature_algorithm fn_gnutls_x509_crt_get_signature_algorithm
 #  define gnutls_x509_crt_get_subject_unique_id fn_gnutls_x509_crt_get_subject_unique_id
@@ -1024,7 +1033,34 @@ gnutls_hex_string (unsigned char *buf, ptrdiff_t buf_size, const char *prefix)
 }
 static Lisp_Object
-gnutls_certificate_details (gnutls_x509_crt_t cert)
+emacs_gnutls_certificate_export_pem (gnutls_x509_crt_t cert)
+{
+  size_t size = 0;
+  int err = gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_PEM, NULL, &size);
+  check_memory_full (err);
+  if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
+    {
+      unsigned char *buf = xmalloc(size * sizeof (unsigned char));
+      err = gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_PEM, buf, &size);
+      check_memory_full (err);
+      if (err < GNUTLS_E_SUCCESS)
+        {
+          xfree (buf);
+          error ("GnuTLS certificate export error: %s", emacs_gnutls_strerror (err));
+        }
+      return build_string(buf);
+    }
+  else if (err < GNUTLS_E_SUCCESS)
+    error ("GnuTLS certificate export error: %s", emacs_gnutls_strerror (err));
+  return Qnil;
+}
+static Lisp_Object
+emacs_gnutls_certificate_details (gnutls_x509_crt_t cert)
 {
  Lisp_Object res = Qnil;
  int err;
@@ -1192,6 +1228,10 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
      xfree (buf);
    }
+  /* PEM */
+  res = nconc2 (res, list2 (intern (":pem"),
+                            emacs_gnutls_certificate_export_pem(cert)));
  return res;
 }
@@ -1354,7 +1394,7 @@ returned as the :certificate entry.  */)
      /* Return all the certificates in a list. */
      for (int i = 0; i < XPROCESS (proc)->gnutls_certificates_length; i++)
-        certs = nconc2 (certs, list1 (gnutls_certificate_details
+        certs = nconc2 (certs, list1 (emacs_gnutls_certificate_details
                                      (XPROCESS (proc)->gnutls_certificates[i])));
      result = nconc2 (result, list2 (intern (":certificates"), certs));
@@ -1480,6 +1520,55 @@ boot_error (struct Lisp_Process *p, const char *m, ...)
  va_end (ap);
 }
+DEFUN ("gnutls-format-certificate", Fgnutls_format_certificate, Sgnutls_format_certificate, 1, 1, 0,
+       doc: /* Format a X.509 certificate to a string.
+Given a PEM-encoded X.509 certificate CERT, returns a human-readable
+string representation.  */)
+     (Lisp_Object cert)
+{
+  CHECK_STRING (cert);
+  int err;
+  gnutls_x509_crt_t crt;
+  err = gnutls_x509_crt_init (&crt);
+  check_memory_full (err);
+  if (err < GNUTLS_E_SUCCESS)
+    error ("gnutls-format-certificate error: %s", emacs_gnutls_strerror (err));
+  unsigned char *crt_buf = SDATA (cert);
+  gnutls_datum_t crt_data = { crt_buf, strlen (crt_buf) };
+  err = gnutls_x509_crt_import (crt, &crt_data, GNUTLS_X509_FMT_PEM);
+  check_memory_full (err);
+  if (err < GNUTLS_E_SUCCESS)
+    {
+      gnutls_x509_crt_deinit (crt);
+      error ("gnutls-format-certificate error: %s", emacs_gnutls_strerror (err));
+    }
+  gnutls_datum_t out;
+  err = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &out);
+  check_memory_full (err);
+  if (err < GNUTLS_E_SUCCESS)
+    {
+      gnutls_x509_crt_deinit (crt);
+      error ("gnutls-format-certificate error: %s", emacs_gnutls_strerror (err));
+    }
+  char *out_buf = xmalloc ((out.size + 1) * sizeof (char));
+  memset (out_buf, 0, (out.size + 1) * sizeof (char));
+  memcpy (out_buf, out.data, out.size);
+  xfree (out.data);
+  gnutls_x509_crt_deinit (crt);
+  Lisp_Object result = build_string (out_buf);
+  xfree (out_buf);
+  return result;
+}
 Lisp_Object
 gnutls_verify_boot (Lisp_Object proc, Lisp_Object proplist)
 {
@@ -2713,6 +2802,7 @@ syms_of_gnutls (void)
  defsubr (&Sgnutls_bye);
  defsubr (&Sgnutls_peer_status);
  defsubr (&Sgnutls_peer_status_warning_describe);
+  defsubr (&Sgnutls_format_certificate);
 #ifdef HAVE_GNUTLS3
  defsubr (&Sgnutls_ciphers);
author	Jimmy Yuen Ho Wong	2018-07-10 18:38:11 +0100
committer	Jimmy Yuen Ho Wong	2018-07-14 17:50:45 +0100
commit	87484dc27ec7a6e708c7e0ceaf96bff1ee064174 (patch)
tree	6fe88ce6a09786a9540be92f78444fc274f3246e /src
parent	682578fcf74d4598e39eca81e09d81810d3fc28d (diff)
download	emacs-87484dc27ec7a6e708c7e0ceaf96bff1ee064174.tar.gz emacs-87484dc27ec7a6e708c7e0ceaf96bff1ee064174.zip

diff --git a/src/gnutls.c b/src/gnutls.c index 448f6732e6b..117278df35b 100644 --- a/src/gnutls.c +++ b/src/gnutls.c
@@ -152,6 +152,8 @@ DEF_DLL_FN (int, gnutls_x509_crt_check_hostname,
152	DEF_DLL_FN (int, gnutls_x509_crt_check_issuer,	152	DEF_DLL_FN (int, gnutls_x509_crt_check_issuer,
153	(gnutls_x509_crt_t, gnutls_x509_crt_t));	153	(gnutls_x509_crt_t, gnutls_x509_crt_t));
154	DEF_DLL_FN (void, gnutls_x509_crt_deinit, (gnutls_x509_crt_t));	154	DEF_DLL_FN (void, gnutls_x509_crt_deinit, (gnutls_x509_crt_t));
		155	DEF_DLL_DN (int, gnutls_x509_crt_export,
		156	(gnutls_x509_crt_t, gnutls_x509_crt_fmt_t, void , size_t ));
155	DEF_DLL_FN (int, gnutls_x509_crt_import,	157	DEF_DLL_FN (int, gnutls_x509_crt_import,
156	(gnutls_x509_crt_t, const gnutls_datum_t *,	158	(gnutls_x509_crt_t, const gnutls_datum_t *,
157	gnutls_x509_crt_fmt_t));	159	gnutls_x509_crt_fmt_t));
@@ -173,6 +175,9 @@ DEF_DLL_FN (int, gnutls_x509_crt_get_dn,
173	(gnutls_x509_crt_t, char , size_t ));	175	(gnutls_x509_crt_t, char , size_t ));
174	DEF_DLL_FN (int, gnutls_x509_crt_get_pk_algorithm,	176	DEF_DLL_FN (int, gnutls_x509_crt_get_pk_algorithm,
175	(gnutls_x509_crt_t, unsigned int *));	177	(gnutls_x509_crt_t, unsigned int *));
		178	DEF_DLL_FN (int, gnutls_x509_crt_print,
		179	(gnutls_x509_crt_t, gnutls_certificate_print_formats_t,
		180	gnutls_datum_t *));
176	DEF_DLL_FN (const char *, gnutls_pk_algorithm_get_name,	181	DEF_DLL_FN (const char *, gnutls_pk_algorithm_get_name,
177	(gnutls_pk_algorithm_t));	182	(gnutls_pk_algorithm_t));
178	DEF_DLL_FN (int, gnutls_pk_bits_to_sec_param,	183	DEF_DLL_FN (int, gnutls_pk_bits_to_sec_param,
@@ -317,6 +322,7 @@ init_gnutls_functions (void)
317	LOAD_DLL_FN (library, gnutls_x509_crt_check_hostname);	322	LOAD_DLL_FN (library, gnutls_x509_crt_check_hostname);
318	LOAD_DLL_FN (library, gnutls_x509_crt_check_issuer);	323	LOAD_DLL_FN (library, gnutls_x509_crt_check_issuer);
319	LOAD_DLL_FN (library, gnutls_x509_crt_deinit);	324	LOAD_DLL_FN (library, gnutls_x509_crt_deinit);
		325	LOAD_DLL_FN (library, gnutls_x509_crt_export);
320	LOAD_DLL_FN (library, gnutls_x509_crt_import);	326	LOAD_DLL_FN (library, gnutls_x509_crt_import);
321	LOAD_DLL_FN (library, gnutls_x509_crt_init);	327	LOAD_DLL_FN (library, gnutls_x509_crt_init);
322	LOAD_DLL_FN (library, gnutls_x509_crt_get_fingerprint);	328	LOAD_DLL_FN (library, gnutls_x509_crt_get_fingerprint);
@@ -327,6 +333,7 @@ init_gnutls_functions (void)
327	LOAD_DLL_FN (library, gnutls_x509_crt_get_expiration_time);	333	LOAD_DLL_FN (library, gnutls_x509_crt_get_expiration_time);
328	LOAD_DLL_FN (library, gnutls_x509_crt_get_dn);	334	LOAD_DLL_FN (library, gnutls_x509_crt_get_dn);
329	LOAD_DLL_FN (library, gnutls_x509_crt_get_pk_algorithm);	335	LOAD_DLL_FN (library, gnutls_x509_crt_get_pk_algorithm);
		336	LOAD_DLL_FN (library, gnutls_x509_crt_print)
330	LOAD_DLL_FN (library, gnutls_pk_algorithm_get_name);	337	LOAD_DLL_FN (library, gnutls_pk_algorithm_get_name);
331	LOAD_DLL_FN (library, gnutls_pk_bits_to_sec_param);	338	LOAD_DLL_FN (library, gnutls_pk_bits_to_sec_param);
332	LOAD_DLL_FN (library, gnutls_x509_crt_get_issuer_unique_id);	339	LOAD_DLL_FN (library, gnutls_x509_crt_get_issuer_unique_id);
@@ -455,6 +462,7 @@ init_gnutls_functions (void)
455	# define gnutls_x509_crt_check_hostname fn_gnutls_x509_crt_check_hostname	462	# define gnutls_x509_crt_check_hostname fn_gnutls_x509_crt_check_hostname
456	# define gnutls_x509_crt_check_issuer fn_gnutls_x509_crt_check_issuer	463	# define gnutls_x509_crt_check_issuer fn_gnutls_x509_crt_check_issuer
457	# define gnutls_x509_crt_deinit fn_gnutls_x509_crt_deinit	464	# define gnutls_x509_crt_deinit fn_gnutls_x509_crt_deinit
		465	# define gnutls_x509_crt_export fn_gnutls_x509_crt_export
458	# define gnutls_x509_crt_get_activation_time fn_gnutls_x509_crt_get_activation_time	466	# define gnutls_x509_crt_get_activation_time fn_gnutls_x509_crt_get_activation_time
459	# define gnutls_x509_crt_get_dn fn_gnutls_x509_crt_get_dn	467	# define gnutls_x509_crt_get_dn fn_gnutls_x509_crt_get_dn
460	# define gnutls_x509_crt_get_expiration_time fn_gnutls_x509_crt_get_expiration_time	468	# define gnutls_x509_crt_get_expiration_time fn_gnutls_x509_crt_get_expiration_time
@@ -463,6 +471,7 @@ init_gnutls_functions (void)
463	# define gnutls_x509_crt_get_issuer_unique_id fn_gnutls_x509_crt_get_issuer_unique_id	471	# define gnutls_x509_crt_get_issuer_unique_id fn_gnutls_x509_crt_get_issuer_unique_id
464	# define gnutls_x509_crt_get_key_id fn_gnutls_x509_crt_get_key_id	472	# define gnutls_x509_crt_get_key_id fn_gnutls_x509_crt_get_key_id
465	# define gnutls_x509_crt_get_pk_algorithm fn_gnutls_x509_crt_get_pk_algorithm	473	# define gnutls_x509_crt_get_pk_algorithm fn_gnutls_x509_crt_get_pk_algorithm
		474	# define gnutls_x509_crt_print fn_gnutls_x509_crt_print
466	# define gnutls_x509_crt_get_serial fn_gnutls_x509_crt_get_serial	475	# define gnutls_x509_crt_get_serial fn_gnutls_x509_crt_get_serial
467	# define gnutls_x509_crt_get_signature_algorithm fn_gnutls_x509_crt_get_signature_algorithm	476	# define gnutls_x509_crt_get_signature_algorithm fn_gnutls_x509_crt_get_signature_algorithm
468	# define gnutls_x509_crt_get_subject_unique_id fn_gnutls_x509_crt_get_subject_unique_id	477	# define gnutls_x509_crt_get_subject_unique_id fn_gnutls_x509_crt_get_subject_unique_id
@@ -1024,7 +1033,34 @@ gnutls_hex_string (unsigned char buf, ptrdiff_t buf_size, const char prefix)
1024	}	1033	}
1025		1034
1026	static Lisp_Object	1035	static Lisp_Object
1027	gnutls_certificate_details (gnutls_x509_crt_t cert)	1036	emacs_gnutls_certificate_export_pem (gnutls_x509_crt_t cert)
		1037	{
		1038	size_t size = 0;
		1039	int err = gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_PEM, NULL, &size);
		1040	check_memory_full (err);
		1041
		1042	if (err == GNUTLS_E_SHORT_MEMORY_BUFFER)
		1043	{
		1044	unsigned char buf = xmalloc(size sizeof (unsigned char));
		1045	err = gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_PEM, buf, &size);
		1046	check_memory_full (err);
		1047
		1048	if (err < GNUTLS_E_SUCCESS)
		1049	{
		1050	xfree (buf);
		1051	error ("GnuTLS certificate export error: %s", emacs_gnutls_strerror (err));
		1052	}
		1053
		1054	return build_string(buf);
		1055	}
		1056	else if (err < GNUTLS_E_SUCCESS)
		1057	error ("GnuTLS certificate export error: %s", emacs_gnutls_strerror (err));
		1058
		1059	return Qnil;
		1060	}
		1061
		1062	static Lisp_Object
		1063	emacs_gnutls_certificate_details (gnutls_x509_crt_t cert)
1028	{	1064	{
1029	Lisp_Object res = Qnil;	1065	Lisp_Object res = Qnil;
1030	int err;	1066	int err;
@@ -1192,6 +1228,10 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
1192	xfree (buf);	1228	xfree (buf);
1193	}	1229	}
1194		1230
		1231	/* PEM */
		1232	res = nconc2 (res, list2 (intern (":pem"),
		1233	emacs_gnutls_certificate_export_pem(cert)));
		1234
1195	return res;	1235	return res;
1196	}	1236	}
1197		1237
@@ -1354,7 +1394,7 @@ returned as the :certificate entry. */)
1354		1394
1355	/* Return all the certificates in a list. */	1395	/* Return all the certificates in a list. */
1356	for (int i = 0; i < XPROCESS (proc)->gnutls_certificates_length; i++)	1396	for (int i = 0; i < XPROCESS (proc)->gnutls_certificates_length; i++)
1357	certs = nconc2 (certs, list1 (gnutls_certificate_details	1397	certs = nconc2 (certs, list1 (emacs_gnutls_certificate_details
1358	(XPROCESS (proc)->gnutls_certificates[i])));	1398	(XPROCESS (proc)->gnutls_certificates[i])));
1359		1399
1360	result = nconc2 (result, list2 (intern (":certificates"), certs));	1400	result = nconc2 (result, list2 (intern (":certificates"), certs));
@@ -1480,6 +1520,55 @@ boot_error (struct Lisp_Process p, const char m, ...)
1480	va_end (ap);	1520	va_end (ap);
1481	}	1521	}
1482		1522
		1523	DEFUN ("gnutls-format-certificate", Fgnutls_format_certificate, Sgnutls_format_certificate, 1, 1, 0,
		1524	doc: /* Format a X.509 certificate to a string.
		1525
		1526	Given a PEM-encoded X.509 certificate CERT, returns a human-readable
		1527	string representation. */)
		1528	(Lisp_Object cert)
		1529	{
		1530	CHECK_STRING (cert);
		1531
		1532	int err;
		1533	gnutls_x509_crt_t crt;
		1534
		1535	err = gnutls_x509_crt_init (&crt);
		1536	check_memory_full (err);
		1537	if (err < GNUTLS_E_SUCCESS)
		1538	error ("gnutls-format-certificate error: %s", emacs_gnutls_strerror (err));
		1539
		1540	unsigned char *crt_buf = SDATA (cert);
		1541	gnutls_datum_t crt_data = { crt_buf, strlen (crt_buf) };
		1542	err = gnutls_x509_crt_import (crt, &crt_data, GNUTLS_X509_FMT_PEM);
		1543	check_memory_full (err);
		1544	if (err < GNUTLS_E_SUCCESS)
		1545	{
		1546	gnutls_x509_crt_deinit (crt);
		1547	error ("gnutls-format-certificate error: %s", emacs_gnutls_strerror (err));
		1548	}
		1549
		1550	gnutls_datum_t out;
		1551	err = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &out);
		1552	check_memory_full (err);
		1553	if (err < GNUTLS_E_SUCCESS)
		1554	{
		1555	gnutls_x509_crt_deinit (crt);
		1556	error ("gnutls-format-certificate error: %s", emacs_gnutls_strerror (err));
		1557	}
		1558
		1559	char out_buf = xmalloc ((out.size + 1) sizeof (char));
		1560	memset (out_buf, 0, (out.size + 1) * sizeof (char));
		1561	memcpy (out_buf, out.data, out.size);
		1562
		1563	xfree (out.data);
		1564	gnutls_x509_crt_deinit (crt);
		1565
		1566	Lisp_Object result = build_string (out_buf);
		1567	xfree (out_buf);
		1568
		1569	return result;
		1570	}
		1571
1483	Lisp_Object	1572	Lisp_Object
1484	gnutls_verify_boot (Lisp_Object proc, Lisp_Object proplist)	1573	gnutls_verify_boot (Lisp_Object proc, Lisp_Object proplist)
1485	{	1574	{
@@ -2713,6 +2802,7 @@ syms_of_gnutls (void)
2713	defsubr (&Sgnutls_bye);	2802	defsubr (&Sgnutls_bye);
2714	defsubr (&Sgnutls_peer_status);	2803	defsubr (&Sgnutls_peer_status);
2715	defsubr (&Sgnutls_peer_status_warning_describe);	2804	defsubr (&Sgnutls_peer_status_warning_describe);
		2805	defsubr (&Sgnutls_format_certificate);
2716		2806
2717	#ifdef HAVE_GNUTLS3	2807	#ifdef HAVE_GNUTLS3
2718	defsubr (&Sgnutls_ciphers);	2808	defsubr (&Sgnutls_ciphers);