@ -198,7 +198,7 @@ TQString rc = "";
if ( ! t )
if ( ! t )
return rc ;
return rc ;
rc = t ;
rc = t ;
d - > kossl - > OPENSSL _free( t ) ;
d - > kossl - > CRYPTO _free( t ) ;
# endif
# endif
return rc ;
return rc ;
}
}
@ -225,14 +225,17 @@ TQString rc = "";
char * s ;
char * s ;
int n , i ;
int n , i ;
i = d - > kossl - > OBJ_obj2nid ( d - > m_cert - > sig_alg - > algorithm ) ;
const ASN1_BIT_STRING * signature = 0L ;
const X509_ALGOR * sig_alg = 0L ;
d - > kossl - > X509_get0_signature ( & signature , & sig_alg , d - > m_cert ) ;
i = d - > kossl - > OBJ_obj2nid ( sig_alg - > algorithm ) ;
rc = i18n ( " Signature Algorithm: " ) ;
rc = i18n ( " Signature Algorithm: " ) ;
rc + = ( i = = NID_undef ) ? i18n ( " Unknown " ) : TQString ( d - > kossl - > OBJ_nid2ln ( i ) ) ;
rc + = ( i = = NID_undef ) ? i18n ( " Unknown " ) : TQString ( d - > kossl - > OBJ_nid2ln ( i ) ) ;
rc + = " \n " ;
rc + = " \n " ;
rc + = i18n ( " Signature Contents: " ) ;
rc + = i18n ( " Signature Contents: " ) ;
n = d- > m_cert - > signature- > length ;
n = signature- > length ;
s = ( char * ) d- > m_cert - > signature- > data ;
s = ( char * ) signature- > data ;
for ( i = 0 ; i < n ; i + + ) {
for ( i = 0 ; i < n ; i + + ) {
if ( i % 20 ! = 0 ) rc + = " : " ;
if ( i % 20 ! = 0 ) rc + = " : " ;
else rc + = " \n " ;
else rc + = " \n " ;
@ -254,8 +257,8 @@ void KSSLCertificate::getEmails(TQStringList &to) const {
STACK * s = d - > kossl - > X509_get1_email ( d - > m_cert ) ;
STACK * s = d - > kossl - > X509_get1_email ( d - > m_cert ) ;
if ( s ) {
if ( s ) {
for ( int n = 0 ; n < s- > num; n + + ) {
for ( int n = 0 ; n < d- > ko ssl - > OPENSSL_sk_ num( s ) ; n + + ) {
to . append ( d - > kossl - > sk_value( s , n ) ) ;
to . append ( d - > kossl - > OPENSSL_ sk_value( s , n ) ) ;
}
}
d - > kossl - > X509_email_free ( s ) ;
d - > kossl - > X509_email_free ( s ) ;
}
}
@ -336,12 +339,12 @@ TQString rc = "";
EVP_PKEY * pkey = d - > kossl - > X509_get_pubkey ( d - > m_cert ) ;
EVP_PKEY * pkey = d - > kossl - > X509_get_pubkey ( d - > m_cert ) ;
if ( pkey ) {
if ( pkey ) {
# ifndef NO_RSA
# ifndef NO_RSA
if ( pkey- > type = = EVP_PKEY_RSA )
if ( d- > kossl - > EVP_PKEY_base_id ( pkey ) = = EVP_PKEY_RSA )
rc = " RSA " ;
rc = " RSA " ;
else
else
# endif
# endif
# ifndef NO_DSA
# ifndef NO_DSA
if ( pkey- > type = = EVP_PKEY_DSA )
if ( d- > kossl - > EVP_PKEY_base_id ( pkey ) = = EVP_PKEY_DSA )
rc = " DSA " ;
rc = " DSA " ;
else
else
# endif
# endif
@ -364,10 +367,14 @@ char *x = NULL;
if ( pkey ) {
if ( pkey ) {
rc = i18n ( " Unknown " , " Unknown key algorithm " ) ;
rc = i18n ( " Unknown " , " Unknown key algorithm " ) ;
# ifndef NO_RSA
# ifndef NO_RSA
if ( pkey- > type = = EVP_PKEY_RSA ) {
if ( d- > kossl - > EVP_PKEY_base_id ( pkey ) = = EVP_PKEY_RSA ) {
rc = i18n ( " Key type: RSA (%1 bit) " ) + " \n " ;
rc = i18n ( " Key type: RSA (%1 bit) " ) + " \n " ;
x = d - > kossl - > BN_bn2hex ( pkey - > pkey . rsa - > n ) ;
RSA * pkey_rsa = d - > kossl - > EVP_PKEY_get0_RSA ( pkey ) ;
const BIGNUM * bn_n = 0L ;
const BIGNUM * bn_e = 0L ;
d - > kossl - > RSA_get0_key ( pkey_rsa , & bn_n , & bn_e , NULL ) ;
x = d - > kossl - > BN_bn2hex ( bn_n ) ;
rc + = i18n ( " Modulus: " ) ;
rc + = i18n ( " Modulus: " ) ;
rc = rc . arg ( strlen ( x ) * 4 ) ;
rc = rc . arg ( strlen ( x ) * 4 ) ;
for ( unsigned int i = 0 ; i < strlen ( x ) ; i + + ) {
for ( unsigned int i = 0 ; i < strlen ( x ) ; i + + ) {
@ -378,18 +385,26 @@ char *x = NULL;
rc + = x [ i ] ;
rc + = x [ i ] ;
}
}
rc + = " \n " ;
rc + = " \n " ;
d - > kossl - > OPENSSL _free( x ) ;
d - > kossl - > CRYPTO _free( x ) ;
x = d - > kossl - > BN_bn2hex ( pkey- > pkey . rsa - > e) ;
x = d - > kossl - > BN_bn2hex ( bn_ e) ;
rc + = i18n ( " Exponent: 0x " ) + x + " \n " ;
rc + = i18n ( " Exponent: 0x " ) + x + " \n " ;
d - > kossl - > OPENSSL _free( x ) ;
d - > kossl - > CRYPTO _free( x ) ;
}
}
# endif
# endif
# ifndef NO_DSA
# ifndef NO_DSA
if ( pkey- > type = = EVP_PKEY_DSA ) {
if ( d- > kossl - > EVP_PKEY_base_id ( pkey ) = = EVP_PKEY_DSA ) {
rc = i18n ( " Key type: DSA (%1 bit) " ) + " \n " ;
rc = i18n ( " Key type: DSA (%1 bit) " ) + " \n " ;
x = d - > kossl - > BN_bn2hex ( pkey - > pkey . dsa - > p ) ;
DSA * pkey_dsa = d - > kossl - > EVP_PKEY_get0_DSA ( pkey ) ;
const BIGNUM * bn_p = 0L ;
const BIGNUM * bn_q = 0L ;
const BIGNUM * bn_g = 0L ;
const BIGNUM * bn_pub_key = 0L ;
d - > kossl - > DSA_get0_pqg ( pkey_dsa , & bn_p , & bn_q , & bn_g ) ;
d - > kossl - > DSA_get0_key ( pkey_dsa , & bn_pub_key , NULL ) ;
x = d - > kossl - > BN_bn2hex ( bn_p ) ;
rc + = i18n ( " Prime: " ) ;
rc + = i18n ( " Prime: " ) ;
// hack - this may not be always accurate
// hack - this may not be always accurate
rc = rc . arg ( strlen ( x ) * 4 ) ;
rc = rc . arg ( strlen ( x ) * 4 ) ;
@ -401,9 +416,9 @@ char *x = NULL;
rc + = x [ i ] ;
rc + = x [ i ] ;
}
}
rc + = " \n " ;
rc + = " \n " ;
d - > kossl - > OPENSSL _free( x ) ;
d - > kossl - > CRYPTO _free( x ) ;
x = d - > kossl - > BN_bn2hex ( pkey- > pkey . dsa - > q) ;
x = d - > kossl - > BN_bn2hex ( bn_ q) ;
rc + = i18n ( " 160 bit prime factor: " ) ;
rc + = i18n ( " 160 bit prime factor: " ) ;
for ( unsigned int i = 0 ; i < strlen ( x ) ; i + + ) {
for ( unsigned int i = 0 ; i < strlen ( x ) ; i + + ) {
if ( i % 40 ! = 0 & & i % 2 = = 0 )
if ( i % 40 ! = 0 & & i % 2 = = 0 )
@ -413,9 +428,9 @@ char *x = NULL;
rc + = x [ i ] ;
rc + = x [ i ] ;
}
}
rc + = " \n " ;
rc + = " \n " ;
d - > kossl - > OPENSSL _free( x ) ;
d - > kossl - > CRYPTO _free( x ) ;
x = d - > kossl - > BN_bn2hex ( pkey- > pkey . dsa - > g) ;
x = d - > kossl - > BN_bn2hex ( bn_ g) ;
rc + = TQString ( " g: " ) ;
rc + = TQString ( " g: " ) ;
for ( unsigned int i = 0 ; i < strlen ( x ) ; i + + ) {
for ( unsigned int i = 0 ; i < strlen ( x ) ; i + + ) {
if ( i % 40 ! = 0 & & i % 2 = = 0 )
if ( i % 40 ! = 0 & & i % 2 = = 0 )
@ -425,9 +440,9 @@ char *x = NULL;
rc + = x [ i ] ;
rc + = x [ i ] ;
}
}
rc + = " \n " ;
rc + = " \n " ;
d - > kossl - > OPENSSL _free( x ) ;
d - > kossl - > CRYPTO _free( x ) ;
x = d - > kossl - > BN_bn2hex ( pkey- > pkey . dsa - > pub_key) ;
x = d - > kossl - > BN_bn2hex ( bn_ pub_key) ;
rc + = i18n ( " Public key: " ) ;
rc + = i18n ( " Public key: " ) ;
for ( unsigned int i = 0 ; i < strlen ( x ) ; i + + ) {
for ( unsigned int i = 0 ; i < strlen ( x ) ; i + + ) {
if ( i % 40 ! = 0 & & i % 2 = = 0 )
if ( i % 40 ! = 0 & & i % 2 = = 0 )
@ -437,7 +452,7 @@ char *x = NULL;
rc + = x [ i ] ;
rc + = x [ i ] ;
}
}
rc + = " \n " ;
rc + = " \n " ;
d - > kossl - > OPENSSL _free( x ) ;
d - > kossl - > CRYPTO _free( x ) ;
}
}
# endif
# endif
d - > kossl - > EVP_PKEY_free ( pkey ) ;
d - > kossl - > EVP_PKEY_free ( pkey ) ;
@ -459,7 +474,7 @@ TQString rc = "";
return rc ;
return rc ;
rc = t ;
rc = t ;
d - > kossl - > OPENSSL _free( t ) ;
d - > kossl - > CRYPTO _free( t ) ;
# endif
# endif
return rc ;
return rc ;
@ -696,7 +711,7 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
return errors ;
return errors ;
}
}
X509_STORE_set_verify_cb_func ( certStore , X509Callback ) ;
d- > kossl - > X509_STORE_set_verify_cb( certStore , X509Callback ) ;
certLookup = d - > kossl - > X509_STORE_add_lookup ( certStore , d - > kossl - > X509_LOOKUP_file ( ) ) ;
certLookup = d - > kossl - > X509_STORE_add_lookup ( certStore , d - > kossl - > X509_LOOKUP_file ( ) ) ;
if ( ! certLookup ) {
if ( ! certLookup ) {
@ -727,7 +742,7 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
d - > kossl - > X509_STORE_CTX_init ( certStoreCTX , certStore , d - > m_cert , NULL ) ;
d - > kossl - > X509_STORE_CTX_init ( certStoreCTX , certStore , d - > m_cert , NULL ) ;
if ( d - > _chain . isValid ( ) ) {
if ( d - > _chain . isValid ( ) ) {
d - > kossl - > X509_STORE_CTX_set _chain ( certStoreCTX , ( STACK_OF ( X509 ) * ) d - > _chain . rawChain ( ) ) ;
d - > kossl - > X509_STORE_CTX_set 0_untrusted ( certStoreCTX , ( STACK_OF ( X509 ) * ) d - > _chain . rawChain ( ) ) ;
}
}
//kdDebug(7029) << "KSSL setting CRL.............." << endl;
//kdDebug(7029) << "KSSL setting CRL.............." << endl;
@ -738,9 +753,9 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
KSSL_X509CallBack_ca = ca ? ca - > d - > m_cert : 0 ;
KSSL_X509CallBack_ca = ca ? ca - > d - > m_cert : 0 ;
KSSL_X509CallBack_ca_found = false ;
KSSL_X509CallBack_ca_found = false ;
certStoreCTX- > error = X509_V_OK ;
d- > kossl - > X509_STORE_CTX_set_error ( certStoreCTX , X509_V_OK ) ;
d - > kossl - > X509_verify_cert ( certStoreCTX ) ;
d - > kossl - > X509_verify_cert ( certStoreCTX ) ;
int errcode = certStoreCTX- > error ;
int errcode = d- > kossl - > X509_STORE_CTX_get_error ( certStoreCTX ) ;
if ( ca & & ! KSSL_X509CallBack_ca_found ) {
if ( ca & & ! KSSL_X509CallBack_ca_found ) {
ksslv = KSSLCertificate : : Irrelevant ;
ksslv = KSSLCertificate : : Irrelevant ;
} else {
} else {
@ -753,9 +768,9 @@ KSSLCertificate::KSSLValidationList KSSLCertificate::validateVerbose(KSSLCertifi
d - > kossl - > X509_STORE_CTX_set_purpose ( certStoreCTX ,
d - > kossl - > X509_STORE_CTX_set_purpose ( certStoreCTX ,
X509_PURPOSE_NS_SSL_SERVER ) ;
X509_PURPOSE_NS_SSL_SERVER ) ;
certStoreCTX- > error = X509_V_OK ;
d- > kossl - > X509_STORE_CTX_set_error ( certStoreCTX , X509_V_OK ) ;
d - > kossl - > X509_verify_cert ( certStoreCTX ) ;
d - > kossl - > X509_verify_cert ( certStoreCTX ) ;
errcode = certStoreCTX- > error ;
errcode = d- > kossl - > X509_STORE_CTX_get_error ( certStoreCTX ) ;
ksslv = processError ( errcode ) ;
ksslv = processError ( errcode ) ;
}
}
d - > kossl - > X509_STORE_CTX_free ( certStoreCTX ) ;
d - > kossl - > X509_STORE_CTX_free ( certStoreCTX ) ;
@ -888,7 +903,7 @@ return rc;
TQString KSSLCertificate : : getNotBefore ( ) const {
TQString KSSLCertificate : : getNotBefore ( ) const {
# ifdef KSSL_HAVE_SSL
# ifdef KSSL_HAVE_SSL
return ASN1_UTCTIME_QString ( X509_get_notBefore( d - > m_cert ) ) ;
return ASN1_UTCTIME_QString ( d- > kossl - > X509_getm _notBefore( d - > m_cert ) ) ;
# else
# else
return TQString : : null ;
return TQString : : null ;
# endif
# endif
@ -897,7 +912,7 @@ return TQString::null;
TQString KSSLCertificate : : getNotAfter ( ) const {
TQString KSSLCertificate : : getNotAfter ( ) const {
# ifdef KSSL_HAVE_SSL
# ifdef KSSL_HAVE_SSL
return ASN1_UTCTIME_QString ( X509_get_notAfter( d - > m_cert ) ) ;
return ASN1_UTCTIME_QString ( d- > kossl - > X509_getm _notAfter( d - > m_cert ) ) ;
# else
# else
return TQString : : null ;
return TQString : : null ;
# endif
# endif
@ -906,7 +921,7 @@ return TQString::null;
TQDateTime KSSLCertificate : : getQDTNotBefore ( ) const {
TQDateTime KSSLCertificate : : getQDTNotBefore ( ) const {
# ifdef KSSL_HAVE_SSL
# ifdef KSSL_HAVE_SSL
return ASN1_UTCTIME_QDateTime ( X509_get_notBefore( d - > m_cert ) , NULL ) ;
return ASN1_UTCTIME_QDateTime ( d- > kossl - > X509_getm _notBefore( d - > m_cert ) , NULL ) ;
# else
# else
return TQDateTime : : currentDateTime ( ) ;
return TQDateTime : : currentDateTime ( ) ;
# endif
# endif
@ -915,7 +930,7 @@ return TQDateTime::currentDateTime();
TQDateTime KSSLCertificate : : getQDTNotAfter ( ) const {
TQDateTime KSSLCertificate : : getQDTNotAfter ( ) const {
# ifdef KSSL_HAVE_SSL
# ifdef KSSL_HAVE_SSL
return ASN1_UTCTIME_QDateTime ( X509_get_notAfter( d - > m_cert ) , NULL ) ;
return ASN1_UTCTIME_QDateTime ( d- > kossl - > X509_getm _notAfter( d - > m_cert ) , NULL ) ;
# else
# else
return TQDateTime : : currentDateTime ( ) ;
return TQDateTime : : currentDateTime ( ) ;
# endif
# endif
@ -924,7 +939,7 @@ return TQDateTime::currentDateTime();
TQDateTime KSSLCertificate : : getQDTLastUpdate ( ) const {
TQDateTime KSSLCertificate : : getQDTLastUpdate ( ) const {
# ifdef KSSL_HAVE_SSL
# ifdef KSSL_HAVE_SSL
return ASN1_UTCTIME_QDateTime ( X509_CRL_get _lastUpdate( d - > m_cert_crl ) , NULL ) ;
return ASN1_UTCTIME_QDateTime ( ( ASN1_UTCTIME * ) d - > kossl - > X509_CRL_get 0 _lastUpdate( d - > m_cert_crl ) , NULL ) ;
# else
# else
return TQDateTime : : currentDateTime ( ) ;
return TQDateTime : : currentDateTime ( ) ;
# endif
# endif
@ -933,7 +948,7 @@ return TQDateTime::currentDateTime();
TQDateTime KSSLCertificate : : getQDTNextUpdate ( ) const {
TQDateTime KSSLCertificate : : getQDTNextUpdate ( ) const {
# ifdef KSSL_HAVE_SSL
# ifdef KSSL_HAVE_SSL
return ASN1_UTCTIME_QDateTime ( X509_CRL_get _nextUpdate( d - > m_cert_crl ) , NULL ) ;
return ASN1_UTCTIME_QDateTime ( ( ASN1_UTCTIME * ) d - > kossl - > X509_CRL_get 0 _nextUpdate( d - > m_cert_crl ) , NULL ) ;
# else
# else
return TQDateTime : : currentDateTime ( ) ;
return TQDateTime : : currentDateTime ( ) ;
# endif
# endif
@ -1053,6 +1068,15 @@ return qba;
# define NETSCAPE_CERT_HDR "certificate"
# define NETSCAPE_CERT_HDR "certificate"
# ifdef KSSL_HAVE_SSL
# if OPENSSL_VERSION_NUMBER >= 0x10100000L
typedef struct NETSCAPE_X509_st
{
ASN1_OCTET_STRING * header ;
X509 * cert ;
} NETSCAPE_X509 ;
# endif
# endif
// what a piece of crap this is
// what a piece of crap this is
TQByteArray KSSLCertificate : : toNetscape ( ) {
TQByteArray KSSLCertificate : : toNetscape ( ) {
@ -1062,8 +1086,8 @@ TQByteArray qba;
NETSCAPE_X509 nx ;
NETSCAPE_X509 nx ;
ASN1_OCTET_STRING hdr ;
ASN1_OCTET_STRING hdr ;
# else
# else
ASN1_HEADER ah ;
ASN1_HEADER ah ;
ASN1_OCTET_STRING os ;
ASN1_OCTET_STRING os ;
# endif
# endif
KTempFile ktf ;
KTempFile ktf ;
@ -1159,10 +1183,10 @@ TQStringList KSSLCertificate::subjAltNames() const {
return rc ;
return rc ;
}
}
int cnt = d - > kossl - > sk_GENERAL_NAME _num( names ) ;
int cnt = d - > kossl - > OPENSSL_sk _num( names ) ;
for ( int i = 0 ; i < cnt ; i + + ) {
for ( int i = 0 ; i < cnt ; i + + ) {
const GENERAL_NAME * val = ( const GENERAL_NAME * ) d - > kossl - > sk_value( names , i ) ;
const GENERAL_NAME * val = ( const GENERAL_NAME * ) d - > kossl - > OPENSSL_ sk_value( names , i ) ;
if ( val - > type ! = GEN_DNS ) {
if ( val - > type ! = GEN_DNS ) {
continue ;
continue ;
}
}
@ -1174,7 +1198,7 @@ TQStringList KSSLCertificate::subjAltNames() const {
rc + = s ;
rc + = s ;
}
}
}
}
d - > kossl - > sk_free( names ) ;
d - > kossl - > OPENSSL_ sk_free( names ) ;
# endif
# endif
return rc ;
return rc ;
}
}