Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

(Pre-shared) client certificates are no longer maintained by hash only

Browse Source
This commit is contained in:
Simon Rozman
2016-06-16 00:29:56 +02:00
parent cda81dd696
commit d430b63829
5 changed files with 164 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/TLS/include/Credentials.h
View File

@@ -59,6 +59,9 @@ namespace eapserial
#pragma once
#include "../../EAPBase/include/Credentials.h"
#include "../../EAPBase/include/EAPSerial.h"
#include <WinStd/Crypt.h>
#include <Windows.h>
#include <vector>
@@ -190,7 +193,7 @@ namespace eap
/// @}
public:
std::vector<unsigned char> m_cert_hash; ///< Client certificate hash (certificates are kept in Personal Certificate Storage)
winstd::cert_context m_cert; ///< Client certificate
};
}
@@ -199,22 +202,30 @@ namespace eapserial
{
inline void pack(_Inout_ unsigned char *&cursor, _In_ const eap::credentials_tls &val)
{
pack(cursor, (const eap::credentials&)val);
pack(cursor, val.m_cert_hash );
// Don't save m_identity. We rebuild it on every load.
//pack(cursor, (const eap::credentials&)val);
pack(cursor, val.m_cert );
}
inline size_t get_pk_size(const eap::credentials_tls &val)
{
return
get_pk_size((const eap::credentials&)val) +
get_pk_size(val.m_cert_hash );
// Don't save m_identity. We rebuild it on every load.
//get_pk_size((const eap::credentials&)val) +
get_pk_size(val.m_cert );
}
inline void unpack(_Inout_ const unsigned char *&cursor, _Out_ eap::credentials_tls &val)
{
unpack(cursor, (eap::credentials&)val);
unpack(cursor, val.m_cert_hash );
// Don't load m_identity. We rebuild it on load.
//unpack(cursor, (eap::credentials&)val);
unpack(cursor, val.m_cert );
if (val.m_cert) {
// Generate identity. TODO: Find which CERT_NAME_... constant returns valid identity (username@domain or DOMAIN\Username).
CertGetNameString(val.m_cert, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, NULL, val.m_identity);
}
}
}