Last active
August 29, 2015 14:22
-
-
Save olliencc/1dfdfbeebd45ff89bdcf to your computer and use it in GitHub Desktop.
dump the certificate and private in PEM format when used
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// based on https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/ | |
// Licensed under the terms of GPLv3 (or any later version) at your choice | |
// | |
// works for daemons which can be run in the foreground | |
// | |
// gcc nccsslkeyandcertlog.c -shared -o nccsslkeyandcertlog.so -fPIC -ldl | |
// | |
// | |
#define _GNU_SOURCE | |
#include <dlfcn.h> | |
#include <openssl/ssl.h> | |
#include <fcntl.h> | |
#include <unistd.h> | |
#include <string.h> | |
#include <stdlib.h> | |
#include <stdio.h> | |
#ifndef OPENSSL_SONAME | |
# define OPENSSL_SONAME "libssl.so" | |
#endif | |
typedef int sslCB(char *buf, int size, int rwflag, void *password); | |
sslCB* funcsslCB = 0; | |
void* userData = 0; | |
static inline void *lookup_symbol(const char *sym) | |
{ | |
void *func = dlsym(RTLD_NEXT, sym); | |
/* Symbol not found, OpenSSL is not loaded (linked) so try to load it | |
* manually. This is error-prone as it depends on a fixed library name. | |
* Perhaps it should be an env name? */ | |
if (!func) { | |
void *handle = dlopen(OPENSSL_SONAME, RTLD_LAZY); | |
if (!handle) { | |
fprintf(stderr, "Lookup error for %s: %s", sym, dlerror()); | |
abort(); | |
} | |
func = dlsym(handle, sym); | |
if (!func) { | |
fprintf(stderr, "Cannot lookup %s", sym); | |
abort(); | |
} | |
dlclose(handle); | |
} | |
return func; | |
} | |
SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) | |
{ | |
fprintf(stderr,"%s called\n",__func__); | |
static int (*func)(); | |
if (!func) { | |
func = lookup_symbol(__func__); | |
} | |
char *subj = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0); | |
char *issuer = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0); | |
fprintf(stderr,"cert subject %s\n",subj); | |
fprintf(stderr,"cert issuer %s\n", issuer); | |
char strFileName[256] = {0}; | |
sprintf(strFileName,"pubkey.pem"); | |
FILE* pFile = fopen(strFileName,"wt"); | |
if(PEM_write_X509(pFile,x)){ | |
fprintf(stderr,"wrote x509 %s\n",strFileName); | |
} | |
fclose(pFile); | |
int ret = func(ctx,x); | |
return ret; | |
} | |
int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) | |
{ | |
fprintf(stderr,"%s called\n",__func__); | |
static int (*func)(); | |
if (!func) { | |
func = lookup_symbol(__func__); | |
} | |
fprintf(stderr,"address of private key %08x\n",(int)pkey); | |
char strFileName[256] = {0}; | |
sprintf(strFileName,"privkey.pem"); | |
FILE* pFile = fopen(strFileName,"wt"); | |
if(PEM_write_PrivateKey(pFile,pkey,NULL,NULL,0,0,NULL)){ | |
fprintf(stderr,"wrote key %s\n",strFileName); | |
} | |
fclose(pFile); | |
int ret = func(ctx,pkey); | |
return ret; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment