depth = X509_STORE_CTX_get_error_depth(ctx);
lookup = depth;
- if (lookup > 1) lookup = 1;
+
+ /*
+ * Log client/issuing cert. If there's an error, log
+ * issuing cert.
+ */
+ if ((lookup > 1) && !my_ok) lookup = 1;
/*
* Retrieve the pointer to the SSL of the connection currently treated
*/
buf[0] = '\0';
sn = X509_get_serialNumber(client_cert);
- if (sn && (sn->length < (sizeof(buf) / 2))) {
+
+ /*
+ * For this next bit, we create the attributes *only* if
+ * we're at the client or issuing certificate.
+ */
+ if ((lookup <= 1) && sn && (sn->length < (sizeof(buf) / 2))) {
char *p = buf;
int i;
*/
buf[0] = '\0';
asn_time = X509_get_notAfter(client_cert);
- if (asn_time && (asn_time->length < MAX_STRING_LEN)) {
+ if ((lookup <= 1) && asn_time && (asn_time->length < MAX_STRING_LEN)) {
memcpy(buf, (char*) asn_time->data, asn_time->length);
buf[asn_time->length] = '\0';
pairadd(&handler->certs,
X509_NAME_oneline(X509_get_subject_name(client_cert), subject,
sizeof(subject));
subject[sizeof(subject) - 1] = '\0';
- if (subject[0] && (strlen(subject) < MAX_STRING_LEN)) {
+ if ((lookup <= 1) && subject[0] && (strlen(subject) < MAX_STRING_LEN)) {
pairadd(&handler->certs,
pairmake(cert_attr_names[EAPTLS_SUBJECT][lookup], subject, T_OP_SET));
}
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer,
sizeof(issuer));
issuer[sizeof(issuer) - 1] = '\0';
- if (issuer[0] && (strlen(issuer) < MAX_STRING_LEN)) {
+ if ((lookup <= 1) && issuer[0] && (strlen(issuer) < MAX_STRING_LEN)) {
pairadd(&handler->certs,
pairmake(cert_attr_names[EAPTLS_ISSUER][lookup], issuer, T_OP_SET));
}
X509_NAME_get_text_by_NID(X509_get_subject_name(client_cert),
NID_commonName, common_name, sizeof(common_name));
common_name[sizeof(common_name) - 1] = '\0';
- if (common_name[0] && (strlen(common_name) < MAX_STRING_LEN)) {
+ if ((lookup <= 1) && common_name[0] && (strlen(common_name) < MAX_STRING_LEN)) {
pairadd(&handler->certs,
pairmake(cert_attr_names[EAPTLS_CN][lookup], common_name, T_OP_SET));
}
* information.
*/
if (eaptls_handle_idx < 0) {
- eaptls_handle_idx = SSL_get_ex_new_index(0, "eaptls_handle_idx",
- NULL, NULL, NULL);
+ eaptls_handle_idx = SSL_get_ex_new_index(0, &eaptls_handle_idx,
+ NULL, NULL, NULL);
}
if (eaptls_conf_idx < 0) {
- eaptls_conf_idx = SSL_get_ex_new_index(0, "eaptls_conf_idx",
+ eaptls_conf_idx = SSL_get_ex_new_index(0, &eaptls_conf_idx,
NULL, NULL, NULL);
}
if (eaptls_session_idx < 0) {
- eaptls_session_idx = SSL_get_ex_new_index(0, "eaptls_session_idx",
+ eaptls_session_idx = SSL_get_ex_new_index(0, &eaptls_session_idx,
NULL, NULL,
eaptls_session_free);
}