nhrp-events: use hub extension

3 files changed, 13 insertions, 3 deletions

diff --git a/dmvpn-ca b/dmvpn-ca
index 2732e87..69439a2 100755
--- a/dmvpn-ca
+++ b/dmvpn-ca
@@ -18,6 +18,8 @@ asn1 = require('asn1')
 rfc3779 = require('asn1.rfc3779')
 rfc5280 = require('asn1.rfc5280')
 
+dmvpn = require('dmvpn')
+
 pkcs12 = require('openssl.pkcs12')
 pkey = require('openssl.pkey')
 x509 = require('openssl.x509')
@@ -1123,7 +1125,7 @@ output = scan_choice(
 
 								cert:addExtension(
 									x509ext.new(
-										'1.3.6.1.4.1.31536.1.1',
+										dmvpn.OID_IS_HUB,
 										'critical,DER',
 										asn1.boolean.encode(attrs.site == '')
 									)
diff --git a/dmvpn.lua b/dmvpn.lua
new file mode 100644
index 0000000..5fd31ce
--- /dev/null
+++ b/dmvpn.lua
@@ -0,0 +1,6 @@
+--[[
+Copyright (c) 2014-2018 Kaarle Ritvanen
+See LICENSE file for license details
+]]--
+
+return {OID_IS_HUB='1.3.6.1.4.1.31536.1.1'}
diff --git a/nhrp-events b/nhrp-events
index 2f55657..f87463b 100755
--- a/nhrp-events
+++ b/nhrp-events
@@ -6,6 +6,7 @@ address against certificate subjectAltName IP, and auto-creates BGP pairings
 and filters based on S-BGP extensions.
 
 Copyright (c) 2015-2017 Timo Teräs
+Copyright (c) 2017-2018 Kaarle Ritvanen
 
 See LICENSE file for license details
 ]]--
@@ -16,7 +17,9 @@ local cq = require 'cqueues'
 local cqs = require 'cqueues.socket'
 local x509 = require 'openssl.x509'
 local x509an = require 'openssl.x509.altname'
+local asn1 = require 'asn1'
 local rfc3779 = require 'asn1.rfc3779'
+local dmvpn = require 'dmvpn'
 
 local SOCK = "/var/run/nhrp-events.sock"
 posix.unlink(SOCK)
@@ -81,8 +84,7 @@ local function parse_cert(certhex)
 	}
 	local cert = x509.new(certhex:hex2bin(), 'der')
 	out.cn = tostring(cert:getSubject())
-	-- Recognize hubs by certificate's CN to have OU=Hubs
-	out.hub = out.cn:match("/OU=Hubs/") and true or nil
+	out.hub = decode_ext(cert, dmvpn.OID_IS_HUB, asn1.boolean)
 	do_parse_cert(cert, out)
 	return out
 end