Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
BC
public
belle-sip
Commits
d644e7fe
Commit
d644e7fe
authored
Oct 07, 2013
by
jehan
Browse files
fix client certificate request filtering
parent
66b73d09
Changes
5
Hide whitespace changes
Inline
Side-by-side
include/belle-sip/listener.h
View file @
d644e7fe
...
...
@@ -75,7 +75,7 @@ BELLESIP_EXPORT belle_sip_server_transaction_t *belle_sip_transaction_terminated
* auth event mode
* */
typedef
enum
belle_sip_auth_mode
{
BELLE_SIP_AUTH_MODE_HTTP_DI
S
GEST
,
/** Disgest authentication has been requested by the server*/
BELLE_SIP_AUTH_MODE_HTTP_DIGEST
,
/** Disgest authentication has been requested by the server*/
BELLE_SIP_AUTH_MODE_TLS
/** Client certificates has bee requested by the server*/
}
belle_sip_auth_mode_t
;
...
...
src/channel.h
View file @
d644e7fe
...
...
@@ -179,7 +179,7 @@ BELLE_SIP_DECLARE_CUSTOM_VPTR_END
/**
* tls client certificate authentication. might be relevant for both tls and dtls channels.Only implemented in tls channel for now
* **/
void
belle_sip_channel_set_client_certificates_chain
(
belle_sip_channel_t
*
obj
,
belle_sip_certificates_chain_t
*
cert_chain
);
void
belle_sip_channel_set_client_certificate_key
(
belle_sip_channel_t
*
obj
,
belle_sip_signing_key_t
*
key
);
void
belle_sip_
tls_
channel_set_client_certificates_chain
(
belle_sip_channel_t
*
obj
,
belle_sip_certificates_chain_t
*
cert_chain
);
void
belle_sip_
tls_
channel_set_client_certificate_key
(
belle_sip_channel_t
*
obj
,
belle_sip_signing_key_t
*
key
);
#endif
src/provider.c
View file @
d644e7fe
...
...
@@ -292,8 +292,8 @@ static int channel_on_auth_requested(belle_sip_channel_listener_t *obj, belle_si
auth_event
->
mode
=
BELLE_SIP_AUTH_MODE_TLS
;
belle_sip_auth_event_set_distinguished_name
(
auth_event
,
distinguished_name
);
BELLE_SIP_PROVIDER_INVOKE_LISTENERS
(
prov
->
listeners
,
process_auth_requested
,
auth_event
);
belle_sip_channel_set_client_certificates_chain
(
chan
,
auth_event
->
cert
);
belle_sip_channel_set_client_certificate_key
(
chan
,
auth_event
->
key
);
belle_sip_
tls_
channel_set_client_certificates_chain
(
chan
,
auth_event
->
cert
);
belle_sip_
tls_
channel_set_client_certificate_key
(
chan
,
auth_event
->
key
);
belle_sip_auth_event_destroy
(
auth_event
);
}
return
0
;
...
...
src/transports/tls_channel_polarssl.c
View file @
d644e7fe
...
...
@@ -142,7 +142,7 @@ static int tls_channel_handshake(belle_sip_tls_channel_t *channel) {
if
((
ret
=
ssl_handshake_step
(
&
channel
->
sslctx
)))
{
break
;
}
if
(
channel
->
sslctx
.
state
==
SSL_CERTIFICATE
_REQUEST
)
{
if
(
channel
->
sslctx
.
state
==
SSL_
CLIENT_
CERTIFICATE
&&
channel
->
sslctx
.
client_auth
>
0
)
{
BELLE_SIP_INVOKE_LISTENERS_ARG1_ARG2
(
channel
->
base
.
base
.
listeners
,
belle_sip_channel_listener_t
,
on_auth_requested
...
...
@@ -154,7 +154,6 @@ static int tls_channel_handshake(belle_sip_tls_channel_t *channel) {
int
err
;
#endif
char
tmp
[
512
]
=
{
0
};
x509parse_cert_info
(
tmp
,
sizeof
(
tmp
)
-
1
,
""
,
&
channel
->
client_cert_chain
->
cert
);
belle_sip_message
(
"Channel [%p] found client certificate:
\n
%s"
,
channel
,
tmp
);
#if POLARSSL_VERSION_NUMBER < 0x01030000
...
...
@@ -360,25 +359,27 @@ belle_sip_channel_t * belle_sip_channel_new_tls(belle_sip_tls_listening_point_t
return
(
belle_sip_channel_t
*
)
obj
;
}
void
belle_sip_channel_set_client_certificates_chain
(
belle_sip_channel_t
*
obj
,
belle_sip_certificates_chain_t
*
cert_chain
)
{
void
belle_sip_
tls_
channel_set_client_certificates_chain
(
belle_sip_channel_t
*
obj
,
belle_sip_certificates_chain_t
*
cert_chain
)
{
belle_sip_tls_channel_t
*
channel
=
(
belle_sip_tls_channel_t
*
)
obj
;
belle_sip_object_ref
(
cert_chain
);
if
(
channel
->
client_cert_chain
)
belle_sip_object_unref
(
channel
->
client_cert_chain
);
channel
->
client_cert_chain
=
cert_chain
;
if
(
channel
->
client_cert_chain
)
belle_sip_object_ref
(
channel
->
client_cert_chain
);
}
void
belle_sip_channel_set_client_certificate_key
(
belle_sip_channel_t
*
obj
,
belle_sip_signing_key_t
*
key
)
{
void
belle_sip_
tls_
channel_set_client_certificate_key
(
belle_sip_channel_t
*
obj
,
belle_sip_signing_key_t
*
key
)
{
belle_sip_tls_channel_t
*
channel
=
(
belle_sip_tls_channel_t
*
)
obj
;
belle_sip_object_ref
(
key
);
if
(
channel
->
client_cert_key
)
belle_sip_object_unref
(
channel
->
client_cert_key
);
channel
->
client_cert_key
=
key
;
if
(
channel
->
client_cert_key
)
belle_sip_object_ref
(
channel
->
client_cert_key
);
}
#else
/*HAVE_POLLAR_SSL*/
void
belle_sip_channel_set_client_certificates_chain
(
belle_sip_channel_t
*
obj
,
belle_sip_certificates_chain_t
*
cert_chain
)
{
void
belle_sip_
tls_
channel_set_client_certificates_chain
(
belle_sip_channel_t
*
obj
,
belle_sip_certificates_chain_t
*
cert_chain
)
{
belle_sip_error
(
"belle_sip_channel_set_client_certificate_chain requires TLS"
);
}
void
belle_sip_channel_set_client_certificate_key
(
belle_sip_channel_t
*
obj
,
belle_sip_signing_key_t
*
key
)
{
void
belle_sip_
tls_
channel_set_client_certificate_key
(
belle_sip_channel_t
*
obj
,
belle_sip_signing_key_t
*
key
)
{
belle_sip_error
(
"belle_sip_channel_set_client_certificate_key requires TLS"
);
}
#endif
...
...
tester/belle_sip_register_tester.c
View file @
d644e7fe
...
...
@@ -151,7 +151,7 @@ static const char* private_key_passwd="secret";
static
void
process_auth_requested
(
void
*
user_ctx
,
belle_sip_auth_event_t
*
event
){
BELLESIP_UNUSED
(
user_ctx
);
if
(
belle_sip_auth_event_get_mode
(
event
)
==
BELLE_SIP_AUTH_MODE_HTTP_DI
S
GEST
)
{
if
(
belle_sip_auth_event_get_mode
(
event
)
==
BELLE_SIP_AUTH_MODE_HTTP_DIGEST
)
{
belle_sip_message
(
"process_auth_requested requested for [%s@%s]"
,
belle_sip_auth_event_get_username
(
event
)
,
belle_sip_auth_event_get_realm
(
event
));
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment