fix client certificate request filtering

d644e7fe · jehan · 66b73d09 · d644e7fe · d644e7fe · d644e7fe
Commit d644e7fe authored Oct 07, 2013 by jehan
5 changed files
--- a/include/belle-sip/listener.h
+++ b/include/belle-sip/listener.h
@@ -75,7 +75,7 @@ BELLESIP_EXPORT belle_sip_server_transaction_t *belle_sip_transaction_terminated
 * auth event mode
 * */
 typedef enum belle_sip_auth_mode {
-	BELLE_SIP_AUTH_MODE_HTTP_DISGEST, /** Disgest authentication has been requested by the server*/
+	BELLE_SIP_AUTH_MODE_HTTP_DIGEST, /** Disgest authentication has been requested by the server*/
 	BELLE_SIP_AUTH_MODE_TLS /** Client certificates has bee requested by the server*/
 } belle_sip_auth_mode_t;


--- a/src/channel.h
+++ b/src/channel.h
@@ -179,7 +179,7 @@ BELLE_SIP_DECLARE_CUSTOM_VPTR_END
 /**
 * tls client certificate authentication. might be relevant for both tls and dtls channels.Only implemented in tls channel for now
 * **/
-void belle_sip_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain);
-void belle_sip_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key);
+void belle_sip_tls_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain);
+void belle_sip_tls_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key);

 #endif
--- a/src/provider.c
+++ b/src/provider.c
@@ -292,8 +292,8 @@ static int channel_on_auth_requested(belle_sip_channel_listener_t *obj, belle_si
 		auth_event->mode=BELLE_SIP_AUTH_MODE_TLS;
 		belle_sip_auth_event_set_distinguished_name(auth_event,distinguished_name);
 		BELLE_SIP_PROVIDER_INVOKE_LISTENERS(prov->listeners,process_auth_requested,auth_event);
-		belle_sip_channel_set_client_certificates_chain(chan,auth_event->cert);
-		belle_sip_channel_set_client_certificate_key(chan,auth_event->key);
+		belle_sip_tls_channel_set_client_certificates_chain(chan,auth_event->cert);
+		belle_sip_tls_channel_set_client_certificate_key(chan,auth_event->key);
 		belle_sip_auth_event_destroy(auth_event);
 	}
 	return 0;

--- a/src/transports/tls_channel_polarssl.c
+++ b/src/transports/tls_channel_polarssl.c
@@ -142,7 +142,7 @@ static int tls_channel_handshake(belle_sip_tls_channel_t *channel) {
 		if ((ret = ssl_handshake_step( &channel->sslctx ))) {
 			break;
 		}
-		if (channel->sslctx.state == SSL_CERTIFICATE_REQUEST) {
+		if (channel->sslctx.state == SSL_CLIENT_CERTIFICATE && channel->sslctx.client_auth >0) {
 			BELLE_SIP_INVOKE_LISTENERS_ARG1_ARG2(	channel->base.base.listeners
 					,belle_sip_channel_listener_t
 					,on_auth_requested
@@ -154,7 +154,6 @@ static int tls_channel_handshake(belle_sip_tls_channel_t *channel) {
 				int err;
 #endif
 				char tmp[512]={0};
-
 				x509parse_cert_info(tmp,sizeof(tmp)-1,"",&channel->client_cert_chain->cert);
 				belle_sip_message("Channel [%p]  found client  certificate:\n%s",channel,tmp);
 #if POLARSSL_VERSION_NUMBER < 0x01030000
@@ -360,25 +359,27 @@ belle_sip_channel_t * belle_sip_channel_new_tls(belle_sip_tls_listening_point_t
 	return (belle_sip_channel_t*)obj;
 }

-void belle_sip_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain) {
+void belle_sip_tls_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain) {
 	belle_sip_tls_channel_t* channel = (belle_sip_tls_channel_t*)obj;
+	belle_sip_object_ref(cert_chain);
 	if (channel->client_cert_chain) belle_sip_object_unref(channel->client_cert_chain);
 	channel->client_cert_chain=cert_chain;
-	if (channel->client_cert_chain) belle_sip_object_ref(channel->client_cert_chain);
+
 }
-void belle_sip_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key) {
+void belle_sip_tls_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key) {
 	belle_sip_tls_channel_t* channel = (belle_sip_tls_channel_t*)obj;
+	belle_sip_object_ref(key);
 	if (channel->client_cert_key) belle_sip_object_unref(channel->client_cert_key);
 	channel->client_cert_key=key;
-	if (channel->client_cert_key) belle_sip_object_ref(channel->client_cert_key);
+
 }


 #else /*HAVE_POLLAR_SSL*/
-void belle_sip_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain) {
+void belle_sip_tls_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain) {
 	belle_sip_error("belle_sip_channel_set_client_certificate_chain requires TLS");
 }
-void belle_sip_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key) {
+void belle_sip_tls_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key) {
 	belle_sip_error("belle_sip_channel_set_client_certificate_key requires TLS");
 }
 #endif

--- a/tester/belle_sip_register_tester.c
+++ b/tester/belle_sip_register_tester.c
@@ -151,7 +151,7 @@ static const char* private_key_passwd="secret";

 static void process_auth_requested(void *user_ctx, belle_sip_auth_event_t *event){
 	BELLESIP_UNUSED(user_ctx);
-	if (belle_sip_auth_event_get_mode(event) == BELLE_SIP_AUTH_MODE_HTTP_DISGEST) {
+	if (belle_sip_auth_event_get_mode(event) == BELLE_SIP_AUTH_MODE_HTTP_DIGEST) {
 		belle_sip_message("process_auth_requested requested for [%s@%s]"
 				,belle_sip_auth_event_get_username(event)
 				,belle_sip_auth_event_get_realm(event));