Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
BC
public
belle-sip
Commits
e00c82e4
Commit
e00c82e4
authored
Jan 13, 2014
by
Simon Morlat
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
factorize ssl verification code
progress in http implementation
parent
ab3232e2
Changes
18
Hide whitespace changes
Inline
Side-by-side
Showing
18 changed files
with
221 additions
and
89 deletions
+221
-89
include/belle-sip/auth-helper.h
include/belle-sip/auth-helper.h
+9
-0
include/belle-sip/http-listener.h
include/belle-sip/http-listener.h
+3
-12
include/belle-sip/http-provider.h
include/belle-sip/http-provider.h
+2
-0
include/belle-sip/listeningpoint.h
include/belle-sip/listeningpoint.h
+6
-2
include/belle-sip/types.h
include/belle-sip/types.h
+3
-1
src/auth_event.c
src/auth_event.c
+41
-2
src/belle_sip_internal.h
src/belle_sip_internal.h
+14
-6
src/belle_sip_resolver.c
src/belle_sip_resolver.c
+3
-1
src/channel.h
src/channel.h
+6
-0
src/http-listener.c
src/http-listener.c
+2
-2
src/http-message.c
src/http-message.c
+1
-0
src/http-provider.c
src/http-provider.c
+80
-20
src/listeningpoint_internal.h
src/listeningpoint_internal.h
+2
-3
src/provider.c
src/provider.c
+4
-4
src/transaction.c
src/transaction.c
+3
-3
src/transports/tls_channel_polarssl.c
src/transports/tls_channel_polarssl.c
+10
-7
src/transports/tls_listeningpoint_polarssl.c
src/transports/tls_listeningpoint_polarssl.c
+10
-21
tester/belle_http_tester.c
tester/belle_http_tester.c
+22
-5
No files found.
include/belle-sip/auth-helper.h
View file @
e00c82e4
...
...
@@ -134,6 +134,15 @@ BELLESIP_EXPORT belle_sip_certificates_chain_t* belle_sip_certificates_chain_par
*/
BELLESIP_EXPORT
belle_sip_signing_key_t
*
belle_sip_signing_key_parse_file
(
const
char
*
path
,
const
char
*
passwd
);
BELLESIP_EXPORT
belle_tls_verify_policy_t
*
belle_tls_verify_policy_new
(
void
);
BELLESIP_EXPORT
int
belle_tls_verify_policy_set_root_ca
(
belle_tls_verify_policy_t
*
obj
,
const
char
*
path
);
#define BELLE_TLS_VERIFY_CN_MISMATCH (1)
#define BELLE_TLS_VERIFY_ANY_REASON (0xff)
BELLESIP_EXPORT
void
belle_tls_verify_policy_set_exceptions
(
belle_tls_verify_policy_t
*
obj
,
int
flags
);
BELLE_SIP_END_DECLS
#endif
/* AUTHENTICATION_HELPER_H_ */
include/belle-sip/http-listener.h
View file @
e00c82e4
...
...
@@ -22,27 +22,18 @@
#define belle_http_listener_h
struct
belle_http_response_event
{
belle_
http_provider_t
*
provider
;
belle_
sip_object_t
*
source
;
belle_http_request_t
*
request
;
belle_http_response_t
*
response
;
};
typedef
struct
belle_http_response_event
belle_http_response_event_t
;
struct
belle_http_io_error_event
{
belle_http_provider_t
*
provider
;
belle_http_request_t
*
request
;
};
typedef
struct
belle_http_io_error_event
belle_http_io_error_event_t
;
typedef
struct
belle_http_io_error_event
belle_http_timeout_event_t
;
#define BELLE_HTTP_INTERFACE_FUNCS(argT) \
void (*process_response)(argT *user_ctx, const belle_http_response_event_t *event); \
void (*process_io_error)(argT *user_ctx, const belle_
htt
p_io_error_event_t *event); \
void (*process_timeout)(argT *user_ctx, const belle_
htt
p_timeout_event_t *event); \
void (*process_io_error)(argT *user_ctx, const belle_
si
p_io_error_event_t *event); \
void (*process_timeout)(argT *user_ctx, const belle_
si
p_timeout_event_t *event); \
void (*process_auth_requested)(argT *user_ctx, belle_sip_auth_event_t *event);
BELLE_SIP_DECLARE_INTERFACE_BEGIN
(
belle_http_request_listener_t
)
...
...
include/belle-sip/http-provider.h
View file @
e00c82e4
...
...
@@ -25,6 +25,8 @@ BELLE_SIP_BEGIN_DECLS
#define BELLE_SIP_HTTP_PROVIDER(obj) BELLE_SIP_CAST(obj,belle_http_provider_t)
BELLESIP_EXPORT
int
belle_http_provider_set_tls_verify_policy
(
belle_http_provider_t
*
obj
,
belle_tls_verify_policy_t
*
verify_ctx
);
BELLESIP_EXPORT
int
belle_http_provider_send_request
(
belle_http_provider_t
*
obj
,
belle_http_request_t
*
req
,
belle_http_request_listener_t
*
listener
);
BELLE_SIP_END_DECLS
...
...
include/belle-sip/listeningpoint.h
View file @
e00c82e4
...
...
@@ -59,12 +59,16 @@ BELLESIP_EXPORT void belle_sip_listening_point_clean_channels(belle_sip_listenin
BELLESIP_EXPORT
int
belle_sip_listening_point_get_channel_count
(
const
belle_sip_listening_point_t
*
lp
);
BELLESIP_EXPORT
int
belle_sip_listening_point_get_well_known_port
(
const
char
*
transport
);
/*deprecated*/
BELLESIP_EXPORT
int
belle_sip_tls_listening_point_set_root_ca
(
belle_sip_tls_listening_point_t
*
s
,
const
char
*
path
);
#define BELLE_SIP_TLS_LISTENING_POINT_BADCERT_CN_MISMATCH (1)
#define BELLE_SIP_TLS_LISTENING_POINT_BADCERT_ANY_REASON (0xff)
/*deprecated*/
#define BELLE_SIP_TLS_LISTENING_POINT_BADCERT_CN_MISMATCH BELLE_TLS_VERIFY_CN_MISMATCH
#define BELLE_SIP_TLS_LISTENING_POINT_BADCERT_ANY_REASON BELLE_TLS_VERIFY_ANY_REASON
BELLESIP_EXPORT
int
belle_sip_tls_listening_point_set_verify_exceptions
(
belle_sip_tls_listening_point_t
*
s
,
int
flags
);
BELLESIP_EXPORT
int
belle_sip_tls_listening_point_set_verify_policy
(
belle_sip_tls_listening_point_t
*
s
,
belle_tls_verify_policy_t
*
pol
);
BELLESIP_EXPORT
belle_sip_listening_point_t
*
belle_sip_tunnel_listening_point_new
(
belle_sip_stack_t
*
s
,
void
*
tunnelclient
);
...
...
include/belle-sip/types.h
View file @
e00c82e4
...
...
@@ -120,7 +120,8 @@ BELLE_SIP_DECLARE_TYPES_BEGIN(belle_sip,1)
BELLE_SIP_TYPE_ID
(
belle_http_response_t
),
BELLE_SIP_TYPE_ID
(
belle_http_channel_context_t
),
BELLE_SIP_TYPE_ID
(
belle_generic_uri_t
),
BELLE_SIP_TYPE_ID
(
belle_http_callbacks_t
)
BELLE_SIP_TYPE_ID
(
belle_http_callbacks_t
),
BELLE_SIP_TYPE_ID
(
belle_tls_verify_policy_t
)
BELLE_SIP_DECLARE_TYPES_END
...
...
@@ -153,6 +154,7 @@ typedef struct _belle_sip_uri belle_sip_uri_t;
typedef
struct
_belle_sip_parameters
belle_sip_parameters_t
;
typedef
struct
belle_sip_param_pair
belle_sip_param_pair_t
;
typedef
struct
_belle_sip_header
belle_sip_header_t
;
typedef
struct
belle_tls_verify_policy
belle_tls_verify_policy_t
;
#endif
...
...
src/auth_event.c
View file @
e00c82e4
...
...
@@ -30,9 +30,9 @@ GET_SET_STRING(belle_sip_auth_event,passwd)
GET_SET_STRING
(
belle_sip_auth_event
,
ha1
)
GET_SET_STRING
(
belle_sip_auth_event
,
distinguished_name
)
belle_sip_auth_event_t
*
belle_sip_auth_event_create
(
const
char
*
realm
,
const
belle_sip_header_from_t
*
from
)
{
belle_sip_auth_event_t
*
belle_sip_auth_event_create
(
belle_sip_object_t
*
source
,
const
char
*
realm
,
const
belle_sip_header_from_t
*
from
)
{
belle_sip_auth_event_t
*
result
=
belle_sip_new0
(
belle_sip_auth_event_t
);
result
->
source
=
source
;
belle_sip_auth_event_set_realm
(
result
,
realm
);
if
(
from
){
...
...
@@ -82,3 +82,42 @@ belle_sip_auth_mode_t belle_sip_auth_event_get_mode(const belle_sip_auth_event_t
return
event
->
mode
;
}
static
void
verify_policy_uninit
(
belle_tls_verify_policy_t
*
obj
){
if
(
obj
->
root_ca
)
belle_sip_free
(
obj
->
root_ca
);
}
BELLE_SIP_DECLARE_NO_IMPLEMENTED_INTERFACES
(
belle_tls_verify_policy_t
);
BELLE_SIP_INSTANCIATE_VPTR
(
belle_tls_verify_policy_t
,
belle_sip_object_t
,
verify_policy_uninit
,
NULL
,
NULL
,
FALSE
);
belle_tls_verify_policy_t
*
belle_tls_verify_policy_new
(){
belle_tls_verify_policy_t
*
obj
=
belle_sip_object_new
(
belle_tls_verify_policy_t
);
/*default to "system" default root ca, wihtout warranty...*/
#ifdef __linux
belle_tls_verify_policy_set_root_ca
(
obj
,
"/etc/ssl/certs"
);
#elif defined(__APPLE__)
belle_tls_verify_policy_set_root_ca
(
obj
,
"/opt/local/share/curl/curl-ca-bundle.crt"
);
#endif
return
obj
;
}
int
belle_tls_verify_policy_set_root_ca
(
belle_tls_verify_policy_t
*
obj
,
const
char
*
path
){
if
(
obj
->
root_ca
){
belle_sip_free
(
obj
->
root_ca
);
obj
->
root_ca
=
NULL
;
}
if
(
path
){
obj
->
root_ca
=
belle_sip_strdup
(
path
);
belle_sip_message
(
"Root ca path set to %s"
,
obj
->
root_ca
);
}
else
{
belle_sip_message
(
"Root ca path disabled"
);
}
return
0
;
}
void
belle_tls_verify_policy_set_exceptions
(
belle_tls_verify_policy_t
*
obj
,
int
flags
){
obj
->
exception_flags
=
flags
;
}
src/belle_sip_internal.h
View file @
e00c82e4
...
...
@@ -193,13 +193,13 @@ BELLE_SIP_DECLARE_VPTR(belle_sip_certificates_chain_t);
BELLE_SIP_DECLARE_VPTR
(
belle_sip_signing_key_t
);
BELLE_SIP_DECLARE_VPTR
(
belle_sip_dns_srv_t
);
BELLE_SIP_DECLARE_VPTR
(
belle_sip_dict_t
)
BELLE_SIP_DECLARE_VPTR
(
belle_http_provider_t
);
BELLE_SIP_DECLARE_VPTR
(
belle_http_channel_context_t
);
BELLE_SIP_DECLARE_VPTR
(
belle_http_request_t
);
BELLE_SIP_DECLARE_VPTR
(
belle_http_response_t
);
BELLE_SIP_DECLARE_VPTR
(
belle_generic_uri_t
);
BELLE_SIP_DECLARE_VPTR
(
belle_http_callbacks_t
);
BELLE_SIP_DECLARE_VPTR
(
belle_tls_verify_policy_t
);
BELLE_SIP_DECLARE_CUSTOM_VPTR_BEGIN
(
belle_sip_resolver_context_t
,
belle_sip_source_t
)
void
(
*
cancel
)(
belle_sip_resolver_context_t
*
);
...
...
@@ -605,6 +605,7 @@ struct belle_http_request{
belle_generic_uri_t
*
req_uri
;
char
*
method
;
belle_http_request_listener_t
*
listener
;
belle_generic_uri_t
*
orig_uri
;
/*original uri before removing host and user/passwd*/
belle_http_response_t
*
response
;
};
...
...
@@ -868,21 +869,21 @@ struct belle_sip_io_error_event{
};
struct
belle_sip_request_event
{
belle_sip_
provider
_t
*
source
;
belle_sip_
object
_t
*
source
;
belle_sip_server_transaction_t
*
server_transaction
;
belle_sip_dialog_t
*
dialog
;
belle_sip_request_t
*
request
;
};
struct
belle_sip_response_event
{
belle_sip_
provider
_t
*
source
;
belle_sip_
object
_t
*
source
;
belle_sip_client_transaction_t
*
client_transaction
;
belle_sip_dialog_t
*
dialog
;
belle_sip_response_t
*
response
;
};
struct
belle_sip_timeout_event
{
belle_sip_
provider
_t
*
source
;
belle_sip_
object
_t
*
source
;
belle_sip_transaction_t
*
transaction
;
int
is_server_transaction
;
};
...
...
@@ -894,6 +895,7 @@ struct belle_sip_transaction_terminated_event{
};
struct
belle_sip_auth_event
{
belle_sip_object_t
*
source
;
belle_sip_auth_mode_t
mode
;
char
*
username
;
char
*
userid
;
...
...
@@ -904,10 +906,9 @@ struct belle_sip_auth_event {
char
*
distinguished_name
;
belle_sip_certificates_chain_t
*
cert
;
belle_sip_signing_key_t
*
key
;
};
belle_sip_auth_event_t
*
belle_sip_auth_event_create
(
const
char
*
realm
,
const
belle_sip_header_from_t
*
from
);
belle_sip_auth_event_t
*
belle_sip_auth_event_create
(
belle_sip_object_t
*
source
,
const
char
*
realm
,
const
belle_sip_header_from_t
*
from
);
void
belle_sip_auth_event_set_distinguished_name
(
belle_sip_auth_event_t
*
event
,
const
char
*
value
);
...
...
@@ -946,6 +947,13 @@ void belle_sip_dialog_update_request(belle_sip_dialog_t *dialog, belle_sip_reque
belle_sip_error_code
belle_sip_headers_marshal
(
belle_sip_message_t
*
message
,
char
*
buff
,
size_t
buff_size
,
size_t
*
offset
);
#define SET_OBJECT_PROPERTY(obj,property_name,new_value) \
if (new_value) belle_sip_object_ref(new_value); \
if (obj->property_name){ \
belle_sip_object_unref(obj->property_name); \
}\
obj->property_name=new_value;
#include "parserutils.h"
#endif
src/belle_sip_resolver.c
View file @
e00c82e4
...
...
@@ -485,8 +485,10 @@ struct addrinfo * belle_sip_ip_address_to_addrinfo(int family, const char *ipadd
hints
.
ai_flags
|=
AI_V4MAPPED
;
}
err
=
getaddrinfo
(
ipaddress
,
serv
,
&
hints
,
&
res
);
if
(
err
!=
0
){
belle_sip_error
(
"belle_sip_ip_address_to_addrinfo(): getaddrinfo() error: %s"
,
gai_strerror
(
err
));
if
(
err
!=
EAI_NONAME
)
belle_sip_error
(
"belle_sip_ip_address_to_addrinfo(): getaddrinfo() error: %s"
,
gai_strerror
(
err
));
return
NULL
;
}
return
res
;
...
...
src/channel.h
View file @
e00c82e4
...
...
@@ -188,4 +188,10 @@ belle_sip_channel_t *belle_sip_channel_find_from_list(belle_sip_list_t *l, int a
#define BELLE_SIP_TLS_CHANNEL(obj) BELLE_SIP_CAST(obj,belle_sip_tls_channel_t)
struct
belle_tls_verify_policy
{
belle_sip_object_t
base
;
char
*
root_ca
;
int
exception_flags
;
};
#endif
src/http-listener.c
View file @
e00c82e4
...
...
@@ -34,13 +34,13 @@ static void process_response_event(belle_http_request_listener_t *l, const belle
obj
->
cbs
.
process_response
(
obj
->
user_ctx
,
event
);
}
static
void
process_io_error
(
belle_http_request_listener_t
*
l
,
const
belle_
htt
p_io_error_event_t
*
event
){
static
void
process_io_error
(
belle_http_request_listener_t
*
l
,
const
belle_
si
p_io_error_event_t
*
event
){
belle_http_callbacks_t
*
obj
=
(
belle_http_callbacks_t
*
)
l
;
if
(
obj
->
cbs
.
process_io_error
)
obj
->
cbs
.
process_io_error
(
obj
->
user_ctx
,
event
);
}
static
void
process_timeout
(
belle_http_request_listener_t
*
l
,
const
belle_
htt
p_timeout_event_t
*
event
){
static
void
process_timeout
(
belle_http_request_listener_t
*
l
,
const
belle_
si
p_timeout_event_t
*
event
){
belle_http_callbacks_t
*
obj
=
(
belle_http_callbacks_t
*
)
l
;
if
(
obj
->
cbs
.
process_timeout
)
obj
->
cbs
.
process_timeout
(
obj
->
user_ctx
,
event
);
...
...
src/http-message.c
View file @
e00c82e4
...
...
@@ -32,6 +32,7 @@ static void belle_http_request_destroy(belle_http_request_t *req){
if
(
req
->
req_uri
)
belle_sip_object_unref
(
req
->
req_uri
);
DESTROY_STRING
(
req
,
method
)
belle_http_request_set_listener
(
req
,
NULL
);
SET_OBJECT_PROPERTY
(
req
,
orig_uri
,
NULL
);
belle_sip_message
(
"http request destroyed"
);
}
...
...
src/http-provider.c
View file @
e00c82e4
...
...
@@ -38,30 +38,78 @@ struct belle_http_provider{
int
ai_family
;
belle_sip_list_t
*
tcp_channels
;
belle_sip_list_t
*
tls_channels
;
belle_tls_verify_policy_t
*
verify_ctx
;
};
#define BELLE_HTTP_REQUEST_INVOKE_LISTENER(obj,method,arg) \
obj->listener ? BELLE_SIP_INVOKE_LISTENER_ARG(obj->listener,belle_http_request_listener_t,method,arg) : 0
static
int
http_channel_context_handle_authentication
(
belle_http_channel_context_t
*
ctx
,
belle_http_request_t
*
req
){
const
char
*
realm
=
NULL
;
belle_sip_auth_event_t
*
ev
=
NULL
;
belle_http_response_t
*
resp
=
belle_http_request_get_response
(
req
);
const
char
*
username
=
NULL
;
const
char
*
passwd
=
NULL
;
int
ret
=
0
;
(
void
)
resp
;
/*find if username, passwd were already supplied in original request uri*/
if
(
req
->
orig_uri
){
username
=
belle_generic_uri_get_user
(
req
->
orig_uri
);
passwd
=
belle_generic_uri_get_user_password
(
req
->
orig_uri
);
}
if
(
username
==
NULL
||
passwd
==
NULL
){
/*TODO find the realm from the Authentication header*/
ev
=
belle_sip_auth_event_create
((
belle_sip_object_t
*
)
ctx
->
provider
,
realm
,
NULL
);
BELLE_HTTP_REQUEST_INVOKE_LISTENER
(
req
,
process_auth_requested
,
ev
);
username
=
ev
->
username
;
passwd
=
ev
->
passwd
;
}
if
(
username
&&
passwd
){
/*TODO resubmit the request to the provider with authentication added*/
belle_http_provider_send_request
(
ctx
->
provider
,
req
,
NULL
);
}
else
ret
=-
1
;
if
(
ev
)
belle_sip_auth_event_destroy
(
ev
);
return
ret
;
}
static
void
http_channel_context_handle_response
(
belle_http_channel_context_t
*
ctx
,
belle_http_response_t
*
response
){
belle_http_request_t
*
req
=
NULL
;
belle_http_response_event_t
ev
=
{
0
};
int
code
;
/*pop the request matching this response*/
ctx
->
pending_requests
=
belle_sip_list_pop_front
(
ctx
->
pending_requests
,(
void
**
)
&
req
);
if
(
req
==
NULL
){
belle_sip_error
(
"Receiving http response not matching any request."
);
return
;
}
belle_http_request_set_response
(
req
,
response
);
code
=
belle_http_response_get_status_code
(
response
);
if
((
code
==
401
||
code
==
407
)
&&
http_channel_context_handle_authentication
(
ctx
,
req
)
==
0
){
/*nothing to do, the request has been resubmitted with authentication*/
}
else
{
/*else notify the app about the response received*/
ev
.
source
=
(
belle_sip_object_t
*
)
ctx
->
provider
;
ev
.
request
=
req
;
ev
.
response
=
response
;
BELLE_HTTP_REQUEST_INVOKE_LISTENER
(
req
,
process_response
,
&
ev
);
}
belle_sip_object_unref
(
req
);
}
static
int
channel_on_event
(
belle_sip_channel_listener_t
*
obj
,
belle_sip_channel_t
*
chan
,
unsigned
int
revents
){
belle_http_channel_context_t
*
ctx
=
BELLE_HTTP_CHANNEL_CONTEXT
(
obj
);
if
(
revents
&
BELLE_SIP_EVENT_READ
){
belle_sip_message_t
*
msg
;
while
((
msg
=
belle_sip_channel_pick_message
(
chan
))
!=
NULL
){
if
(
msg
&&
BELLE_SIP_OBJECT_IS_INSTANCE_OF
(
msg
,
belle_http_response_t
)){
belle_http_request_t
*
req
=
NULL
;
belle_http_response_event_t
ev
=
{
0
};
/*pop the request matching this response*/
ctx
->
pending_requests
=
belle_sip_list_pop_front
(
ctx
->
pending_requests
,(
void
**
)
&
req
);
if
(
req
==
NULL
){
belle_sip_error
(
"Receiving http response not matching any request."
);
return
0
;
}
ev
.
provider
=
NULL
;
ev
.
request
=
req
;
ev
.
response
=
(
belle_http_response_t
*
)
msg
;
BELLE_HTTP_REQUEST_INVOKE_LISTENER
(
req
,
process_response
,
&
ev
);
belle_sip_object_unref
(
req
);
http_channel_context_handle_response
(
ctx
,(
belle_http_response_t
*
)
msg
);
}
belle_sip_object_unref
(
msg
);
}
...
...
@@ -70,19 +118,18 @@ static int channel_on_event(belle_sip_channel_listener_t *obj, belle_sip_channel
}
static
int
channel_on_auth_requested
(
belle_sip_channel_listener_t
*
obj
,
belle_sip_channel_t
*
chan
,
const
char
*
distinguished_name
){
belle_http_channel_context_t
*
ctx
=
BELLE_HTTP_CHANNEL_CONTEXT
(
obj
);
if
(
BELLE_SIP_IS_INSTANCE_OF
(
chan
,
belle_sip_tls_channel_t
))
{
/*
belle_http_provider_t *prov=BELLE_SIP_HTTP_PROVIDER(obj);
belle_sip_auth_event_t* auth_event = belle_sip_auth_event_create(NULL,NULL);
belle_sip_auth_event_t
*
auth_event
=
belle_sip_auth_event_create
((
belle_sip_object_t
*
)
ctx
->
provider
,
NULL
,
NULL
);
belle_sip_tls_channel_t
*
tls_chan
=
BELLE_SIP_TLS_CHANNEL
(
chan
);
belle_http_request_t
*
req
=
(
belle_http_request_t
*
)
ctx
->
pending_requests
->
data
;
auth_event
->
mode
=
BELLE_SIP_AUTH_MODE_TLS
;
belle_sip_auth_event_set_distinguished_name
(
auth_event
,
distinguished_name
);
BELLE_
SIP_PROVIDER
_INVOKE_LISTENER
S(prov->listeners
,process_auth_requested,auth_event);
BELLE_
HTTP_REQUEST
_INVOKE_LISTENER
(
req
,
process_auth_requested
,
auth_event
);
belle_sip_tls_channel_set_client_certificates_chain
(
tls_chan
,
auth_event
->
cert
);
belle_sip_tls_channel_set_client_certificate_key
(
tls_chan
,
auth_event
->
key
);
belle_sip_auth_event_destroy
(
auth_event
);
*/
}
return
0
;
}
...
...
@@ -147,6 +194,7 @@ static void http_provider_uninit(belle_http_provider_t *obj){
belle_sip_list_free_with_data
(
obj
->
tcp_channels
,
belle_sip_object_unref
);
belle_sip_list_for_each
(
obj
->
tls_channels
,(
void
(
*
)(
void
*
))
belle_sip_channel_force_close
);
belle_sip_list_free_with_data
(
obj
->
tls_channels
,
belle_sip_object_unref
);
belle_sip_object_unref
(
obj
->
verify_ctx
);
}
BELLE_SIP_DECLARE_NO_IMPLEMENTED_INTERFACES
(
belle_http_provider_t
);
...
...
@@ -157,6 +205,7 @@ belle_http_provider_t *belle_http_provider_new(belle_sip_stack_t *s, const char
p
->
stack
=
s
;
p
->
bind_ip
=
belle_sip_strdup
(
bind_ip
);
p
->
ai_family
=
strchr
(
p
->
bind_ip
,
':'
)
?
AF_INET6
:
AF_INET
;
p
->
verify_ctx
=
belle_tls_verify_policy_new
();
return
p
;
}
...
...
@@ -173,6 +222,7 @@ static void split_request_url(belle_http_request_t *req){
host_value
=
belle_sip_strdup
(
belle_generic_uri_get_host
(
uri
));
belle_sip_message_add_header
(
BELLE_SIP_MESSAGE
(
req
),
belle_sip_header_create
(
"Host"
,
host_value
));
belle_sip_free
(
host_value
);
SET_OBJECT_PROPERTY
(
req
,
orig_uri
,
uri
);
belle_http_request_set_uri
(
req
,
new_uri
);
}
...
...
@@ -197,12 +247,16 @@ int belle_http_provider_send_request(belle_http_provider_t *obj, belle_http_requ
belle_sip_hop_t
*
hop
=
belle_sip_hop_new_from_generic_uri
(
belle_http_request_get_uri
(
req
));
belle_sip_list_t
**
channels
=
provider_get_channels
(
obj
,
hop
->
transport
);
belle_http_request_set_listener
(
req
,
listener
);
if
(
listener
)
belle_http_request_set_listener
(
req
,
listener
);
chan
=
belle_sip_channel_find_from_list
(
*
channels
,
obj
->
ai_family
,
hop
);
if
(
!
chan
){
chan
=
belle_sip_stream_channel_new_client
(
obj
->
stack
,
obj
->
bind_ip
,
0
,
hop
->
cname
,
hop
->
host
,
hop
->
port
);
if
(
strcasecmp
(
hop
->
transport
,
"tcp"
)
==
0
){
chan
=
belle_sip_stream_channel_new_client
(
obj
->
stack
,
obj
->
bind_ip
,
0
,
hop
->
cname
,
hop
->
host
,
hop
->
port
);
}
else
if
(
strcasecmp
(
hop
->
transport
,
"tls"
)
==
0
){
chan
=
belle_sip_channel_new_tls
(
obj
->
stack
,
obj
->
verify_ctx
,
obj
->
bind_ip
,
0
,
hop
->
cname
,
hop
->
host
,
hop
->
port
);
}
belle_http_channel_context_new
(
chan
,
obj
);
*
channels
=
belle_sip_list_prepend
(
*
channels
,
chan
);
}
...
...
@@ -212,3 +266,9 @@ int belle_http_provider_send_request(belle_http_provider_t *obj, belle_http_requ
return
0
;
}
int
belle_http_provider_set_tls_verify_policy
(
belle_http_provider_t
*
obj
,
belle_tls_verify_policy_t
*
verify_ctx
){
SET_OBJECT_PROPERTY
(
obj
,
verify_ctx
,
verify_ctx
);
return
0
;
}
src/listeningpoint_internal.h
View file @
e00c82e4
...
...
@@ -85,8 +85,7 @@ belle_sip_listening_point_t * belle_sip_stream_listening_point_new(belle_sip_sta
struct
belle_sip_tls_listening_point
{
belle_sip_stream_listening_point_t
base
;
char
*
root_ca
;
int
verify_exceptions
;
belle_tls_verify_policy_t
*
verify_ctx
;
};
int
belle_sip_tls_listening_point_available
(
void
);
...
...
@@ -95,7 +94,7 @@ BELLE_SIP_DECLARE_CUSTOM_VPTR_BEGIN(belle_sip_tls_listening_point_t,belle_sip_li
BELLE_SIP_DECLARE_CUSTOM_VPTR_END
#define BELLE_SIP_TLS_LISTENING_POINT(obj) BELLE_SIP_CAST(obj,belle_sip_tls_listening_point_t)
belle_sip_listening_point_t
*
belle_sip_tls_listening_point_new
(
belle_sip_stack_t
*
s
,
const
char
*
ipaddress
,
int
port
);
belle_sip_channel_t
*
belle_sip_channel_new_tls
(
belle_sip_
tls_listening_point_t
*
lp
,
const
char
*
bindip
,
int
localport
,
const
char
*
cname
,
const
char
*
name
,
int
port
);
belle_sip_channel_t
*
belle_sip_channel_new_tls
(
belle_sip_
stack_t
*
s
,
belle_tls_verify_policy_t
*
verify_ctx
,
const
char
*
bindip
,
int
localport
,
const
char
*
cname
,
const
char
*
name
,
int
port
);
/*tunnel*/
#ifdef HAVE_TUNNEL
...
...
src/provider.c
View file @
e00c82e4
...
...
@@ -115,7 +115,7 @@ static void belle_sip_provider_dispatch_request(belle_sip_provider_t* prov, bell
belle_sip_server_transaction_send_response
(
tr
,
belle_sip_response_create_from_request
(
req
,
480
));
return
;
}
else
{
ev
.
source
=
prov
;
ev
.
source
=
(
belle_sip_object_t
*
)
prov
;
ev
.
server_transaction
=
NULL
;
ev
.
request
=
req
;
BELLE_SIP_PROVIDER_INVOKE_LISTENERS
(
prov
->
listeners
,
process_request_event
,
&
ev
);
...
...
@@ -156,7 +156,7 @@ static void belle_sip_provider_dispatch_response(belle_sip_provider_t* prov, bel
belle_sip_object_unref
(
t
);
}
else
{
belle_sip_response_event_t
event
;
event
.
source
=
prov
;
event
.
source
=
(
belle_sip_object_t
*
)
prov
;
event
.
client_transaction
=
NULL
;
event
.
dialog
=
NULL
;
event
.
response
=
msg
;
...
...
@@ -317,7 +317,7 @@ static int channel_on_event(belle_sip_channel_listener_t *obj, belle_sip_channel
static
int
channel_on_auth_requested
(
belle_sip_channel_listener_t
*
obj
,
belle_sip_channel_t
*
chan
,
const
char
*
distinguished_name
){
if
(
BELLE_SIP_IS_INSTANCE_OF
(
chan
,
belle_sip_tls_channel_t
))
{
belle_sip_provider_t
*
prov
=
BELLE_SIP_PROVIDER
(
obj
);
belle_sip_auth_event_t
*
auth_event
=
belle_sip_auth_event_create
(
NULL
,
NULL
);
belle_sip_auth_event_t
*
auth_event
=
belle_sip_auth_event_create
(
(
belle_sip_object_t
*
)
prov
,
NULL
,
NULL
);
belle_sip_tls_channel_t
*
tls_chan
=
BELLE_SIP_TLS_CHANNEL
(
chan
);
auth_event
->
mode
=
BELLE_SIP_AUTH_MODE_TLS
;
belle_sip_auth_event_set_distinguished_name
(
auth_event
,
distinguished_name
);
...
...
@@ -1004,7 +1004,7 @@ int belle_sip_provider_add_authorization(belle_sip_provider_t *p, belle_sip_requ
for
(;
auth_context_lst
!=
NULL
;
auth_context_lst
=
auth_context_lst
->
next
)
{
/*clear auth info*/
auth_context
=
(
authorization_context_t
*
)
auth_context_lst
->
data
;
auth_event
=
belle_sip_auth_event_create
(
auth_context
->
realm
,
from
);
auth_event
=
belle_sip_auth_event_create
(
(
belle_sip_object_t
*
)
p
,
auth_context
->
realm
,
from
);
/*put data*/
/*call listener*/
BELLE_SIP_PROVIDER_INVOKE_LISTENERS
(
p
->
listeners
,
process_auth_requested
,
auth_event
);
...
...
src/transaction.c
View file @
e00c82e4
...
...
@@ -130,7 +130,7 @@ belle_sip_response_t *belle_sip_transaction_get_response(const belle_sip_transac
static
void
notify_timeout
(
belle_sip_transaction_t
*
t
){
belle_sip_timeout_event_t
ev
;
ev
.
source
=
t
->
provider
;
ev
.
source
=
(
belle_sip_object_t
*
)
t
->
provider
;
ev
.
transaction
=
t
;
ev
.
is_server_transaction
=
BELLE_SIP_OBJECT_IS_INSTANCE_OF
(
t
,
belle_sip_server_transaction_t
);
BELLE_SIP_PROVIDER_INVOKE_LISTENERS_FOR_TRANSACTION
(
t
,
process_timeout
,
&
ev
);
...
...
@@ -245,7 +245,7 @@ void belle_sip_server_transaction_send_response(belle_sip_server_transaction_t *
static
void
server_transaction_notify
(
belle_sip_server_transaction_t
*
t
,
belle_sip_request_t
*
req
,
belle_sip_dialog_t
*
dialog
){
belle_sip_request_event_t
event
;
event
.
source
=
t
->
base
.
provider
;
event
.
source
=
(
belle_sip_object_t
*
)
t
->
base
.
provider
;
event
.
server_transaction
=
t
;
event
.
dialog
=
dialog
;
event
.
request
=
req
;
...
...
@@ -441,7 +441,7 @@ void belle_sip_client_transaction_notify_response(belle_sip_client_transaction_t
return
;
}
event
.
source
=
base
->
provider
;
event
.
source
=
(
belle_sip_object_t
*
)
base
->
provider
;
event
.
client_transaction
=
t
;
event
.
dialog
=
dialog
;
event
.
response
=
(
belle_sip_response_t
*
)
resp
;
...
...
src/transports/tls_channel_polarssl.c
View file @
e00c82e4
...
...
@@ -62,6 +62,7 @@ struct belle_sip_tls_channel{
char
*
cur_debug_msg
;
belle_sip_certificates_chain_t
*
client_cert_chain
;
belle_sip_signing_key_t
*
client_cert_key
;
belle_tls_verify_policy_t
*
verify_ctx
;
};
static
void
tls_channel_close
(
belle_sip_tls_channel_t
*
obj
){
...
...
@@ -81,6 +82,7 @@ static void tls_channel_uninit(belle_sip_tls_channel_t *obj){
x509_free
(
&
obj
->
root_ca
);
if
(
obj
->
cur_debug_msg
)
belle_sip_free
(
obj
->
cur_debug_msg
);
belle_sip_object_unref
(
obj
->
verify_ctx
);
}
static
int
tls_channel_send
(
belle_sip_channel_t
*
obj
,
const
void
*
buf
,
size_t
buflen
){
...
...
@@ -270,16 +272,16 @@ static const char *polarssl_certflags_to_string(char *buf, size_t size, int flag
}
static
int
belle_sip_ssl_verify
(
void
*
data
,
x509_cert
*
cert
,
int
depth
,
int
*
flags
){
belle_
sip_tls_listening_point_t
*
lp
=
(
belle_sip_tls_listening_point
_t
*
)
data
;
belle_
tls_verify_policy_t
*
verify_ctx
=
(
belle_tls_verify_policy
_t
*
)
data
;
char
tmp
[
512
];
char
flags_str
[
128
];
x509parse_cert_info
(
tmp
,
sizeof
(
tmp
),
""
,
cert
);
belle_sip_message
(
"Found certificate depth=[%i], flags=[%s]:
\n
%s"
,
depth
,
polarssl_certflags_to_string
(
flags_str
,
sizeof
(
flags_str
),
*
flags
),
tmp
);
if
(
lp
->
verify_exceptions
==
BELLE_
SIP_TLS_LISTENING_POINT_BADCERT
_ANY_REASON
){
if
(
verify_
ctx
->
exception
_flag
s
==
BELLE_
TLS_VERIFY
_ANY_REASON
){
*
flags
=
0
;
}
else
if
(
lp
->
verify_exceptions
&
BELLE_
SIP_TLS_LISTENING_POINT_BADCERT
_CN_MISMATCH
){
}
else
if
(
verify_
ctx
->
exception
_flag
s
&
BELLE_
TLS_VERIFY
_CN_MISMATCH
){
*
flags
&=~
BADCERT_CN_MISMATCH
;
}
return
0
;
...
...
@@ -335,12 +337,12 @@ static void ssl_debug_to_belle_sip(void *context, int level, const char *str){
#endif
belle_sip_channel_t
*
belle_sip_channel_new_tls
(
belle_sip_
tls_listening_point_t
*
lp
,
const
char
*
bindip
,
int
localport
,
const
char
*
peer_cname
,
const
char
*
dest
,
int
port
){
belle_sip_channel_t
*
belle_sip_channel_new_tls
(
belle_sip_
stack_t
*
stack
,
belle_tls_verify_policy_t
*
verify_ctx
,
const
char
*
bindip
,
int
localport
,
const
char
*
peer_cname
,
const
char
*
dest
,
int
port
){
belle_sip_tls_channel_t
*
obj
=
belle_sip_object_new
(
belle_sip_tls_channel_t
);
belle_sip_stream_channel_t
*
super
=
(
belle_sip_stream_channel_t
*
)
obj
;
belle_sip_stream_channel_init_client
(
super
,
((
belle_sip_listening_point_t
*
)
lp
)
->
stack
,
stack
,
bindip
,
localport
,
peer_cname
,
dest
,
port
);
ssl_init
(
&
obj
->
sslctx
);
#ifdef ENABLE_POLARSSL_LOGS
...
...
@@ -349,11 +351,12 @@ belle_sip_channel_t * belle_sip_channel_new_tls(belle_sip_tls_listening_point_t
ssl_set_endpoint
(
&
obj
->
sslctx
,
SSL_IS_CLIENT
);
ssl_set_authmode
(
&
obj
->
sslctx
,
SSL_VERIFY_REQUIRED
);
ssl_set_bio
(
&
obj
->
sslctx
,
polarssl_read
,
obj
,
polarssl_write
,
obj
);
if
(
lp
->
root_ca
&&
belle_sip_tls_channel_load_root_ca
(
obj
,
lp
->
root_ca
)
==
0
){
if
(
verify_ctx
->
root_ca
&&
belle_sip_tls_channel_load_root_ca
(
obj
,
verify_ctx
->
root_ca
)
==
0
){
ssl_set_ca_chain
(
&
obj
->
sslctx
,
&
obj
->
root_ca
,
NULL
,
super
->
base
.
peer_cname
?
super
->
base
.
peer_cname
:
super
->
base
.
peer_name
);
}
ssl_set_rng
(
&
obj
->
sslctx
,
random_generator
,
NULL
);
ssl_set_verify
(
&
obj
->
sslctx
,
belle_sip_ssl_verify
,
lp
);
ssl_set_verify
(
&
obj
->
sslctx
,
belle_sip_ssl_verify
,
verify_ctx
);
obj
->
verify_ctx
=
(
belle_tls_verify_policy_t
*
)
belle_sip_object_ref
(
verify_ctx
);
return
(
belle_sip_channel_t
*
)
obj
;
}
...
...
src/transports/tls_listeningpoint_polarssl.c
View file @
e00c82e4
...
...
@@ -23,11 +23,11 @@
#include <polarssl/ssl.h>
static
void
belle_sip_tls_listening_point_uninit
(
belle_sip_tls_listening_point_t
*
lp
){
belle_sip_
free
(
lp
->
root_ca
);
belle_sip_
object_unref
(
lp
->
verify_ctx
);
}
static
belle_sip_channel_t
*
tls_create_channel
(
belle_sip_listening_point_t
*
lp
,
const
belle_sip_hop_t
*
hop
){
belle_sip_channel_t
*
chan
=
belle_sip_channel_new_tls
(
BELLE_SIP_TLS_LISTENING_POINT
(
lp
)
belle_sip_channel_t
*
chan
=
belle_sip_channel_new_tls
(
lp
->
stack
,
((
belle_sip_tls_listening_point_t
*
)
lp
)
->
verify_ctx
,
belle_sip_uri_get_host
(
lp
->
listening_uri
)
,
belle_sip_uri_get_port
(
lp
->
listening_uri
)
,
hop
->
cname
...
...
@@ -72,35 +72,24 @@ belle_sip_listening_point_t * belle_sip_tls_listening_point_new(belle_sip_stack_