Commit d644e7fe authored by jehan's avatar jehan

fix client certificate request filtering

parent 66b73d09
......@@ -75,7 +75,7 @@ BELLESIP_EXPORT belle_sip_server_transaction_t *belle_sip_transaction_terminated
* auth event mode
* */
typedef enum belle_sip_auth_mode {
BELLE_SIP_AUTH_MODE_HTTP_DISGEST, /** Disgest authentication has been requested by the server*/
BELLE_SIP_AUTH_MODE_HTTP_DIGEST, /** Disgest authentication has been requested by the server*/
BELLE_SIP_AUTH_MODE_TLS /** Client certificates has bee requested by the server*/
} belle_sip_auth_mode_t;
......
......@@ -179,7 +179,7 @@ BELLE_SIP_DECLARE_CUSTOM_VPTR_END
/**
* tls client certificate authentication. might be relevant for both tls and dtls channels.Only implemented in tls channel for now
* **/
void belle_sip_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain);
void belle_sip_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key);
void belle_sip_tls_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain);
void belle_sip_tls_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key);
#endif
......@@ -292,8 +292,8 @@ static int channel_on_auth_requested(belle_sip_channel_listener_t *obj, belle_si
auth_event->mode=BELLE_SIP_AUTH_MODE_TLS;
belle_sip_auth_event_set_distinguished_name(auth_event,distinguished_name);
BELLE_SIP_PROVIDER_INVOKE_LISTENERS(prov->listeners,process_auth_requested,auth_event);
belle_sip_channel_set_client_certificates_chain(chan,auth_event->cert);
belle_sip_channel_set_client_certificate_key(chan,auth_event->key);
belle_sip_tls_channel_set_client_certificates_chain(chan,auth_event->cert);
belle_sip_tls_channel_set_client_certificate_key(chan,auth_event->key);
belle_sip_auth_event_destroy(auth_event);
}
return 0;
......
......@@ -142,7 +142,7 @@ static int tls_channel_handshake(belle_sip_tls_channel_t *channel) {
if ((ret = ssl_handshake_step( &channel->sslctx ))) {
break;
}
if (channel->sslctx.state == SSL_CERTIFICATE_REQUEST) {
if (channel->sslctx.state == SSL_CLIENT_CERTIFICATE && channel->sslctx.client_auth >0) {
BELLE_SIP_INVOKE_LISTENERS_ARG1_ARG2( channel->base.base.listeners
,belle_sip_channel_listener_t
,on_auth_requested
......@@ -154,7 +154,6 @@ static int tls_channel_handshake(belle_sip_tls_channel_t *channel) {
int err;
#endif
char tmp[512]={0};
x509parse_cert_info(tmp,sizeof(tmp)-1,"",&channel->client_cert_chain->cert);
belle_sip_message("Channel [%p] found client certificate:\n%s",channel,tmp);
#if POLARSSL_VERSION_NUMBER < 0x01030000
......@@ -360,25 +359,27 @@ belle_sip_channel_t * belle_sip_channel_new_tls(belle_sip_tls_listening_point_t
return (belle_sip_channel_t*)obj;
}
void belle_sip_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain) {
void belle_sip_tls_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain) {
belle_sip_tls_channel_t* channel = (belle_sip_tls_channel_t*)obj;
belle_sip_object_ref(cert_chain);
if (channel->client_cert_chain) belle_sip_object_unref(channel->client_cert_chain);
channel->client_cert_chain=cert_chain;
if (channel->client_cert_chain) belle_sip_object_ref(channel->client_cert_chain);
}
void belle_sip_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key) {
void belle_sip_tls_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key) {
belle_sip_tls_channel_t* channel = (belle_sip_tls_channel_t*)obj;
belle_sip_object_ref(key);
if (channel->client_cert_key) belle_sip_object_unref(channel->client_cert_key);
channel->client_cert_key=key;
if (channel->client_cert_key) belle_sip_object_ref(channel->client_cert_key);
}
#else /*HAVE_POLLAR_SSL*/
void belle_sip_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain) {
void belle_sip_tls_channel_set_client_certificates_chain(belle_sip_channel_t *obj, belle_sip_certificates_chain_t* cert_chain) {
belle_sip_error("belle_sip_channel_set_client_certificate_chain requires TLS");
}
void belle_sip_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key) {
void belle_sip_tls_channel_set_client_certificate_key(belle_sip_channel_t *obj, belle_sip_signing_key_t* key) {
belle_sip_error("belle_sip_channel_set_client_certificate_key requires TLS");
}
#endif
......
......@@ -151,7 +151,7 @@ static const char* private_key_passwd="secret";
static void process_auth_requested(void *user_ctx, belle_sip_auth_event_t *event){
BELLESIP_UNUSED(user_ctx);
if (belle_sip_auth_event_get_mode(event) == BELLE_SIP_AUTH_MODE_HTTP_DISGEST) {
if (belle_sip_auth_event_get_mode(event) == BELLE_SIP_AUTH_MODE_HTTP_DIGEST) {
belle_sip_message("process_auth_requested requested for [%s@%s]"
,belle_sip_auth_event_get_username(event)
,belle_sip_auth_event_get_realm(event));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment