Commit 807139a4 authored by Guillaume Beraudo's avatar Guillaume Beraudo

Tport function for client certificate fingerprint

parent 4cdff9aa
......@@ -131,7 +131,7 @@ AC_CHECK_LIB([dl], [dlopen], [
### internal modules
### ----------------
AC_DEFINE([HAVE_SOFIA_SIP], 1, [Define to 1 always])
AC_DEFINE([HAVE_SOFIA_SRESOLV], 1, [Define to 1 if we use DNS library])
AC_DEFINE([HAVE_SOFIA_SRESOLV], 0, [Define to 1 if we use DNS library])
AC_DEFINE([HAVE_SOFIA_SMIME], 0, [Define to 1 if we use S/MIME library])
AC_ARG_ENABLE(stun,
......
......@@ -341,7 +341,9 @@ TPORT_DLL int tport_delivered_from(tport_t *tp, msg_t const *msg,
/** Return TLS Subjects provided by the source transport */
TPORT_DLL su_strlst_t const *tport_delivered_from_subjects(tport_t *tp,
msg_t const *msg);
/** Return TLS client certificate sha1 fingerprint (20 packets of 2 hexa digits)*/
TPORT_DLL unsigned char *tport_delivered_sha1_fingerprint(tport_t *tp,
msg_t const *msg);
/** Check if the given subject string is found in su_strlst_t */
TPORT_DLL int tport_subject_search(char const *, su_strlst_t const *);
......
......@@ -3186,6 +3186,20 @@ su_strlst_t const *tport_delivered_from_subjects(tport_t *tp, msg_t const *msg)
return NULL;
}
/** Return TLS client certificate sha1 fingerprint */
unsigned char *
tport_delivered_sha1_fingerprint(tport_t *tp, msg_t const *msg)
{
if (tp && msg && msg == tp->tp_master->mr_delivery->d_msg) {
tport_t *tp_sec = tp->tp_master->mr_delivery->d_tport;
return tp_sec ? tp_sec->tp_sha1_fingerprint : NULL;
}
else
return NULL;
}
/** Return UDVM used to decompress the message. */
int
tport_delivered_with_comp(tport_t *tp, msg_t const *msg,
......
......@@ -186,6 +186,9 @@ struct tport_s {
* connections (if primary).
*/
unsigned char tp_sha1_fingerprint[20];
#define tp_protoname tp_name->tpn_proto
#define tp_canon tp_name->tpn_canon
#define tp_host tp_name->tpn_host
......
......@@ -128,6 +128,7 @@ struct tls_s {
/* Host names */
su_strlst_t *subjects;
unsigned char sha1_fingerprint[20];
};
enum { tls_buffer_size = 16384 };
......@@ -519,6 +520,7 @@ su_inline
int tls_post_connection_check(tport_t *self, tls_t *tls)
{
X509 *cert;
const EVP_MD *digest;
int extcount;
int i, j, error;
......@@ -540,6 +542,9 @@ int tls_post_connection_check(tport_t *self, tls_t *tls)
if (!tls->subjects)
return X509_V_ERR_OUT_OF_MEM;
digest = EVP_get_digestbyname("sha1");
X509_digest(cert, digest, tls->sha1_fingerprint, NULL);
extcount = X509_get_ext_count(cert);
/* Find matching subjectAltName.DNS */
......@@ -943,8 +948,9 @@ int tls_connect(su_root_magic_t *magic, su_wait_t *w, tport_t *self)
tls->read_events = SU_WAIT_IN;
tls->write_events = 0;
self->tp_is_connected = 1;
self->tp_verified = tls->x509_verified;
self->tp_subjects = tls->subjects;
self->tp_verified = tls->x509_verified;
self->tp_subjects = tls->subjects;
memcpy(self->tp_sha1_fingerprint, tls->sha1_fingerprint, sizeof(self->tp_sha1_fingerprint));
if (tport_has_queued(self))
tport_send_event(self);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment