Skip to content

S
sofia-sip
Switch branch/tag
  1. 09 Mar, 2011 1 commit
  3. 06 Jul, 2010 1 commit
  5. 29 Jun, 2009 1 commit
    • Kai Samposalo's avatar
      Symbian winscw build fix · 87fd1a86
      Kai Samposalo authored 
      Ignore-this: 9ba9bcd0507b4925c49328e6318404b9

darcs-hash:20090629125227-9e0af-412192f59d8eefc741931877dd8d0574c27fc5b1.gz
      87fd1a86
  7. 13 May, 2009 1 commit
  9. 12 May, 2009 1 commit
  11. 29 Apr, 2009 1 commit
  13. 11 Mar, 2009 1 commit
    • Pekka Pessi's avatar
      tport.c: silence VC warnings · 905ead3c
      Pekka Pessi authored 
      Ignore-this: b81c43b73fcefa2dd58dd3366dd60368

darcs-hash:20090311165258-db55f-cef20213633caeb1bff3bc43a6e0ece5c0fbe500.gz
      905ead3c
  15. 03 Mar, 2009 1 commit
  17. 12 Feb, 2009 2 commits
  19. 11 Feb, 2009 1 commit
  21. 15 Jan, 2009 1 commit
    • Jarod Neuner's avatar
      TLS Subject Checking in tport · 7b637c59
      Jarod Neuner authored 
      sofia-sip/tport.h:
* tport_delivered_from_subjects() returns type (su_strlst_t const *)
* Export tport_subject_search()

sofia-sip/tport_tag.h + tport_tag.c:
* Remove TPTAG_TLS_VERIFY_PEER()
  - Depreciated.  Use TPTAG_TLS_VERIFY_POLICY instead.
  - Binary Compatibility is preserved.
* Add TPTAG_TLS_VERIFY_POLICY()
  - tport can verify incoming and/or outgoing connections, using:
    1) Certificate Signatures only - or -
    2) Certificate Signatures and Certificate Subjects
* Add TPTAG_TLS_VERIFY_DEPTH()
  - Restrict certificate chain verification to a set length.
* Add TPTAG_TLS_VERIFY_DATE()
  - Disable notBefore/notAfter checking (application: embedded devices)
* Add TPTAG_TLS_VERIFY_SUBJECTS()
  - Incoming connections must present client certificates with subjects
    that match an item in this list.
  - Intended Use: Proxy Authentication
* Replaced TPTAG_TRUSTED() with TPTAG_X509_SUBJECT()
  - Commented out for future use.
  - Intended Use: SIP User Identities in Server Certificates.
* Add appropriate doxygen documentation.

tport.c
* Add tport_subject_search()
  - Subject can be a hostname, IP Address, or a URI.
  - Valid subject examples include:
      example.com
      alice@example.com
      sip:alice@example.com
      sips:alice@example.com
* tport_by_addrinfo() matches tpn_canon against the subject list
    of reusable TLS connections.

tport_tls.h:
* Add tls_init_secondary()
* Remove tls_init_slave() & tls_init_client()

tport_tls.c:
* tls_verify_cb() supports TPTAG_TLS_VERIFY_DATE()
* tls_post_connection_check() verifies certificate subjects.
* tls_init_secondary()
  - Replaces tls_init_slave(), tls_init_client(), and tls_clone().

tport_type_tls.c:
* Removed erroneous reference to tport_tls_deliver()
* Fix a memory leak caused by duplicate calls to tls_clone().
* Populate the (tport_t *)->tp_subjects field with peer certificate data for
  new secondary connections.

darcs-hash:20090115155045-2152f-aaec406d8e5dbf146949d4d3cbc9f56e201cba46.gz
      7b637c59
  23. 08 Jan, 2009 1 commit
  25. 16 Dec, 2008 2 commits
    • Jarod Neuner's avatar
      Early TLS Handshake and Verification · 4af68bbd
      Jarod Neuner authored 
      tport_type_tls.c:
* tport_tls_accept():
  - Replaces tport_accept for incoming TLS connections.
* tport_tls_connect():
  - Replaces tport_base_connect() for outgoing TLS connections.

tport_tls.c:
* tls_t now use a memory home instead of malloc.
* removed tls_check_hosts()
* tls_connect():
  - Replaces tport_base_connect for TLS connection setup.
  - Completes TLS handshake and verifies peer certificates.
  - Destroys suspect TLS connections before sending/receiving payload.
  - Populates a su_strlst_t with subjects from the peer certificate.

tport.c:
* tport_is_verified()
  - true if peer certificate validated successfully
* tport_delivered_from_subjects()
  - Certificate subjects listed in the peer certificate.

darcs-hash:20081216221937-2152f-3d6b74d411b57c22230e4840fca133da48c86368.gz
      4af68bbd
    • Jarod Neuner's avatar
      Helper functions for vtp_connect and vtp_wakeup_pri. · f799e03c
      Jarod Neuner authored 
      - Expose tport_setname() and tport_wakeup() via tport_internal.h
- Add tport_register_secondary() for adding secondaries to a root, and
  to alleviate the need to export tprb_append.

darcs-hash:20081216175826-2152f-1a5680d4ca61ba2405b497cfc12bde3a776bfd64.gz
      f799e03c
  27. 26 Nov, 2008 3 commits
    • Paulo Pizarro paulo DOT pizarro AT gmail DOT com's avatar
      tport: new tag TPTAG_TLS_VERIFY_PEER · 0c8aac4a
      Paulo Pizarro paulo DOT pizarro AT gmail DOT com authored 
      With this tag, the verification of certificates can be controlled:
0: no verify certificates.
1: on server mode, the certificate returned by client is checked and
   if fail the TLS/SSL handshake is immediately terminated.
1: on client mode, the server certificate is verified and
   if fail the TLS/SSL handshake is immediately terminated.

I added this tag, because I'd like that my application not connected to a
server with a untrusted certificate.

darcs-hash:20081126184231-daa5a-26fe2a4f958d2f931d3f7e9b31bc0426e7250a1f.gz
      0c8aac4a
    • Pekka Pessi's avatar
      tport.c: cleared whitespace · 08287d39
      Pekka Pessi authored 
      darcs-hash:20081126183839-db55f-8bc76861b38b4cdd6423e5fcaf645bcad55f24b8.gz
      08287d39
    • Pekka Pessi's avatar
      tport.c: log real transport name by tport_vsend() · 7fe6cb69
      Pekka Pessi authored 
      darcs-hash:20081126183803-db55f-727c15892f5adb0e8e4eab1adb6d8736aec37042.gz
      7fe6cb69
  29. 12 Jul, 2008 1 commit
  31. 05 Jun, 2008 1 commit
  33. 20 May, 2008 1 commit
  35. 07 Mar, 2008 1 commit
  37. 27 Feb, 2008 1 commit
  39. 12 Feb, 2008 1 commit
  41. 29 Nov, 2007 1 commit
  43. 27 Nov, 2007 1 commit
  45. 20 Nov, 2007 2 commits
  47. 20 Sep, 2007 1 commit
  49. 25 Jul, 2007 3 commits
  51. 28 Jun, 2007 1 commit
  53. 01 Jun, 2007 2 commits
  55. 07 May, 2007 1 commit
  57. 23 Apr, 2007 1 commit
  59. 20 Apr, 2007 1 commit
  61. 22 Feb, 2007 1 commit
  63. 09 Feb, 2007 1 commit