1. 28 Dec, 2017 1 commit
  2. 10 Jul, 2017 1 commit
  3. 18 May, 2016 1 commit
  4. 10 Jan, 2011 1 commit
  5. 15 Jan, 2009 1 commit
    • Jarod Neuner's avatar
      TLS Subject Checking in tport · 7b637c59
      Jarod Neuner authored
      sofia-sip/tport.h:
      * tport_delivered_from_subjects() returns type (su_strlst_t const *)
      * Export tport_subject_search()
      
      sofia-sip/tport_tag.h + tport_tag.c:
      * Remove TPTAG_TLS_VERIFY_PEER()
        - Depreciated.  Use TPTAG_TLS_VERIFY_POLICY instead.
        - Binary Compatibility is preserved.
      * Add TPTAG_TLS_VERIFY_POLICY()
        - tport can verify incoming and/or outgoing connections, using:
          1) Certificate Signatures only - or -
          2) Certificate Signatures and Certificate Subjects
      * Add TPTAG_TLS_VERIFY_DEPTH()
        - Restrict certificate chain verification to a set length.
      * Add TPTAG_TLS_VERIFY_DATE()
        - Disable notBefore/notAfter checking (application: embedded devices)
      * Add TPTAG_TLS_VERIFY_SUBJECTS()
        - Incoming connections must present client certificates with subjects
          that match an item in this list.
        - Intended Use: Proxy Authentication
      * Replaced TPTAG_TRUSTED() with TPTAG_X509_SUBJECT()
        - Commented out for future use.
        - Intended Use: SIP User Identities in Server Certificates.
      * Add appropriate doxygen documentation.
      
      tport.c
      * Add tport_subject_search()
        - Subject can be a hostname, IP Address, or a URI.
        - Valid subject examples include:
            example.com
            alice@example.com
            sip:alice@example.com
            sips:alice@example.com
      * tport_by_addrinfo() matches tpn_canon against the subject list
          of reusable TLS connections.
      
      tport_tls.h:
      * Add tls_init_secondary()
      * Remove tls_init_slave() & tls_init_client()
      
      tport_tls.c:
      * tls_verify_cb() supports TPTAG_TLS_VERIFY_DATE()
      * tls_post_connection_check() verifies certificate subjects.
      * tls_init_secondary()
        - Replaces tls_init_slave(), tls_init_client(), and tls_clone().
      
      tport_type_tls.c:
      * Removed erroneous reference to tport_tls_deliver()
      * Fix a memory leak caused by duplicate calls to tls_clone().
      * Populate the (tport_t *)->tp_subjects field with peer certificate data for
        new secondary connections.
      
      darcs-hash:20090115155045-2152f-aaec406d8e5dbf146949d4d3cbc9f56e201cba46.gz
      7b637c59
  6. 16 Dec, 2008 1 commit
    • Jarod Neuner's avatar
      Early TLS Handshake and Verification · 4af68bbd
      Jarod Neuner authored
      tport_type_tls.c:
      * tport_tls_accept():
        - Replaces tport_accept for incoming TLS connections.
      * tport_tls_connect():
        - Replaces tport_base_connect() for outgoing TLS connections.
      
      tport_tls.c:
      * tls_t now use a memory home instead of malloc.
      * removed tls_check_hosts()
      * tls_connect():
        - Replaces tport_base_connect for TLS connection setup.
        - Completes TLS handshake and verifies peer certificates.
        - Destroys suspect TLS connections before sending/receiving payload.
        - Populates a su_strlst_t with subjects from the peer certificate.
      
      tport.c:
      * tport_is_verified()
        - true if peer certificate validated successfully
      * tport_delivered_from_subjects()
        - Certificate subjects listed in the peer certificate.
      
      darcs-hash:20081216221937-2152f-3d6b74d411b57c22230e4840fca133da48c86368.gz
      4af68bbd
  7. 27 Nov, 2008 1 commit
  8. 26 Nov, 2008 1 commit
    • Paulo Pizarro paulo DOT pizarro AT gmail DOT com's avatar
      tport: new tag TPTAG_TLS_VERIFY_PEER · 0c8aac4a
      With this tag, the verification of certificates can be controlled:
      0: no verify certificates.
      1: on server mode, the certificate returned by client is checked and
         if fail the TLS/SSL handshake is immediately terminated.
      1: on client mode, the server certificate is verified and
         if fail the TLS/SSL handshake is immediately terminated.
      
      I added this tag, because I'd like that my application not connected to a
      server with a untrusted certificate.
      
      darcs-hash:20081126184231-daa5a-26fe2a4f958d2f931d3f7e9b31bc0426e7250a1f.gz
      0c8aac4a
  9. 20 Sep, 2007 1 commit
  10. 20 Sep, 2006 1 commit
  11. 17 May, 2006 1 commit
  12. 14 Feb, 2006 1 commit
    • Pekka Pessi's avatar
      Moved public include files to sofia-sip subdirectories. · 41286754
      Pekka Pessi authored
      All public include files installed in ${sofiadir} are now in sofia-sip
      subdirectories. They are installed to ${sofiadir}/sofia-sip, too.
      
      ${sofiadir} is defined by configure script relative to your ${prefix}, by
      default ${sofidir} is ${prefix}/include/sofia-sip-1.11. The default prefix
      is /usr/local and ${sofiadir} is /usr/local/include/sofia-sip-1.11. When
      using package manager, the ${prefix} is usually /usr and ${sofiadir} is
      /usr/include/sofia-sip-1.11.
      
      The public include files should be referenced using sofia-sip path, e.g.,
      <sofia-sip/su.h>.
      
      You can either fix your applications to use the new include file names
      with the fix-include-sofia-sip sed script found in scripts/ directory, or
      add both ${sofiadir} and ${sofiadir}/sofia-sip into your include path,
      e.g.,
      
      INCLUDES
      
      darcs-hash:20060214140740-65a35-305973241d6cc2e1ab3fe19359445b839b3c22a8.gz
      41286754
  13. 03 Jan, 2006 1 commit
  14. 27 Oct, 2005 1 commit
  15. 24 Oct, 2005 1 commit
  16. 13 Oct, 2005 2 commits
  17. 07 Sep, 2005 1 commit
    • Pekka Pessi's avatar
      pessi-darcs-0 · 2cda1e3f
      Pekka Pessi authored
      darcs-hash:20050907200052-65a35-f31775554518776b4e5f4d5729ef9f99eae648dc.gz
      2cda1e3f