• Jarod Neuner's avatar
    TLS Subject Checking in tport · 7b637c59
    Jarod Neuner authored
    sofia-sip/tport.h:
    * tport_delivered_from_subjects() returns type (su_strlst_t const *)
    * Export tport_subject_search()
    
    sofia-sip/tport_tag.h + tport_tag.c:
    * Remove TPTAG_TLS_VERIFY_PEER()
      - Depreciated.  Use TPTAG_TLS_VERIFY_POLICY instead.
      - Binary Compatibility is preserved.
    * Add TPTAG_TLS_VERIFY_POLICY()
      - tport can verify incoming and/or outgoing connections, using:
        1) Certificate Signatures only - or -
        2) Certificate Signatures and Certificate Subjects
    * Add TPTAG_TLS_VERIFY_DEPTH()
      - Restrict certificate chain verification to a set length.
    * Add TPTAG_TLS_VERIFY_DATE()
      - Disable notBefore/notAfter checking (application: embedded devices)
    * Add TPTAG_TLS_VERIFY_SUBJECTS()
      - Incoming connections must present client certificates with subjects
        that match an item in this list.
      - Intended Use: Proxy Authentication
    * Replaced TPTAG_TRUSTED() with TPTAG_X509_SUBJECT()
      - Commented out for future use.
      - Intended Use: SIP User Identities in Server Certificates.
    * Add appropriate doxygen documentation.
    
    tport.c
    * Add tport_subject_search()
      - Subject can be a hostname, IP Address, or a URI.
      - Valid subject examples include:
          example.com
          alice@example.com
          sip:alice@example.com
          sips:alice@example.com
    * tport_by_addrinfo() matches tpn_canon against the subject list
        of reusable TLS connections.
    
    tport_tls.h:
    * Add tls_init_secondary()
    * Remove tls_init_slave() & tls_init_client()
    
    tport_tls.c:
    * tls_verify_cb() supports TPTAG_TLS_VERIFY_DATE()
    * tls_post_connection_check() verifies certificate subjects.
    * tls_init_secondary()
      - Replaces tls_init_slave(), tls_init_client(), and tls_clone().
    
    tport_type_tls.c:
    * Removed erroneous reference to tport_tls_deliver()
    * Fix a memory leak caused by duplicate calls to tls_clone().
    * Populate the (tport_t *)->tp_subjects field with peer certificate data for
      new secondary connections.
    
    darcs-hash:20090115155045-2152f-aaec406d8e5dbf146949d4d3cbc9f56e201cba46.gz
    7b637c59
Name
Last commit
Last update
docs Loading commit data...
libsofia-sip-ua Loading commit data...
libsofia-sip-ua-glib Loading commit data...
m4 Loading commit data...
open_c Loading commit data...
packages Loading commit data...
rules Loading commit data...
s2check Loading commit data...
scripts Loading commit data...
tests Loading commit data...
utils Loading commit data...
win32 Loading commit data...
AUTHORS Loading commit data...
COPYING Loading commit data...
COPYRIGHTS Loading commit data...
ChangeLog Loading commit data...
ChangeLog.ext-trees Loading commit data...
Makefile.am Loading commit data...
README Loading commit data...
README.developers Loading commit data...
RELEASE Loading commit data...
RELEASE.template Loading commit data...
TODO Loading commit data...
autogen.sh Loading commit data...
configure.ac Loading commit data...