• Jarod Neuner's avatar
    TLS Subject Checking in tport · 7b637c59
    Jarod Neuner authored
    sofia-sip/tport.h:
    * tport_delivered_from_subjects() returns type (su_strlst_t const *)
    * Export tport_subject_search()
    
    sofia-sip/tport_tag.h + tport_tag.c:
    * Remove TPTAG_TLS_VERIFY_PEER()
      - Depreciated.  Use TPTAG_TLS_VERIFY_POLICY instead.
      - Binary Compatibility is preserved.
    * Add TPTAG_TLS_VERIFY_POLICY()
      - tport can verify incoming and/or outgoing connections, using:
        1) Certificate Signatures only - or -
        2) Certificate Signatures and Certificate Subjects
    * Add TPTAG_TLS_VERIFY_DEPTH()
      - Restrict certificate chain verification to a set length.
    * Add TPTAG_TLS_VERIFY_DATE()
      - Disable notBefore/notAfter checking (application: embedded devices)
    * Add TPTAG_TLS_VERIFY_SUBJECTS()
      - Incoming connections must present client certificates with subjects
        that match an item in this list.
      - Intended Use: Proxy Authentication
    * Replaced TPTAG_TRUSTED() with TPTAG_X509_SUBJECT()
      - Commented out for future use.
      - Intended Use: SIP User Identities in Server Certificates.
    * Add appropriate doxygen documentation.
    
    tport.c
    * Add tport_subject_search()
      - Subject can be a hostname, IP Address, or a URI.
      - Valid subject examples include:
          example.com
          alice@example.com
          sip:alice@example.com
          sips:alice@example.com
    * tport_by_addrinfo() matches tpn_canon against the subject list
        of reusable TLS connections.
    
    tport_tls.h:
    * Add tls_init_secondary()
    * Remove tls_init_slave() & tls_init_client()
    
    tport_tls.c:
    * tls_verify_cb() supports TPTAG_TLS_VERIFY_DATE()
    * tls_post_connection_check() verifies certificate subjects.
    * tls_init_secondary()
      - Replaces tls_init_slave(), tls_init_client(), and tls_clone().
    
    tport_type_tls.c:
    * Removed erroneous reference to tport_tls_deliver()
    * Fix a memory leak caused by duplicate calls to tls_clone().
    * Populate the (tport_t *)->tp_subjects field with peer certificate data for
      new secondary connections.
    
    darcs-hash:20090115155045-2152f-aaec406d8e5dbf146949d4d3cbc9f56e201cba46.gz
    7b637c59
Name
Last commit
Last update
..
bnf Loading commit data...
docs Loading commit data...
features Loading commit data...
http Loading commit data...
ipt Loading commit data...
iptsec Loading commit data...
msg Loading commit data...
nea Loading commit data...
nta Loading commit data...
nth Loading commit data...
nua Loading commit data...
sdp Loading commit data...
sip Loading commit data...
soa Loading commit data...
sresolv Loading commit data...
stun Loading commit data...
su Loading commit data...
tport Loading commit data...
url Loading commit data...
ChangeLog Loading commit data...
Makefile.am Loading commit data...