• Jarod Neuner's avatar
    TLS Subject Checking in tport · 7b637c59
    Jarod Neuner authored
    sofia-sip/tport.h:
    * tport_delivered_from_subjects() returns type (su_strlst_t const *)
    * Export tport_subject_search()
    
    sofia-sip/tport_tag.h + tport_tag.c:
    * Remove TPTAG_TLS_VERIFY_PEER()
      - Depreciated.  Use TPTAG_TLS_VERIFY_POLICY instead.
      - Binary Compatibility is preserved.
    * Add TPTAG_TLS_VERIFY_POLICY()
      - tport can verify incoming and/or outgoing connections, using:
        1) Certificate Signatures only - or -
        2) Certificate Signatures and Certificate Subjects
    * Add TPTAG_TLS_VERIFY_DEPTH()
      - Restrict certificate chain verification to a set length.
    * Add TPTAG_TLS_VERIFY_DATE()
      - Disable notBefore/notAfter checking (application: embedded devices)
    * Add TPTAG_TLS_VERIFY_SUBJECTS()
      - Incoming connections must present client certificates with subjects
        that match an item in this list.
      - Intended Use: Proxy Authentication
    * Replaced TPTAG_TRUSTED() with TPTAG_X509_SUBJECT()
      - Commented out for future use.
      - Intended Use: SIP User Identities in Server Certificates.
    * Add appropriate doxygen documentation.
    
    tport.c
    * Add tport_subject_search()
      - Subject can be a hostname, IP Address, or a URI.
      - Valid subject examples include:
          example.com
          alice@example.com
          sip:alice@example.com
          sips:alice@example.com
    * tport_by_addrinfo() matches tpn_canon against the subject list
        of reusable TLS connections.
    
    tport_tls.h:
    * Add tls_init_secondary()
    * Remove tls_init_slave() & tls_init_client()
    
    tport_tls.c:
    * tls_verify_cb() supports TPTAG_TLS_VERIFY_DATE()
    * tls_post_connection_check() verifies certificate subjects.
    * tls_init_secondary()
      - Replaces tls_init_slave(), tls_init_client(), and tls_clone().
    
    tport_type_tls.c:
    * Removed erroneous reference to tport_tls_deliver()
    * Fix a memory leak caused by duplicate calls to tls_clone().
    * Populate the (tport_t *)->tp_subjects field with peer certificate data for
      new secondary connections.
    
    darcs-hash:20090115155045-2152f-aaec406d8e5dbf146949d4d3cbc9f56e201cba46.gz
    7b637c59
Name
Last commit
Last update
..
sofia-sip Loading commit data...
ChangeLog Loading commit data...
Doxyfile.in Loading commit data...
Makefile.am Loading commit data...
agent.pem Loading commit data...
cafile.pem Loading commit data...
certificates-update Loading commit data...
certificates.html Loading commit data...
test_tport.c Loading commit data...
tls_test_client.c Loading commit data...
tls_test_server.c Loading commit data...
tport.c Loading commit data...
tport.docs Loading commit data...
tport_internal.h Loading commit data...
tport_logging.c Loading commit data...
tport_rand.c Loading commit data...
tport_sigcomp.c Loading commit data...
tport_stub_sigcomp.c Loading commit data...
tport_stub_stun.c Loading commit data...
tport_tag.c Loading commit data...
tport_threadpool.c Loading commit data...
tport_tls.c Loading commit data...
tport_tls.h Loading commit data...
tport_type_connect.c Loading commit data...
tport_type_sctp.c Loading commit data...
tport_type_stun.c Loading commit data...
tport_type_tcp.c Loading commit data...
tport_type_tls.c Loading commit data...
tport_type_udp.c Loading commit data...