kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FS-5610 --resolve

This commit is contained in:
Anthony Minessale 2013-07-15 16:57:55 -05:00
parent acb33edc3a
commit e201bb01ea
3 changed files with 71 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/iksemel/.update
View File

@ -1 +1 @@
Tue May 14 07:44:21 CDT 2013 Mon Jul 15 16:57:11 CDT 2013

1
libs/iksemel/include/iksemel.h
View File

@ -226,6 +226,7 @@ void iks_disconnect (iksparser *prs);
int iks_has_tls (void); int iks_has_tls (void);
int iks_is_secure (iksparser *prs); int iks_is_secure (iksparser *prs);
int iks_start_tls (iksparser *prs); int iks_start_tls (iksparser *prs);
int iks_proceed_tls (iksparser *prs, const char *cert_file, const char *key_file, int use_ssl);
int iks_start_sasl (iksparser *prs, enum ikssasltype type, char *username, char *pass); int iks_start_sasl (iksparser *prs, enum ikssasltype type, char *username, char *pass);
/***** jabber *****/ /***** jabber *****/

74
libs/iksemel/src/stream.c
View File

@ -35,6 +35,8 @@ typedef unsigned __int32 uint32_t;
#define SF_FOREIGN 1 #define SF_FOREIGN 1
#define SF_TRY_SECURE 2 #define SF_TRY_SECURE 2
#define SF_SECURE 4 #define SF_SECURE 4
#define SF_SERVER 8
#define SF_SSLv23 16
struct stream_data { struct stream_data {
iksparser *prs; iksparser *prs;
@ -51,6 +53,8 @@ struct stream_data {
unsigned int flags; unsigned int flags;
char *auth_username; char *auth_username;
char *auth_pass; char *auth_pass;
char *cert_file;
char *key_file;
#ifdef HAVE_GNUTLS #ifdef HAVE_GNUTLS
gnutls_session sess; gnutls_session sess;
gnutls_certificate_credentials cred; gnutls_certificate_credentials cred;
@ -201,6 +205,7 @@ handshake (struct stream_data *data)
gnutls_certificate_free_credentials (data->cred); gnutls_certificate_free_credentials (data->cred);
return IKS_NOMEM; return IKS_NOMEM;
} }
gnutls_protocol_set_priority (data->sess, protocol_priority); gnutls_protocol_set_priority (data->sess, protocol_priority);
gnutls_cipher_set_priority(data->sess, cipher_priority); gnutls_cipher_set_priority(data->sess, cipher_priority);
gnutls_compression_set_priority(data->sess, comp_priority); gnutls_compression_set_priority(data->sess, comp_priority);
@ -224,7 +229,9 @@ handshake (struct stream_data *data)
data->flags &= (~SF_TRY_SECURE); data->flags &= (~SF_TRY_SECURE);
data->flags |= SF_SECURE; data->flags |= SF_SECURE;
iks_send_header (data->prs, data->server); if (!(data->flags & SF_SERVER)) {
iks_send_header (data->prs, data->server);
}
return IKS_OK; return IKS_OK;
} // HAVE_GNUTLS } // HAVE_GNUTLS
@ -311,8 +318,25 @@ handshake (struct stream_data *data)
SSL_library_init(); SSL_library_init();
SSL_load_error_strings(); SSL_load_error_strings();
data->ssl_ctx = SSL_CTX_new(TLSv1_method()); if (data->flags & SF_SERVER) {
if(!data->ssl_ctx) return IKS_NOMEM; if (data->flags & SF_SSLv23) {
data->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
} else {
data->ssl_ctx = SSL_CTX_new(TLSv1_server_method());
}
if(!data->ssl_ctx) return IKS_NOMEM;
if (SSL_CTX_use_certificate_file(data->ssl_ctx, data->cert_file, SSL_FILETYPE_PEM) <= 0) {
return IKS_NET_TLSFAIL;
}
if (SSL_CTX_use_PrivateKey_file(data->ssl_ctx, data->key_file, SSL_FILETYPE_PEM) <= 0) {
return IKS_NET_TLSFAIL;
}
SSL_CTX_set_verify(data->ssl_ctx, SSL_VERIFY_NONE, NULL);
} else {
data->ssl_ctx = SSL_CTX_new(TLSv1_method());
if(!data->ssl_ctx) return IKS_NOMEM;
}
data->ssl = SSL_new(data->ssl_ctx); data->ssl = SSL_new(data->ssl_ctx);
if(!data->ssl) return IKS_NOMEM; if(!data->ssl) return IKS_NOMEM;
@ -329,7 +353,11 @@ handshake (struct stream_data *data)
do do
{ {
ret = SSL_connect(data->ssl); if (data->flags & SF_SERVER) {
ret = SSL_accept(data->ssl);
} else {
ret = SSL_connect(data->ssl);
}
if( ret != 1 ) if( ret != 1 )
{ {
@ -346,7 +374,9 @@ handshake (struct stream_data *data)
data->flags &= (~SF_TRY_SECURE); data->flags &= (~SF_TRY_SECURE);
data->flags |= SF_SECURE; data->flags |= SF_SECURE;
iks_send_header (data->prs, data->server); if (!(data->flags & SF_SERVER)) {
iks_send_header (data->prs, data->server);
}
} }
return ret == 1 ? IKS_OK : IKS_NET_TLSFAIL; return ret == 1 ? IKS_OK : IKS_NET_TLSFAIL;
@ -954,6 +984,40 @@ iks_start_tls (iksparser *prs)
#endif #endif
} }
int
iks_proceed_tls (iksparser *prs, const char *cert_file, const char *key_file, int use_ssl)
{
#ifdef HAVE_GNUTLS
int ret;
struct stream_data *data = iks_user_data (prs);
ret = iks_send_raw (prs, "<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
if (ret) return ret;
data->cert_file = iks_stack_strdup(data->s, cert_file, 0);
data->key_file = iks_stack_strdup(data->s, key_file, 0);
data->flags |= SF_TRY_SECURE | SF_SERVER;
if (use_ssl) {
data->flags |= SF_SSLv23;
}
return handshake (data);
#elif HAVE_SSL
int ret;
struct stream_data *data = iks_user_data (prs);
ret = iks_send_raw (prs, "<proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
if (ret) return ret;
data->cert_file = iks_stack_strdup(data->s, cert_file, 0);
data->key_file = iks_stack_strdup(data->s, key_file, 0);
data->flags |= SF_TRY_SECURE | SF_SERVER;
if (use_ssl) {
data->flags |= SF_SSLv23;
}
return handshake (data);
#else
return IKS_NET_NOTSUPP;
#endif
}
/***** sasl *****/ /***** sasl *****/
int int