kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FS-3071 I've commited the upstream passphrase backport

This commit is contained in:
Marc Olivier Chouinard 2011-12-18 11:04:59 -05:00
parent 663699f4e3
commit f97a3266df
5 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libs/sofia-sip/libsofia-sip-ua/tport/sofia-sip/tport_tag.h
View File

@ -198,6 +198,12 @@ enum tport_tls_verify_policy {
TPTLS_VERIFY_SUBJECTS_ALL = 0xF, TPTLS_VERIFY_SUBJECTS_ALL = 0xF,
}; };
TPORT_DLL extern tag_typedef_t tptag_tls_passphrase;
#define TPTAG_TLS_PASSPHRASE(x) tptag_tls_passphrase, tag_str_v(x)
TPORT_DLL extern tag_typedef_t tptag_tls_passphrase_ref;
#define TPTAG_TLS_PASSPHRASE_REF(x) tptag_tls_passphrase_ref, tag_str_vr(&(x))
TPORT_DLL extern tag_typedef_t tptag_tls_verify_policy; TPORT_DLL extern tag_typedef_t tptag_tls_verify_policy;
#define TPTAG_TLS_VERIFY_POLICY(x) tptag_tls_verify_policy, tag_uint_v((x)) #define TPTAG_TLS_VERIFY_POLICY(x) tptag_tls_verify_policy, tag_uint_v((x))

10
libs/sofia-sip/libsofia-sip-ua/tport/tport_tag.c
View File

@ -288,6 +288,16 @@ tag_typedef_t tptag_tls_version = UINTTAG_TYPEDEF(tls_version);
*/ */
tag_typedef_t tptag_tls_verify_peer = UINTTAG_TYPEDEF(tls_verify_peer); tag_typedef_t tptag_tls_verify_peer = UINTTAG_TYPEDEF(tls_verify_peer);
/**@def TPTAG_TLS_PASSPHRASE(x)
*
* Sets the passphrase password to be used by openSSL to encrypt/decrypt
* private key files.
*
* @NEW_1_12_11.
*/
tag_typedef_t tptag_tls_passphrase = STRTAG_TYPEDEF(tls_passphrase);
/**@def TPTAG_TLS_VERIFY_POLICY(x) /**@def TPTAG_TLS_VERIFY_POLICY(x)
* *
* The verification of certificates can be controlled: * The verification of certificates can be controlled:

27
libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
View File

@ -160,6 +160,27 @@ void tls_log_errors(unsigned level, char const *s, unsigned long e)
} }
} }
/*
* This callback hands back the password to be used during decryption.
*
* buf : the function will write the password into this buffer
* size : the size of "buf"
* rwflag : indicates whether the callback is being used for reading/
* decryption (0) or writing/encryption (1)
* userdata : pointer tls_issues_t where the passphrase is stored
*/
static int passwd_cb(char *buf, int size, int rwflag, void *userdata)
{
if (rwflag == 0) { // reading/decryption
tls_issues_t *tlsi = (tls_issues_t *)userdata;
strncpy(buf, tlsi->passphrase, size);
buf[size - 1] = '\0';
return strlen(tlsi->passphrase);
}
return 0;
}
static static
tls_t *tls_create(int type) tls_t *tls_create(int type)
@ -290,6 +311,12 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
return -1; return -1;
} }
/* Set callback if we have a passphrase */
if (ti->passphrase != NULL) {
SSL_CTX_set_default_passwd_cb(tls->ctx, passwd_cb);
SSL_CTX_set_default_passwd_cb_userdata(tls->ctx, (void *)ti);
}
if (!SSL_CTX_use_certificate_file(tls->ctx, if (!SSL_CTX_use_certificate_file(tls->ctx,
ti->cert, ti->cert,
SSL_FILETYPE_PEM)) { SSL_FILETYPE_PEM)) {

1
libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h
View File

@ -56,6 +56,7 @@ typedef struct tls_issues_s {
int configured; /* If non-zero, complain about certificate errors */ int configured; /* If non-zero, complain about certificate errors */
char *cert; /* CERT file name. File format is PEM */ char *cert; /* CERT file name. File format is PEM */
char *key; /* Private key file. PEM format */ char *key; /* Private key file. PEM format */
char *passphrase; /* Passphrase for password protected private key */
char *randFile; /* Seed file for the PRNG (default: tls_seed.dat) */ char *randFile; /* Seed file for the PRNG (default: tls_seed.dat) */
char *CAfile; /* PEM file of CA's */ char *CAfile; /* PEM file of CA's */
char *CApath; /* PEM file path of CA's */ char *CApath; /* PEM file path of CA's */

3
libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c
View File

@ -182,6 +182,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
char const *path = NULL; char const *path = NULL;
unsigned tls_version = 1; unsigned tls_version = 1;
unsigned tls_verify = 0; unsigned tls_verify = 0;
char const *passphrase = NULL;
unsigned tls_policy = TPTLS_VERIFY_NONE; unsigned tls_policy = TPTLS_VERIFY_NONE;
unsigned tls_depth = 0; unsigned tls_depth = 0;
unsigned tls_date = 1; unsigned tls_date = 1;
@ -198,6 +199,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
TPTAG_CERTIFICATE_REF(path), TPTAG_CERTIFICATE_REF(path),
TPTAG_TLS_VERSION_REF(tls_version), TPTAG_TLS_VERSION_REF(tls_version),
TPTAG_TLS_VERIFY_PEER_REF(tls_verify), TPTAG_TLS_VERIFY_PEER_REF(tls_verify),
TPTAG_TLS_PASSPHRASE_REF(passphrase),
TPTAG_TLS_VERIFY_POLICY_REF(tls_policy), TPTAG_TLS_VERIFY_POLICY_REF(tls_policy),
TPTAG_TLS_VERIFY_DEPTH_REF(tls_depth), TPTAG_TLS_VERIFY_DEPTH_REF(tls_depth),
TPTAG_TLS_VERIFY_DATE_REF(tls_date), TPTAG_TLS_VERIFY_DATE_REF(tls_date),
@ -218,6 +220,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
ti.configured = path != tbf; ti.configured = path != tbf;
ti.randFile = su_sprintf(autohome, "%s/%s", path, "tls_seed.dat"); ti.randFile = su_sprintf(autohome, "%s/%s", path, "tls_seed.dat");
ti.key = su_sprintf(autohome, "%s/%s", path, "agent.pem"); ti.key = su_sprintf(autohome, "%s/%s", path, "agent.pem");
ti.passphrase = su_strdup(autohome, passphrase);
ti.cert = ti.key; ti.cert = ti.key;
ti.CAfile = su_sprintf(autohome, "%s/%s", path, "cafile.pem"); ti.CAfile = su_sprintf(autohome, "%s/%s", path, "cafile.pem");
ti.version = tls_version; ti.version = tls_version;