[asterisk-commits] file: branch file/netsock2 r97638 - in /team/file/netsock2: include/asterisk/...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Jan 9 16:13:02 CST 2008 

Author: file
Date: Wed Jan  9 16:13:02 2008
New Revision: 97638

URL: http://svn.digium.com/view/asterisk?view=rev&rev=97638
Log:
Add ability to set certificate authority file or path when binding using TLS transport.

Modified:
    team/file/netsock2/include/asterisk/netsock2.h
    team/file/netsock2/main/netsock2.c

Modified: team/file/netsock2/include/asterisk/netsock2.h
URL: http://svn.digium.com/view/asterisk/team/file/netsock2/include/asterisk/netsock2.h?view=diff&rev=97638&r1=97637&r2=97638
==============================================================================
--- team/file/netsock2/include/asterisk/netsock2.h (original)
+++ team/file/netsock2/include/asterisk/netsock2.h Wed Jan  9 16:13:02 2008
@@ -73,7 +73,7 @@
  * \param read Function to be called when there is data to be read
  * \return Returns 0 on success, -1 on failure
  */
-#define ast_netsock2_bind_sctp(binder, socket_list, address, port, tos, cos, read) ast_netsock2_bind(binder, socket_list, AST_NETSOCK2_TRANSPORT_SCTP, address, port, tos, cos, NULL, read, NULL, NULL, NULL, NULL)
+#define ast_netsock2_bind_sctp(binder, socket_list, address, port, tos, cos, read) ast_netsock2_bind(binder, socket_list, AST_NETSOCK2_TRANSPORT_SCTP, address, port, tos, cos, NULL, read, NULL, NULL, NULL, NULL, NULL, NULL)
 
 /*! \brief Bind to an address and port using UDP
  * \param binder What is binding to this address/port
@@ -85,7 +85,7 @@
  * \param read Function to be called when there is data to be read
  * \return Returns 0 on success, -1 on failure
  */
-#define ast_netsock2_bind_udp(binder, socket_list, address, port, tos, cos, read) ast_netsock2_bind(binder, socket_list, AST_NETSOCK2_TRANSPORT_UDP, address, port, tos, cos, NULL, read, NULL, NULL, NULL, NULL)
+#define ast_netsock2_bind_udp(binder, socket_list, address, port, tos, cos, read) ast_netsock2_bind(binder, socket_list, AST_NETSOCK2_TRANSPORT_UDP, address, port, tos, cos, NULL, read, NULL, NULL, NULL, NULL, NULL, NULL)
 
 /*! \brief Bind to an address and port using TCP
  * \param binder What is binding to this address/port
@@ -100,7 +100,7 @@
  * \param periodic Function to be called periodically
  * \return Returns 0 on success, -1 on failure
  */
-#define ast_netsock2_bind_tcp(binder, socket_list, address, port, tos, cos, connect, read, disconnect, periodic) ast_netsock2_bind(binder, socket_list, AST_NETSOCK2_TRANSPORT_TCP, address, port, tos, cos, connect, read, disconnect, periodic, NULL, NULL)
+#define ast_netsock2_bind_tcp(binder, socket_list, address, port, tos, cos, connect, read, disconnect, periodic) ast_netsock2_bind(binder, socket_list, AST_NETSOCK2_TRANSPORT_TCP, address, port, tos, cos, connect, read, disconnect, periodic, NULL, NULL, NULL, NULL)
 
 /*! \brief Bind to an address and port using TCP with TLS support
  * \param binder What is binding to this address/port
@@ -115,9 +115,11 @@
  * \param periodic Function to be called periodically
  * \param certificate SSL Certificate to use
  * \param cipher SSL Cipher to use
- * \return Returns 0 on success, -1 on failure
- */
-#define ast_netsock2_bind_tls(binder, socket_list, address, port, tos, cos, connect, read, disconnect, periodic, certificate, cipher) ast_netsock2_bind(binder, socket_list, AST_NETSOCK2_TRANSPORT_TLS, address, port, tos, cos, connect, read, disconnect, periodic, certificate, cipher)
+ * \param cafile Certificate authority file to use
+ * \param capath Directory full of certificate authority files
+ * \return Returns 0 on success, -1 on failure
+ */
+#define ast_netsock2_bind_tls(binder, socket_list, address, port, tos, cos, connect, read, disconnect, periodic, certificate, cipher, cafile, capath) ast_netsock2_bind(binder, socket_list, AST_NETSOCK2_TRANSPORT_TLS, address, port, tos, cos, connect, read, disconnect, periodic, certificate, cipher, cafile, capath)
 
 /*! \brief Bind to an address and port using the given transport
  * \param binder What is binding to this address/port
@@ -133,9 +135,11 @@
  * \param periodic Function to be called periodically
  * \param certificate SSL Certificate to use
  * \param cipher SSL Cipher to use
- * \return Returns 0 on success, -1 on failure
- */
-int ast_netsock2_bind(const char *binder, struct ast_netsock2_socket_list *socket_list, enum ast_netsock2_transport transport, const char *address, int port, int tos, int cos, ast_netsock2_callback connect, ast_netsock2_callback read, ast_netsock2_callback disconnect, ast_netsock2_callback periodic, const char *certificate, const char *cipher);
+ * \param cafile Certificate authority file to use
+ * \param capath Directory full of certificate authority files
+ * \return Returns 0 on success, -1 on failure
+ */
+int ast_netsock2_bind(const char *binder, struct ast_netsock2_socket_list *socket_list, enum ast_netsock2_transport transport, const char *address, int port, int tos, int cos, ast_netsock2_callback connect, ast_netsock2_callback read, ast_netsock2_callback disconnect, ast_netsock2_callback periodic, const char *certificate, const char *cipher, const char *cafile, const char *capath);
 
 /*! \brief Get amount of data waiting to be read on a socket
  * \param socket Socket that data is waiting on

Modified: team/file/netsock2/main/netsock2.c
URL: http://svn.digium.com/view/asterisk/team/file/netsock2/main/netsock2.c?view=diff&rev=97638&r1=97637&r2=97638
==============================================================================
--- team/file/netsock2/main/netsock2.c (original)
+++ team/file/netsock2/main/netsock2.c Wed Jan  9 16:13:02 2008
@@ -343,7 +343,7 @@
 }
 
 /*! Internal function that finds all IP addresses of a given transport and binds each individually */
-static int wildcard_individual_bind(const char *binder, struct ast_netsock2_socket_list *socket_list, enum ast_netsock2_transport transport, enum ast_netsock2_network_layer network_layer, int port, int tos, int cos, ast_netsock2_callback connect, ast_netsock2_callback read, ast_netsock2_callback disconnect, ast_netsock2_callback periodic, const char *certificate, const char *cipher)
+static int wildcard_individual_bind(const char *binder, struct ast_netsock2_socket_list *socket_list, enum ast_netsock2_transport transport, enum ast_netsock2_network_layer network_layer, int port, int tos, int cos, ast_netsock2_callback connect, ast_netsock2_callback read, ast_netsock2_callback disconnect, ast_netsock2_callback periodic, const char *certificate, const char *cipher, const char *cafile, const char *capath)
 {
 	struct ifaddrs *ifstart = NULL, *ifcurrent = NULL;
 	int family = (network_layer == AST_NETSOCK2_NETWORK_LAYER_IPV6 ? AF_INET6 : AF_INET), res = 0;
@@ -368,7 +368,7 @@
 
 		/* If this interface is not a loopback bind it now, otherwise defer it until the end so that the default socket chosen doesn't end up being the loopback */
 		if (!(ifcurrent->ifa_flags & IFF_LOOPBACK))
-			res = ast_netsock2_bind(binder, socket_list, transport, address, port, tos, cos, connect, read, disconnect, periodic, certificate, cipher);
+			res = ast_netsock2_bind(binder, socket_list, transport, address, port, tos, cos, connect, read, disconnect, periodic, certificate, cipher, cafile, capath);
 		else
 			ast_copy_string(ifloopback, address, sizeof(ifloopback));
 	}
@@ -378,7 +378,7 @@
 
 	/* If a loopback interface was found bind it at the end */
 	if (!ast_strlen_zero(ifloopback))
-		res = ast_netsock2_bind(binder, socket_list, transport, ifloopback, port, tos, cos, connect, read, disconnect, periodic, certificate, cipher);
+		res = ast_netsock2_bind(binder, socket_list, transport, ifloopback, port, tos, cos, connect, read, disconnect, periodic, certificate, cipher, cafile, capath);
 
 	return 0;
 }
@@ -397,9 +397,11 @@
  * \param periodic Function to be called periodically
  * \param certificate SSL Certificate to use
  * \param cipher SSL Cipher to use
+ * \param cafile Certificate authority file to use
+ * \param capath Directory full of certificate authority files
  * \return Returns 0 on success, -1 on failure
  */
-int ast_netsock2_bind(const char *binder, struct ast_netsock2_socket_list *socket_list, enum ast_netsock2_transport transport, const char *address, int port, int tos, int cos, ast_netsock2_callback connect, ast_netsock2_callback read, ast_netsock2_callback disconnect, ast_netsock2_callback periodic, const char *certificate, const char *cipher)
+int ast_netsock2_bind(const char *binder, struct ast_netsock2_socket_list *socket_list, enum ast_netsock2_transport transport, const char *address, int port, int tos, int cos, ast_netsock2_callback connect, ast_netsock2_callback read, ast_netsock2_callback disconnect, ast_netsock2_callback periodic, const char *certificate, const char *cipher, const char *cafile, const char *capath)
 {
 	struct ast_netsock2_socket *netsock2_socket = NULL;
 	enum ast_netsock2_network_layer network_layer = AST_NETSOCK2_NETWORK_LAYER_IPV4;
@@ -436,7 +438,7 @@
 
 	/* Since we now have the address information from above let's see if this is a wildcard */
 	if ((network_layer == AST_NETSOCK2_NETWORK_LAYER_IPV6 ? IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6*)&addr.addr)->sin6_addr) : ((struct sockaddr_in*)&addr.addr)->sin_addr.s_addr == INADDR_ANY)) {
-		return wildcard_individual_bind(binder, socket_list, transport, network_layer, port, tos, cos, connect, read, disconnect, periodic, certificate, cipher);
+		return wildcard_individual_bind(binder, socket_list, transport, network_layer, port, tos, cos, connect, read, disconnect, periodic, certificate, cipher, cafile, capath);
 	}
 
 	/* Next create an actual socket that we will eventually bind to */
@@ -532,6 +534,11 @@
 				ast_log(LOG_ERROR, "Cipher list '%s' was not acceptable.\n", cipher);
 				error = 1;
 			}
+			/* If a certificate authority file was provided or a directory full of them then set 'em on the SSL context */
+			if ((!ast_strlen_zero(cafile) || !ast_strlen_zero(capath)) && !SSL_CTX_load_verify_locations(netsock2_socket->ssl_ctx, S_OR(cafile, NULL), S_OR(capath,NULL))) {
+				ast_log(LOG_ERROR, "Certificate authority file '%s' or certificate path '%s' was not accepted.\n", cafile, capath);
+				error = 1;
+			}
 			/* If an error cropped up bail out */
 			if (error) {
 				SSL_CTX_free(netsock2_socket->ssl_ctx);

More information about the asterisk-commits mailing list