2006-12-21 06:30:28 +00:00
|
|
|
/*
|
|
|
|
* This file is part of the Sofia-SIP package
|
|
|
|
*
|
|
|
|
* Copyright (C) 2005 Nokia Corporation.
|
|
|
|
*
|
|
|
|
* Contact: Pekka Pessi <pekka.pessi@nokia.com>
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2.1 of
|
|
|
|
* the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful, but
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
|
|
|
* 02110-1301 USA
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**@CFILE tport_tls.c
|
|
|
|
* @brief TLS interface
|
2008-12-16 18:05:22 +00:00
|
|
|
*
|
2006-12-21 06:30:28 +00:00
|
|
|
* @author Mikko Haataja <ext-Mikko.A.Haataja@nokia.com>
|
|
|
|
* @author Pekka Pessi <ext-Pekka.Pessi@nokia.com>
|
2009-02-11 17:00:16 +00:00
|
|
|
* @author Jarod Neuner <janeuner@networkharbor.com>
|
2006-12-21 06:30:28 +00:00
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
#define OPENSSL_NO_KRB5 oh-no
|
2009-02-11 16:11:33 +00:00
|
|
|
#define SU_WAKEUP_ARG_T struct tport_s
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2008-12-16 19:48:45 +00:00
|
|
|
#include <sofia-sip/su_types.h>
|
|
|
|
#include <sofia-sip/su.h>
|
2009-02-11 16:11:33 +00:00
|
|
|
#include <sofia-sip/su_alloc.h>
|
2008-12-16 19:48:45 +00:00
|
|
|
#include <sofia-sip/su_wait.h>
|
2009-02-11 16:50:52 +00:00
|
|
|
#include <sofia-sip/su_string.h>
|
2008-12-16 19:48:45 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
#include <openssl/lhash.h>
|
|
|
|
#include <openssl/bn.h>
|
|
|
|
#include <openssl/x509.h>
|
|
|
|
#include <openssl/x509v3.h>
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
#include <openssl/err.h>
|
|
|
|
#include <openssl/pem.h>
|
|
|
|
#include <openssl/rand.h>
|
|
|
|
#include <openssl/bio.h>
|
|
|
|
#include <openssl/opensslv.h>
|
|
|
|
|
|
|
|
#include <assert.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
2007-04-15 02:03:41 +00:00
|
|
|
|
2009-02-11 20:19:56 +00:00
|
|
|
#if HAVE_FUNC
|
|
|
|
#elif HAVE_FUNCTION
|
|
|
|
#define __func__ __FUNCTION__
|
|
|
|
#else
|
|
|
|
static char const __func__[] = "tport_tls";
|
|
|
|
#endif
|
|
|
|
|
2007-04-15 02:03:41 +00:00
|
|
|
#if HAVE_SIGPIPE
|
2006-12-21 06:30:28 +00:00
|
|
|
#include <signal.h>
|
2007-04-15 02:03:41 +00:00
|
|
|
#endif
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2009-05-19 17:25:08 +00:00
|
|
|
#if SU_HAVE_PTHREADS
|
|
|
|
|
|
|
|
#include <pthread.h>
|
|
|
|
|
|
|
|
#if __sun
|
|
|
|
#undef PTHREAD_ONCE_INIT
|
|
|
|
#define PTHREAD_ONCE_INIT {{ 0, 0, 0, PTHREAD_ONCE_NOTDONE }}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
static pthread_once_t once = PTHREAD_ONCE_INIT;
|
|
|
|
#define ONCE_INIT(f) pthread_once(&once, f)
|
|
|
|
|
|
|
|
#else
|
|
|
|
|
|
|
|
static int once;
|
|
|
|
#define ONCE_INIT(f) (!once ? (once = 1), f() : (void)0)
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
#include "tport_tls.h"
|
|
|
|
|
|
|
|
char const tls_version[] = OPENSSL_VERSION_TEXT;
|
2009-06-01 22:50:03 +00:00
|
|
|
static int tls_ex_data_idx = -1; /* see SSL_get_ex_new_index(3ssl) */
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2009-05-19 17:25:08 +00:00
|
|
|
static void
|
|
|
|
tls_init_once(void)
|
|
|
|
{
|
|
|
|
SSL_library_init();
|
|
|
|
SSL_load_error_strings();
|
|
|
|
tls_ex_data_idx = SSL_get_ex_new_index(0, "sofia-sip private data", NULL, NULL, NULL);
|
|
|
|
}
|
|
|
|
|
2009-02-11 16:11:33 +00:00
|
|
|
enum { tls_master = 0, tls_slave = 1};
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
struct tls_s {
|
2009-02-11 16:11:33 +00:00
|
|
|
su_home_t home[1];
|
2006-12-21 06:30:28 +00:00
|
|
|
SSL_CTX *ctx;
|
|
|
|
SSL *con;
|
|
|
|
BIO *bio_con;
|
2009-02-11 16:11:33 +00:00
|
|
|
unsigned int type:1,
|
|
|
|
accept:1,
|
|
|
|
verify_incoming:1,
|
2009-02-11 17:03:59 +00:00
|
|
|
verify_outgoing:1,
|
|
|
|
verify_subj_in:1,
|
|
|
|
verify_subj_out:1,
|
|
|
|
verify_date:1,
|
|
|
|
x509_verified:1;
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
/* Receiving */
|
|
|
|
int read_events;
|
|
|
|
void *read_buffer;
|
|
|
|
size_t read_buffer_len;
|
|
|
|
|
|
|
|
/* Sending */
|
|
|
|
int write_events;
|
|
|
|
void *write_buffer;
|
|
|
|
size_t write_buffer_len;
|
|
|
|
|
|
|
|
/* Host names */
|
2009-02-11 17:03:59 +00:00
|
|
|
su_strlst_t *subjects;
|
2006-12-21 06:30:28 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
enum { tls_buffer_size = 16384 };
|
|
|
|
|
2008-02-15 15:58:10 +00:00
|
|
|
/** Log TLS error(s).
|
|
|
|
*
|
|
|
|
* Log the TLS error specified by the error code @a e and all the errors in
|
|
|
|
* the queue. The error code @a e implies no error, and it is not logged.
|
|
|
|
*/
|
2008-01-19 00:20:31 +00:00
|
|
|
static
|
2008-02-15 15:58:10 +00:00
|
|
|
void tls_log_errors(unsigned level, char const *s, unsigned long e)
|
2008-01-19 00:20:31 +00:00
|
|
|
{
|
2008-02-15 15:58:10 +00:00
|
|
|
if (e == 0)
|
|
|
|
e = ERR_get_error();
|
|
|
|
|
|
|
|
if (!tport_log->log_init)
|
|
|
|
su_log_init(tport_log);
|
|
|
|
|
|
|
|
if (s == NULL) s = "tls";
|
|
|
|
|
|
|
|
for (; e != 0; e = ERR_get_error()) {
|
|
|
|
if (level <= tport_log->log_level) {
|
|
|
|
const char *error = ERR_lib_error_string(e);
|
|
|
|
const char *func = ERR_func_error_string(e);
|
|
|
|
const char *reason = ERR_reason_error_string(e);
|
|
|
|
|
2008-12-16 18:05:22 +00:00
|
|
|
su_llog(tport_log, level, "%s: %08lx:%s:%s:%s\n",
|
2008-02-15 15:58:10 +00:00
|
|
|
s, e, error, func, reason);
|
|
|
|
}
|
|
|
|
}
|
2008-01-19 00:20:31 +00:00
|
|
|
}
|
|
|
|
|
2011-12-18 16:04:59 +00:00
|
|
|
/*
|
|
|
|
* This callback hands back the password to be used during decryption.
|
|
|
|
*
|
|
|
|
* buf : the function will write the password into this buffer
|
|
|
|
* size : the size of "buf"
|
|
|
|
* rwflag : indicates whether the callback is being used for reading/
|
|
|
|
* decryption (0) or writing/encryption (1)
|
|
|
|
* userdata : pointer tls_issues_t where the passphrase is stored
|
|
|
|
*/
|
|
|
|
static int passwd_cb(char *buf, int size, int rwflag, void *userdata)
|
|
|
|
{
|
|
|
|
if (rwflag == 0) { // reading/decryption
|
|
|
|
tls_issues_t *tlsi = (tls_issues_t *)userdata;
|
|
|
|
|
|
|
|
strncpy(buf, tlsi->passphrase, size);
|
|
|
|
buf[size - 1] = '\0';
|
|
|
|
|
|
|
|
return strlen(tlsi->passphrase);
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
2008-02-15 15:58:10 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
static
|
|
|
|
tls_t *tls_create(int type)
|
|
|
|
{
|
2009-02-11 16:11:33 +00:00
|
|
|
tls_t *tls = su_home_new(sizeof(*tls));
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
if (tls)
|
2009-02-11 16:11:33 +00:00
|
|
|
tls->type = type == tls_master ? tls_master : tls_slave;
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
return tls;
|
|
|
|
}
|
|
|
|
|
2008-02-15 15:58:10 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
static
|
|
|
|
void tls_set_default(tls_issues_t *i)
|
|
|
|
{
|
|
|
|
i->verify_depth = i->verify_depth == 0 ? 2 : i->verify_depth;
|
|
|
|
i->cert = i->cert ? i->cert : "agent.pem";
|
|
|
|
i->key = i->key ? i->key : i->cert;
|
|
|
|
i->randFile = i->randFile ? i->randFile : "tls_seed.dat";
|
|
|
|
i->CAfile = i->CAfile ? i->CAfile : "cafile.pem";
|
2014-03-05 21:32:07 +00:00
|
|
|
i->ciphers = i->ciphers ? i->ciphers : "!eNULL:!aNULL:!EXP:!LOW:!MD5:ALL:@STRENGTH";
|
2006-12-21 06:30:28 +00:00
|
|
|
/* Default SIP cipher */
|
|
|
|
/* "RSA-WITH-AES-128-CBC-SHA"; */
|
|
|
|
/* RFC-2543-compatibility ciphersuite */
|
|
|
|
/* TLS_RSA_WITH_3DES_EDE_CBC_SHA; */
|
|
|
|
}
|
|
|
|
|
2008-02-15 15:58:10 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
static
|
|
|
|
int tls_verify_cb(int ok, X509_STORE_CTX *store)
|
|
|
|
{
|
|
|
|
if (!ok)
|
|
|
|
{
|
2008-02-15 15:58:10 +00:00
|
|
|
char data[256];
|
|
|
|
|
|
|
|
X509 *cert = X509_STORE_CTX_get_current_cert(store);
|
|
|
|
int depth = X509_STORE_CTX_get_error_depth(store);
|
|
|
|
int err = X509_STORE_CTX_get_error(store);
|
2009-02-11 17:03:59 +00:00
|
|
|
int sslidx = SSL_get_ex_data_X509_STORE_CTX_idx();
|
|
|
|
SSL *ssl = X509_STORE_CTX_get_ex_data(store, sslidx);
|
|
|
|
tls_t *tls = SSL_get_ex_data(ssl, tls_ex_data_idx);
|
|
|
|
|
|
|
|
assert(tls);
|
|
|
|
|
|
|
|
#define TLS_VERIFY_CB_CLEAR_ERROR(OK,ERR,STORE) \
|
|
|
|
do {\
|
|
|
|
OK = 1;\
|
|
|
|
ERR = X509_V_OK;\
|
|
|
|
X509_STORE_CTX_set_error(STORE,ERR);\
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
if (tls->accept && !tls->verify_incoming)
|
|
|
|
TLS_VERIFY_CB_CLEAR_ERROR(ok, err, store);
|
|
|
|
else if (!tls->accept && !tls->verify_outgoing)
|
|
|
|
TLS_VERIFY_CB_CLEAR_ERROR(ok, err, store);
|
|
|
|
else switch (err) {
|
|
|
|
case X509_V_ERR_CERT_NOT_YET_VALID:
|
|
|
|
case X509_V_ERR_CERT_HAS_EXPIRED:
|
|
|
|
case X509_V_ERR_CRL_NOT_YET_VALID:
|
|
|
|
case X509_V_ERR_CRL_HAS_EXPIRED:
|
|
|
|
if (!tls->verify_date)
|
|
|
|
TLS_VERIFY_CB_CLEAR_ERROR(ok, err, store);
|
|
|
|
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!ok) {
|
|
|
|
SU_DEBUG_3(("-Error with certificate at depth: %i\n", depth));
|
|
|
|
X509_NAME_oneline(X509_get_issuer_name(cert), data, 256);
|
|
|
|
SU_DEBUG_3((" issuer = %s\n", data));
|
|
|
|
X509_NAME_oneline(X509_get_subject_name(cert), data, 256);
|
|
|
|
SU_DEBUG_3((" subject = %s\n", data));
|
|
|
|
SU_DEBUG_3((" err %i:%s\n", err, X509_verify_cert_error_string(err)));
|
|
|
|
}
|
2008-02-15 15:58:10 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
}
|
2008-12-16 18:05:22 +00:00
|
|
|
|
2008-12-16 20:26:19 +00:00
|
|
|
return ok;
|
2006-12-21 06:30:28 +00:00
|
|
|
}
|
|
|
|
|
2013-01-25 05:08:40 +00:00
|
|
|
void tls_init(void) {
|
|
|
|
ONCE_INIT(tls_init_once);
|
|
|
|
}
|
|
|
|
|
2014-02-06 15:27:06 +00:00
|
|
|
static
|
|
|
|
int tls_init_ecdh_curve(tls_t *tls)
|
|
|
|
{
|
|
|
|
int nid;
|
|
|
|
EC_KEY *ecdh;
|
|
|
|
if (!(nid = OBJ_sn2nid("prime256v1"))) {
|
|
|
|
tls_log_errors(1, "Couldn't find specified curve", 0);
|
|
|
|
errno = EIO;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (!(ecdh = EC_KEY_new_by_curve_name(nid))) {
|
|
|
|
tls_log_errors(1, "Couldn't create specified curve", 0);
|
|
|
|
errno = EIO;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
SSL_CTX_set_options(tls->ctx, SSL_OP_SINGLE_ECDH_USE);
|
|
|
|
SSL_CTX_set_tmp_ecdh(tls->ctx, ecdh);
|
|
|
|
EC_KEY_free(ecdh);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
static
|
|
|
|
int tls_init_context(tls_t *tls, tls_issues_t const *ti)
|
|
|
|
{
|
2009-02-11 17:03:59 +00:00
|
|
|
int verify;
|
2009-05-19 17:25:08 +00:00
|
|
|
static int random_loaded;
|
|
|
|
|
|
|
|
ONCE_INIT(tls_init_once);
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2009-05-19 17:25:08 +00:00
|
|
|
if (!random_loaded) {
|
|
|
|
random_loaded = 1;
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
if (ti->randFile &&
|
|
|
|
!RAND_load_file(ti->randFile, 1024 * 1024)) {
|
|
|
|
if (ti->configured > 1) {
|
2008-12-16 18:05:22 +00:00
|
|
|
SU_DEBUG_3(("%s: cannot open randFile %s\n",
|
2008-01-18 23:33:44 +00:00
|
|
|
"tls_init_context", ti->randFile));
|
2008-02-15 15:58:10 +00:00
|
|
|
tls_log_errors(3, "tls_init_context", 0);
|
2006-12-21 06:30:28 +00:00
|
|
|
}
|
|
|
|
/* errno = EIO; */
|
|
|
|
/* return -1; */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-04-15 02:03:41 +00:00
|
|
|
#if HAVE_SIGPIPE
|
2006-12-21 06:30:28 +00:00
|
|
|
/* Avoid possible SIGPIPE when sending close_notify */
|
|
|
|
signal(SIGPIPE, SIG_IGN);
|
2007-04-15 02:03:41 +00:00
|
|
|
#endif
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2014-02-06 00:18:05 +00:00
|
|
|
if (tls->ctx == NULL)
|
|
|
|
if (!(tls->ctx = SSL_CTX_new((SSL_METHOD*)SSLv23_method()))) {
|
|
|
|
tls_log_errors(1, "SSL_CTX_new() failed", 0);
|
|
|
|
errno = EIO;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (!(ti->version & TPTLS_VERSION_SSLv2))
|
|
|
|
SSL_CTX_set_options(tls->ctx, SSL_OP_NO_SSLv2);
|
|
|
|
if (!(ti->version & TPTLS_VERSION_SSLv3))
|
|
|
|
SSL_CTX_set_options(tls->ctx, SSL_OP_NO_SSLv3);
|
|
|
|
if (!(ti->version & TPTLS_VERSION_TLSv1))
|
|
|
|
SSL_CTX_set_options(tls->ctx, SSL_OP_NO_TLSv1);
|
|
|
|
if (!(ti->version & TPTLS_VERSION_TLSv1_1))
|
|
|
|
SSL_CTX_set_options(tls->ctx, SSL_OP_NO_TLSv1_1);
|
|
|
|
if (!(ti->version & TPTLS_VERSION_TLSv1_2))
|
|
|
|
SSL_CTX_set_options(tls->ctx, SSL_OP_NO_TLSv1_2);
|
|
|
|
SSL_CTX_sess_set_remove_cb(tls->ctx, NULL);
|
2012-06-08 22:06:55 +00:00
|
|
|
SSL_CTX_set_timeout(tls->ctx, ti->timeout);
|
2014-03-16 16:07:02 +00:00
|
|
|
/* CRIME (CVE-2012-4929) mitigation */
|
|
|
|
SSL_CTX_set_options(tls->ctx, SSL_OP_NO_COMPRESSION);
|
2012-06-08 22:06:55 +00:00
|
|
|
|
2011-12-18 16:04:59 +00:00
|
|
|
/* Set callback if we have a passphrase */
|
|
|
|
if (ti->passphrase != NULL) {
|
|
|
|
SSL_CTX_set_default_passwd_cb(tls->ctx, passwd_cb);
|
|
|
|
SSL_CTX_set_default_passwd_cb_userdata(tls->ctx, (void *)ti);
|
|
|
|
}
|
|
|
|
|
2008-12-16 18:05:22 +00:00
|
|
|
if (!SSL_CTX_use_certificate_file(tls->ctx,
|
2006-12-21 06:30:28 +00:00
|
|
|
ti->cert,
|
|
|
|
SSL_FILETYPE_PEM)) {
|
|
|
|
if (ti->configured > 0) {
|
2008-02-15 15:58:10 +00:00
|
|
|
SU_DEBUG_1(("%s: invalid local certificate: %s\n",
|
2008-01-18 23:33:44 +00:00
|
|
|
"tls_init_context", ti->cert));
|
2009-02-12 21:30:05 +00:00
|
|
|
tls_log_errors(3, "tls_init_context", 0);
|
2006-12-21 06:30:28 +00:00
|
|
|
#if require_client_certificate
|
|
|
|
errno = EIO;
|
|
|
|
return -1;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-12-16 18:05:22 +00:00
|
|
|
if (!SSL_CTX_use_PrivateKey_file(tls->ctx,
|
|
|
|
ti->key,
|
2006-12-21 06:30:28 +00:00
|
|
|
SSL_FILETYPE_PEM)) {
|
|
|
|
if (ti->configured > 0) {
|
2009-02-12 21:30:05 +00:00
|
|
|
SU_DEBUG_1(("%s: invalid private key: %s\n",
|
|
|
|
"tls_init_context", ti->key));
|
|
|
|
tls_log_errors(3, "tls_init_context(key)", 0);
|
2006-12-21 06:30:28 +00:00
|
|
|
#if require_client_certificate
|
|
|
|
errno = EIO;
|
|
|
|
return -1;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!SSL_CTX_check_private_key(tls->ctx)) {
|
|
|
|
if (ti->configured > 0) {
|
2008-02-15 15:58:10 +00:00
|
|
|
SU_DEBUG_1(("%s: private key does not match the certificate public key\n",
|
|
|
|
"tls_init_context"));
|
2006-12-21 06:30:28 +00:00
|
|
|
}
|
|
|
|
#if require_client_certificate
|
|
|
|
errno = EIO;
|
|
|
|
return -1;
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2008-12-16 18:05:22 +00:00
|
|
|
if (!SSL_CTX_load_verify_locations(tls->ctx,
|
|
|
|
ti->CAfile,
|
2006-12-21 06:30:28 +00:00
|
|
|
ti->CApath)) {
|
2009-02-12 21:30:05 +00:00
|
|
|
SU_DEBUG_1(("%s: error loading CA list: %s\n",
|
|
|
|
"tls_init_context", ti->CAfile));
|
2006-12-21 06:30:28 +00:00
|
|
|
if (ti->configured > 0)
|
2009-02-12 21:30:05 +00:00
|
|
|
tls_log_errors(3, "tls_init_context(CA)", 0);
|
2006-12-21 06:30:28 +00:00
|
|
|
errno = EIO;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2009-02-11 17:03:59 +00:00
|
|
|
/* corresponds to (enum tport_tls_verify_policy) */
|
|
|
|
tls->verify_incoming = (ti->policy & 0x1) ? 1 : 0;
|
|
|
|
tls->verify_outgoing = (ti->policy & 0x2) ? 1 : 0;
|
|
|
|
tls->verify_subj_in = (ti->policy & 0x4) ? tls->verify_incoming : 0;
|
|
|
|
tls->verify_subj_out = (ti->policy & 0x8) ? tls->verify_outgoing : 0;
|
|
|
|
tls->verify_date = (ti->verify_date) ? 1 : 0;
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2009-02-11 17:03:59 +00:00
|
|
|
if (tls->verify_incoming)
|
|
|
|
verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
|
|
|
|
else
|
|
|
|
verify = SSL_VERIFY_NONE;
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2009-02-11 17:03:59 +00:00
|
|
|
SSL_CTX_set_verify_depth(tls->ctx, ti->verify_depth);
|
|
|
|
SSL_CTX_set_verify(tls->ctx, verify, tls_verify_cb);
|
2009-02-11 16:11:33 +00:00
|
|
|
|
2014-02-06 15:27:06 +00:00
|
|
|
if (tls_init_ecdh_curve(tls) == 0) {
|
|
|
|
SU_DEBUG_3(("%s\n", "tls: initialized ECDH"));
|
|
|
|
} else {
|
|
|
|
SU_DEBUG_3(("%s\n", "tls: failed to initialize ECDH"));
|
|
|
|
}
|
|
|
|
|
2014-02-06 03:08:33 +00:00
|
|
|
if (!SSL_CTX_set_cipher_list(tls->ctx, ti->ciphers)) {
|
2008-02-15 15:58:10 +00:00
|
|
|
SU_DEBUG_1(("%s: error setting cipher list\n", "tls_init_context"));
|
2009-02-12 21:30:05 +00:00
|
|
|
tls_log_errors(3, "tls_init_context", 0);
|
2006-12-21 06:30:28 +00:00
|
|
|
errno = EIO;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
void tls_free(tls_t *tls)
|
|
|
|
{
|
|
|
|
if (!tls)
|
|
|
|
return;
|
|
|
|
|
2013-03-06 18:58:22 +00:00
|
|
|
if (tls->con != NULL) {
|
|
|
|
SSL_shutdown(tls->con);
|
|
|
|
SSL_free(tls->con), tls->con = NULL;
|
|
|
|
}
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2013-03-06 18:58:22 +00:00
|
|
|
if (tls->ctx != NULL && tls->type != tls_slave) {
|
2006-12-21 06:30:28 +00:00
|
|
|
SSL_CTX_free(tls->ctx);
|
2013-03-06 18:58:22 +00:00
|
|
|
}
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2009-02-11 16:11:33 +00:00
|
|
|
su_home_unref(tls->home);
|
2006-12-21 06:30:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int tls_get_socket(tls_t *tls)
|
|
|
|
{
|
|
|
|
int sock = -1;
|
|
|
|
|
|
|
|
if (tls != NULL && tls->bio_con != NULL)
|
|
|
|
BIO_get_fd(tls->bio_con, &sock);
|
|
|
|
|
|
|
|
return sock;
|
|
|
|
}
|
|
|
|
|
|
|
|
tls_t *tls_init_master(tls_issues_t *ti)
|
|
|
|
{
|
2008-12-16 18:05:22 +00:00
|
|
|
/* Default id in case RAND fails */
|
|
|
|
unsigned char sessionId[32] = "sofia/tls";
|
2006-12-21 06:30:28 +00:00
|
|
|
tls_t *tls;
|
|
|
|
|
2007-04-15 02:03:41 +00:00
|
|
|
#if HAVE_SIGPIPE
|
2006-12-21 06:30:28 +00:00
|
|
|
signal(SIGPIPE, SIG_IGN); /* Ignore spurios SIGPIPE from OpenSSL */
|
2007-04-15 02:03:41 +00:00
|
|
|
#endif
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
tls_set_default(ti);
|
|
|
|
|
|
|
|
if (!(tls = tls_create(tls_master)))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (tls_init_context(tls, ti) < 0) {
|
|
|
|
int err = errno;
|
|
|
|
tls_free(tls);
|
|
|
|
errno = err;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
RAND_pseudo_bytes(sessionId, sizeof(sessionId));
|
|
|
|
|
|
|
|
SSL_CTX_set_session_id_context(tls->ctx,
|
|
|
|
(void*) sessionId,
|
2008-12-16 18:05:22 +00:00
|
|
|
sizeof(sessionId));
|
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
if (ti->CAfile != NULL)
|
|
|
|
SSL_CTX_set_client_CA_list(tls->ctx,
|
|
|
|
SSL_load_client_CA_file(ti->CAfile));
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
if (sock != -1) {
|
|
|
|
tls->bio_con = BIO_new_socket(sock, BIO_NOCLOSE);
|
|
|
|
|
|
|
|
if (tls->bio_con == NULL) {
|
2008-02-15 15:58:10 +00:00
|
|
|
tls_log_errors(1, "tls_init_master", 0);
|
2006-12-21 06:30:28 +00:00
|
|
|
tls_free(tls);
|
|
|
|
errno = EIO;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return tls;
|
|
|
|
}
|
|
|
|
|
2009-02-11 17:03:59 +00:00
|
|
|
tls_t *tls_init_secondary(tls_t *master, int sock, int accept)
|
2006-12-21 06:30:28 +00:00
|
|
|
{
|
|
|
|
tls_t *tls = tls_create(tls_slave);
|
|
|
|
|
|
|
|
if (tls) {
|
|
|
|
tls->ctx = master->ctx;
|
2009-02-11 16:11:33 +00:00
|
|
|
tls->accept = accept ? 1 : 0;
|
2009-02-11 17:03:59 +00:00
|
|
|
tls->verify_outgoing = master->verify_outgoing;
|
|
|
|
tls->verify_incoming = master->verify_incoming;
|
|
|
|
tls->verify_subj_out = master->verify_subj_out;
|
|
|
|
tls->verify_subj_in = master->verify_subj_in;
|
|
|
|
tls->verify_date = master->verify_date;
|
|
|
|
tls->x509_verified = master->x509_verified;
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2009-02-11 16:11:33 +00:00
|
|
|
if (!(tls->read_buffer = su_alloc(tls->home, tls_buffer_size)))
|
|
|
|
su_home_unref(tls->home), tls = NULL;
|
2006-12-21 06:30:28 +00:00
|
|
|
}
|
|
|
|
if (!tls)
|
|
|
|
return tls;
|
|
|
|
|
|
|
|
assert(sock != -1);
|
|
|
|
|
2008-12-16 18:05:22 +00:00
|
|
|
tls->bio_con = BIO_new_socket(sock, BIO_NOCLOSE);
|
2006-12-21 06:30:28 +00:00
|
|
|
tls->con = SSL_new(tls->ctx);
|
|
|
|
|
|
|
|
if (tls->con == NULL) {
|
2009-02-11 17:03:59 +00:00
|
|
|
tls_log_errors(1, "tls_init_secondary", 0);
|
2006-12-21 06:30:28 +00:00
|
|
|
tls_free(tls);
|
|
|
|
errno = EIO;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
SSL_set_bio(tls->con, tls->bio_con, tls->bio_con);
|
|
|
|
SSL_set_mode(tls->con, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
2009-02-11 17:03:59 +00:00
|
|
|
SSL_set_ex_data(tls->con, tls_ex_data_idx, tls);
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2007-04-15 02:03:41 +00:00
|
|
|
su_setblocking(sock, 0);
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
return tls;
|
|
|
|
}
|
|
|
|
|
2009-02-11 17:03:59 +00:00
|
|
|
su_inline
|
|
|
|
int tls_post_connection_check(tport_t *self, tls_t *tls)
|
2006-12-21 06:30:28 +00:00
|
|
|
{
|
|
|
|
X509 *cert;
|
2014-02-28 20:28:33 +00:00
|
|
|
const SSL_CIPHER *cipher;
|
|
|
|
char cipher_description[256];
|
|
|
|
int cipher_bits, alg_bits;
|
2006-12-21 06:30:28 +00:00
|
|
|
int extcount;
|
2009-02-11 16:11:33 +00:00
|
|
|
int i, j, error;
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
if (!tls) return -1;
|
|
|
|
|
2014-02-28 20:28:33 +00:00
|
|
|
if (!(cipher = SSL_get_current_cipher(tls->con))) {
|
|
|
|
SU_DEBUG_7(("%s(%p): %s\n", __func__, (void*)self,
|
|
|
|
"OpenSSL failed to return an SSL_CIPHER object to us."));
|
|
|
|
return SSL_ERROR_SSL;
|
|
|
|
}
|
|
|
|
SU_DEBUG_9(("%s(%p): TLS cipher chosen (name): %s\n", __func__, (void*)self,
|
|
|
|
SSL_CIPHER_get_name(cipher)));
|
|
|
|
SU_DEBUG_9(("%s(%p): TLS cipher chosen (version): %s\n", __func__, (void*)self,
|
|
|
|
SSL_CIPHER_get_version(cipher)));
|
|
|
|
cipher_bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
|
|
|
|
SU_DEBUG_9(("%s(%p): TLS cipher chosen (bits/alg_bits): %d/%d\n", __func__, (void*)self,
|
|
|
|
cipher_bits, alg_bits));
|
|
|
|
SSL_CIPHER_description(cipher, cipher_description, sizeof(cipher_description));
|
|
|
|
SU_DEBUG_9(("%s(%p): TLS cipher chosen (description): %s\n", __func__, (void*)self,
|
|
|
|
cipher_description));
|
|
|
|
|
2008-12-16 18:05:22 +00:00
|
|
|
cert = SSL_get_peer_certificate(tls->con);
|
2009-02-11 17:03:59 +00:00
|
|
|
if (!cert) {
|
|
|
|
SU_DEBUG_7(("%s(%p): Peer did not provide X.509 Certificate.\n",
|
2009-12-01 22:42:18 +00:00
|
|
|
__func__, (void *) self));
|
2009-02-11 17:03:59 +00:00
|
|
|
if (self->tp_accepted && tls->verify_incoming)
|
|
|
|
return X509_V_ERR_CERT_UNTRUSTED;
|
|
|
|
else if (!self->tp_accepted && tls->verify_outgoing)
|
|
|
|
return X509_V_ERR_CERT_UNTRUSTED;
|
|
|
|
else
|
|
|
|
return X509_V_OK;
|
|
|
|
}
|
2008-12-16 18:05:22 +00:00
|
|
|
|
2009-02-11 17:03:59 +00:00
|
|
|
tls->subjects = su_strlst_create(tls->home);
|
|
|
|
if (!tls->subjects)
|
|
|
|
return X509_V_ERR_OUT_OF_MEM;
|
2006-12-21 06:30:28 +00:00
|
|
|
|
2009-02-11 17:03:59 +00:00
|
|
|
extcount = X509_get_ext_count(cert);
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
/* Find matching subjectAltName.DNS */
|
|
|
|
for (i = 0; i < extcount; i++) {
|
|
|
|
X509_EXTENSION *ext;
|
|
|
|
char const *name;
|
2009-12-04 01:41:58 +00:00
|
|
|
#if OPENSSL_VERSION_NUMBER > 0x10000000L
|
|
|
|
const X509V3_EXT_METHOD *vp;
|
|
|
|
#else
|
2006-12-21 06:30:28 +00:00
|
|
|
X509V3_EXT_METHOD *vp;
|
2009-12-04 01:41:58 +00:00
|
|
|
#endif
|
2006-12-21 06:30:28 +00:00
|
|
|
STACK_OF(CONF_VALUE) *values;
|
|
|
|
CONF_VALUE *value;
|
|
|
|
void *d2i;
|
|
|
|
|
|
|
|
ext = X509_get_ext(cert, i);
|
|
|
|
name = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext)));
|
2008-12-16 18:05:22 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
if (strcmp(name, "subjectAltName") != 0)
|
|
|
|
continue;
|
2008-12-16 18:05:22 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
vp = X509V3_EXT_get(ext); if (!vp) continue;
|
|
|
|
d2i = X509V3_EXT_d2i(ext);
|
|
|
|
values = vp->i2v(vp, d2i, NULL);
|
2008-12-16 18:05:22 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
for (j = 0; j < sk_CONF_VALUE_num(values); j++) {
|
|
|
|
value = sk_CONF_VALUE_value(values, j);
|
2009-02-11 16:11:33 +00:00
|
|
|
if (strcmp(value->name, "DNS") == 0)
|
2009-02-11 17:03:59 +00:00
|
|
|
su_strlst_dup_append(tls->subjects, value->value);
|
|
|
|
if (strcmp(value->name, "IP") == 0)
|
|
|
|
su_strlst_dup_append(tls->subjects, value->value);
|
|
|
|
else if (strcmp(value->name, "URI") == 0)
|
|
|
|
su_strlst_dup_append(tls->subjects, value->value);
|
2006-12-21 06:30:28 +00:00
|
|
|
}
|
|
|
|
}
|
2008-12-16 18:05:22 +00:00
|
|
|
|
2009-02-11 16:11:33 +00:00
|
|
|
{
|
2006-12-21 06:30:28 +00:00
|
|
|
X509_NAME *subject;
|
|
|
|
char name[256];
|
|
|
|
|
|
|
|
subject = X509_get_subject_name(cert);
|
2009-02-11 16:14:35 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
if (subject) {
|
2008-12-16 18:05:22 +00:00
|
|
|
if (X509_NAME_get_text_by_NID(subject, NID_commonName,
|
2006-12-21 06:30:28 +00:00
|
|
|
name, sizeof name) > 0) {
|
2009-02-11 17:03:59 +00:00
|
|
|
usize_t k, N = su_strlst_len(tls->subjects);
|
2006-12-21 06:30:28 +00:00
|
|
|
name[(sizeof name) - 1] = '\0';
|
|
|
|
|
2009-02-11 16:14:35 +00:00
|
|
|
for (k = 0; k < N; k++)
|
2009-02-11 17:03:59 +00:00
|
|
|
if (su_casematch(su_strlst_item(tls->subjects, k), name) == 0)
|
2006-12-21 06:30:28 +00:00
|
|
|
break;
|
|
|
|
|
2009-02-11 17:03:59 +00:00
|
|
|
if (k >= N)
|
|
|
|
su_strlst_dup_append(tls->subjects, name);
|
2006-12-21 06:30:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
X509_free(cert);
|
|
|
|
|
|
|
|
error = SSL_get_verify_result(tls->con);
|
|
|
|
|
2009-02-11 17:03:59 +00:00
|
|
|
if (cert && error == X509_V_OK)
|
|
|
|
tls->x509_verified = 1;
|
|
|
|
|
|
|
|
if (tport_log->log_level >= 7) {
|
|
|
|
int i, len = su_strlst_len(tls->subjects);
|
|
|
|
for (i=0; i < len; i++)
|
|
|
|
SU_DEBUG_7(("%s(%p): Peer Certificate Subject %i: %s\n", \
|
2009-12-01 22:42:18 +00:00
|
|
|
__func__, (void *)self, i, su_strlst_item(tls->subjects, i)));
|
2009-02-11 17:03:59 +00:00
|
|
|
if (i == 0)
|
|
|
|
SU_DEBUG_7(("%s(%p): Peer Certificate provided no usable subjects.\n",
|
2009-12-01 22:42:18 +00:00
|
|
|
__func__, (void *)self));
|
2009-02-11 17:03:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Verify incoming connections */
|
|
|
|
if (self->tp_accepted) {
|
|
|
|
if (!tls->verify_incoming)
|
|
|
|
return X509_V_OK;
|
|
|
|
|
|
|
|
if (!tls->x509_verified)
|
|
|
|
return error;
|
|
|
|
|
|
|
|
if (tls->verify_subj_in) {
|
|
|
|
su_strlst_t const *subjects = self->tp_pri->pri_primary->tp_subjects;
|
|
|
|
int i, items;
|
|
|
|
|
|
|
|
items = subjects ? su_strlst_len(subjects) : 0;
|
|
|
|
if (items == 0)
|
|
|
|
return X509_V_OK;
|
|
|
|
|
|
|
|
for (i=0; i < items; i++) {
|
|
|
|
if (tport_subject_search(su_strlst_item(subjects, i), tls->subjects))
|
|
|
|
return X509_V_OK;
|
|
|
|
}
|
|
|
|
SU_DEBUG_3(("%s(%p): Peer Subject Mismatch (incoming connection)\n", \
|
2009-12-01 22:42:18 +00:00
|
|
|
__func__, (void *)self));
|
2009-02-11 17:03:59 +00:00
|
|
|
|
|
|
|
return X509_V_ERR_CERT_UNTRUSTED;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* Verify outgoing connections */
|
|
|
|
else {
|
|
|
|
char const *subject = self->tp_canon;
|
|
|
|
if (!tls->verify_outgoing)
|
|
|
|
return X509_V_OK;
|
|
|
|
|
|
|
|
if (!tls->x509_verified || !subject)
|
|
|
|
return error;
|
|
|
|
|
|
|
|
if (tls->verify_subj_out) {
|
|
|
|
if (tport_subject_search(subject, tls->subjects))
|
|
|
|
return X509_V_OK; /* Subject match found in verified certificate chain */
|
|
|
|
SU_DEBUG_3(("%s(%p): Peer Subject Mismatch (%s)\n", \
|
2009-12-01 22:42:18 +00:00
|
|
|
__func__, (void *)self, subject));
|
2009-02-11 17:03:59 +00:00
|
|
|
|
|
|
|
return X509_V_ERR_CERT_UNTRUSTED;
|
|
|
|
}
|
|
|
|
}
|
2008-12-16 18:05:22 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
static
|
2008-02-15 15:58:10 +00:00
|
|
|
int tls_error(tls_t *tls, int ret, char const *who,
|
2006-12-21 06:30:28 +00:00
|
|
|
void *buf, int size)
|
|
|
|
{
|
|
|
|
int events = 0;
|
|
|
|
int err = SSL_get_error(tls->con, ret);
|
|
|
|
|
|
|
|
switch (err) {
|
|
|
|
case SSL_ERROR_WANT_WRITE:
|
|
|
|
events = SU_WAIT_OUT;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SSL_ERROR_WANT_READ:
|
|
|
|
events = SU_WAIT_IN;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SSL_ERROR_ZERO_RETURN:
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case SSL_ERROR_SYSCALL:
|
Merge up to the most recent sofia-sip darcs tree. Includes the following patches from darcs:
Tue Aug 21 09:38:59 EDT 2007 Pekka.Pessi@nokia.com
* tport_type_udp.c: checking error while checking that MSG_TRUNC works.
Shall I pull this patch? (1/43) [ynWvpxqadjk], or ? for help: y
Tue Aug 21 10:49:33 EDT 2007 Pekka.Pessi@nokia.com
* nua_params.c: NUTAG_SIPS_URL() now sets the handle target, too.
Problem reported by Jari Tenhunen.
Shall I pull this patch? (2/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 11:22:42 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: do not destroy INVITE transaction if it has been CANCELed
Handle gracefully cases where the INVITE transaction is destroyed
immediately after canceling it. The old behaviour was to left it up to the
application to ACK the final response returned to INVITE.
Thanks for Fabio Margarido for reporting this problem.
Shall I pull this patch? (3/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 13:02:01 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: added test with user SDP containing already rejected media
Shall I pull this patch? (4/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:41:20 EDT 2007 Pekka.Pessi@nokia.com
* nta: added option for processing orphan responses matching with a dialog
The orphan responses matching with the dialog can now be processed by the
response callback.The dialog leg can be created with
NTATAG_RESPONSE_CALLBACK() or a response callback can be later bound to the
leg with nta_leg_bind_response().
This is practically useful only with 200 OK responses to the INVITE that are
retransmitted by the UAS. By default, the retransmission are catched by the
ACK transaction (which then retransmits the ACK request message). However,
after ACK transaction times out, the retransmitted 200 OK indicates most
probably that the ACK request messages do not reach UAS.
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (5/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:41:20 EDT 2007 Pekka.Pessi@nokia.com
UNDO: nta: added option for processing orphan responses matching with a dialog
The orphan responses matching with the dialog can now be processed by the
response callback.The dialog leg can be created with
NTATAG_RESPONSE_CALLBACK() or a response callback can be later bound to the
leg with nta_leg_bind_response().
This is practically useful only with 200 OK responses to the INVITE that are
retransmitted by the UAS. By default, the retransmission are catched by the
ACK transaction (which then retransmits the ACK request message). However,
after ACK transaction times out, the retransmitted 200 OK indicates most
probably that the ACK request messages do not reach UAS.
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (6/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 07:00:10 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: disabled nta_msg_ackbye(). Fix for sf.net bug #1750691
Thanks for Mikhail Zabaluev for reporting this bug.
Shall I pull this patch? (7/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 06:54:38 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: added test for sf.net bug #1750691
Shall I pull this patch? (8/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 07:03:45 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: added test for nua_bye() sending CANCEL
Shall I pull this patch? (9/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 31 12:08:09 EDT 2007 Pekka.Pessi@nokia.com
* url.c: fixed escaping of '/' %2F, ';' %3B and '=' %3D in URL path/params
Thanks for Fabio Margarido for reporting this bug.
Shall I pull this patch? (10/43) [ynWvpxqadjk], or ? for help: y
Mon Sep 3 10:14:55 EDT 2007 Pekka.Pessi@nokia.com
* url.c: do not un-escape %40 in URI parameters.
Do not unescape %2C, %3B, %3D, or %40 in URI parameters, nor
%2C, %2F, %3B, %3D, or %40 in URI path.
The @ sign can be ambiguous in the SIP URL, e.g.,
<sip:test.info;p=value@test.com>
can be parsed in two ways:
1) username contains test.info;param=value and host part has test.com
2) empty username, host part test.info, URI parameter p=value@test.com
Previously Sofia URL parser converted escaped '@' at signs (%40) in the URI
parameters to the unescaped form. The resulting URI could be ambiguous and
sometimes fail the syntax check if there was no '@' sign before the
unescaped one.
Thanks for Jan van den Bosch and Mikhail Zabaluev for reporting this bug.
Shall I pull this patch? (11/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 04:59:57 EDT 2007 Pekka.Pessi@nokia.com
* tport.c: fixed indenting, logging
Shall I pull this patch? (12/43) [ynWvpxqadjk], or ? for help: y
Fri Jul 13 12:47:33 EDT 2007 Pekka.Pessi@nokia.com
* nua/test_proxy.h, nua/test_proxy.c: added support for multiple domains
Each domain has its own registrar and authentication module.
Shall I pull this patch? (13/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:19:33 EDT 2007 Pekka.Pessi@nokia.com
* test_ops.c: added timestamp to event logging
Shall I pull this patch? (14/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:20:12 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: fixed timing problems in testing.
Shall I pull this patch? (15/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:31:04 EDT 2007 Pekka.Pessi@nokia.com
* test_ops.c: reduce su_root_step() delay to 0.1 seconds
Shall I pull this patch? (16/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:31:22 EDT 2007 Pekka.Pessi@nokia.com
* test_register.c: fixed timing problem
Shall I pull this patch? (17/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 17:03:46 EDT 2007 Pekka.Pessi@nokia.com
* test_100rel.c: fixed timing problems resulting in events being reordered
Shall I pull this patch? (18/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:40:53 EDT 2007 Pekka.Pessi@nokia.com
* nua (test_init.c, test_register.c): using test_proxy domains
Shall I pull this patch? (19/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 12:12:32 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: added cleanup code
Shall I pull this patch? (20/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:35:35 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: increase lifetime of ACK transaction from T4 to T1 x 64
nta.c creates a ACK transaction in order to restransmit ACK requests when
ever a retransmitted 2XX response to INVITE is received. The UAS retransmits
the 2XX responses for 64 x T1 (32 second by default).
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (21/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 10:21:04 EDT 2007 Pekka.Pessi@nokia.com
* Makefile.am: generating libsofia-sip-ua/docs/Doxyfile.rfc before making manpages
Shall I pull this patch? (22/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:05:33 EDT 2007 Pekka.Pessi@nokia.com
* sofia-sip/tport_tag.h: added TPTAG_KEEPALIVE(), TPTAG_PINGPONG(), TPTAG_PONG2PING()
Shall I pull this patch? (23/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:09:06 EDT 2007 Pekka.Pessi@nokia.com
* tport: added ping-pong keepalive on TCP. replaced single tick with connection-specific timer
Now detecting closed connections on TLS, too.
Added tests for idle timeout, receive timeout, ping-pong timeout.
Shall I pull this patch? (24/43) [ynWvpxqadjk], or ? for help: y
Fri Jul 6 10:19:32 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: added nta_incoming_received()
Shall I pull this patch? (25/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:29:56 EDT 2007 Pekka.Pessi@nokia.com
* nua_session.c: delay transition to ready when O/A is incomplete
Delay sending ACK and subsequent transition of call to the ready state when
the 200 OK response to the INVITE is received if the SDP Offer/Answer
exchange using UPDATE/PRACK was still incomplete.
Previously, if the O/A using UPDATE or PRACK was incomplete and an 200 OK
was received, the call setup logic regarded this as a fatal error and
terminated the call.
Thanks for Mike Jerris for detecting and reporting this bug.
Shall I pull this patch? (26/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:22:46 EDT 2007 Pekka.Pessi@nokia.com
* test_call_reject.c: testing Retry-After
Shall I pull this patch? (27/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:42:51 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: using rudimentary outbound support in B's proxy.
Shall I pull this patch? (28/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:48:33 EDT 2007 Pekka.Pessi@nokia.com
* nua_register.c: added some logging to nua_register_connection_closed()
Shall I pull this patch? (29/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:43:57 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: using AUTHTAG_MAX_NCOUNT(1) for Mr. C
C is now challenged every time.
Shall I pull this patch? (30/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 11:05:19 EDT 2007 Pekka.Pessi@nokia.com
* nua/test_100rel.c: fixed timing problem re response to PRACK and ACK
Shall I pull this patch? (31/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 06:02:50 EDT 2007 Mikhail Zabaluev <mikhail.zabaluev@nokia.com>
* DIST_SUBDIRS must include everything unconditionally
Shall I pull this patch? (32/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 13:53:04 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: silenced warnings
Shall I pull this patch? (33/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 16:59:48 EDT 2007 Pekka.Pessi@nokia.com
* nua: refactored dialog refresh code
Shall I pull this patch? (34/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 16:59:48 EDT 2007 Pekka.Pessi@nokia.com
UNDO: nua: refactored dialog refresh code
Shall I pull this patch? (35/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:01:25 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.[hc]: renamed functions setting refresh interval
Shall I pull this patch? (36/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:15:03 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.[hc], nua_stack.c: added nua_dialog_repeat_shutdown()
Shall I pull this patch? (37/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:19:20 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.h: renamed nua_remote_t as nua_dialog_peer_info_t
Shall I pull this patch? (38/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:23:04 EDT 2007 Pekka.Pessi@nokia.com
* nua_stack.c: added timer to client request in order to implement Retry-After
Shall I pull this patch? (39/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:33:53 EDT 2007 Pekka.Pessi@nokia.com
* nua: added backpointers to nua_dialog_usage_t and nua_dialog_state_t
Shall I pull this patch? (40/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 13:56:48 EDT 2007 Pekka.Pessi@nokia.com
* test_nua.c: abort() in timeout alarm function if -a is given
Shall I pull this patch? (41/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 17:13:18 EDT 2007 Pekka.Pessi@nokia.com
* nua_subnotref.c: include SIPTAG_EVENT() in the nua_i_notify tag list
Shall I pull this patch? (42/43) [ynWvpxqadjk], or ? for help: y
Mon Sep 10 12:27:53 EDT 2007 Pekka.Pessi@nokia.com
* nua: save Contact from target refresh request or response.
Save the Contact header which the application has added to the target
refresh requests or responses and use the saved contact in subsequent target
refresh requests or responses.
Previously the application had no way of specifying the Contact included in
the automatic responses to target refresh requests.
Thanks for Anthony Minessale for reporting this problem.
Shall I pull this patch? (43/43) [ynWvpxqadjk], or ? for help: y
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@5692 d0543943-73ff-0310-b7d9-9358b9ac24b2
2007-09-10 20:45:25 +00:00
|
|
|
if (SSL_get_shutdown(tls->con) & SSL_RECEIVED_SHUTDOWN)
|
|
|
|
return 0; /* EOS */
|
|
|
|
if (errno == 0)
|
|
|
|
return 0; /* EOS */
|
2006-12-21 06:30:28 +00:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
default:
|
2008-02-15 15:58:10 +00:00
|
|
|
tls_log_errors(1, who, err);
|
2006-12-21 06:30:28 +00:00
|
|
|
errno = EIO;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (buf) {
|
|
|
|
tls->write_events = events;
|
|
|
|
tls->write_buffer = buf, tls->write_buffer_len = size;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
tls->read_events = events;
|
|
|
|
}
|
|
|
|
|
|
|
|
errno = EAGAIN;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t tls_read(tls_t *tls)
|
|
|
|
{
|
|
|
|
ssize_t ret;
|
|
|
|
|
|
|
|
if (tls == NULL) {
|
|
|
|
errno = EINVAL;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (0)
|
2008-01-18 23:33:44 +00:00
|
|
|
SU_DEBUG_1(("tls_read(%p) called on %s (events %u)\n", (void *)tls,
|
2009-02-11 17:03:59 +00:00
|
|
|
tls->type ? "master" : "slave",
|
2008-01-18 23:33:44 +00:00
|
|
|
tls->read_events));
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
if (tls->read_buffer_len)
|
|
|
|
return (ssize_t)tls->read_buffer_len;
|
|
|
|
|
|
|
|
tls->read_events = SU_WAIT_IN;
|
|
|
|
|
|
|
|
ret = SSL_read(tls->con, tls->read_buffer, tls_buffer_size);
|
|
|
|
if (ret <= 0)
|
2008-02-15 15:58:10 +00:00
|
|
|
return tls_error(tls, ret, "tls_read: SSL_read", NULL, 0);
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
return (ssize_t)(tls->read_buffer_len = ret);
|
|
|
|
}
|
|
|
|
|
|
|
|
void *tls_read_buffer(tls_t *tls, size_t N)
|
|
|
|
{
|
|
|
|
assert(N == tls->read_buffer_len);
|
|
|
|
tls->read_buffer_len = 0;
|
|
|
|
return tls->read_buffer;
|
|
|
|
}
|
|
|
|
|
|
|
|
int tls_pending(tls_t const *tls)
|
|
|
|
{
|
|
|
|
return tls && tls->con && SSL_pending(tls->con);
|
|
|
|
}
|
|
|
|
|
2007-10-11 19:58:13 +00:00
|
|
|
/** Check if data is available in TCP connection.
|
|
|
|
*
|
2008-12-16 18:05:22 +00:00
|
|
|
*
|
2007-10-11 19:58:13 +00:00
|
|
|
*
|
|
|
|
* @retval -1 upon an error
|
|
|
|
* @retval 0 end-of-stream
|
2008-12-16 18:05:22 +00:00
|
|
|
* @retval 1 nothing to read
|
2007-10-11 19:58:13 +00:00
|
|
|
* @retval 2 there is data to read
|
|
|
|
*/
|
2006-12-21 06:30:28 +00:00
|
|
|
int tls_want_read(tls_t *tls, int events)
|
|
|
|
{
|
|
|
|
if (tls && (events & tls->read_events)) {
|
|
|
|
int ret = tls_read(tls);
|
Merge up to the most recent sofia-sip darcs tree. Includes the following patches from darcs:
Tue Aug 21 09:38:59 EDT 2007 Pekka.Pessi@nokia.com
* tport_type_udp.c: checking error while checking that MSG_TRUNC works.
Shall I pull this patch? (1/43) [ynWvpxqadjk], or ? for help: y
Tue Aug 21 10:49:33 EDT 2007 Pekka.Pessi@nokia.com
* nua_params.c: NUTAG_SIPS_URL() now sets the handle target, too.
Problem reported by Jari Tenhunen.
Shall I pull this patch? (2/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 11:22:42 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: do not destroy INVITE transaction if it has been CANCELed
Handle gracefully cases where the INVITE transaction is destroyed
immediately after canceling it. The old behaviour was to left it up to the
application to ACK the final response returned to INVITE.
Thanks for Fabio Margarido for reporting this problem.
Shall I pull this patch? (3/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 13:02:01 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: added test with user SDP containing already rejected media
Shall I pull this patch? (4/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:41:20 EDT 2007 Pekka.Pessi@nokia.com
* nta: added option for processing orphan responses matching with a dialog
The orphan responses matching with the dialog can now be processed by the
response callback.The dialog leg can be created with
NTATAG_RESPONSE_CALLBACK() or a response callback can be later bound to the
leg with nta_leg_bind_response().
This is practically useful only with 200 OK responses to the INVITE that are
retransmitted by the UAS. By default, the retransmission are catched by the
ACK transaction (which then retransmits the ACK request message). However,
after ACK transaction times out, the retransmitted 200 OK indicates most
probably that the ACK request messages do not reach UAS.
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (5/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:41:20 EDT 2007 Pekka.Pessi@nokia.com
UNDO: nta: added option for processing orphan responses matching with a dialog
The orphan responses matching with the dialog can now be processed by the
response callback.The dialog leg can be created with
NTATAG_RESPONSE_CALLBACK() or a response callback can be later bound to the
leg with nta_leg_bind_response().
This is practically useful only with 200 OK responses to the INVITE that are
retransmitted by the UAS. By default, the retransmission are catched by the
ACK transaction (which then retransmits the ACK request message). However,
after ACK transaction times out, the retransmitted 200 OK indicates most
probably that the ACK request messages do not reach UAS.
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (6/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 07:00:10 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: disabled nta_msg_ackbye(). Fix for sf.net bug #1750691
Thanks for Mikhail Zabaluev for reporting this bug.
Shall I pull this patch? (7/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 06:54:38 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: added test for sf.net bug #1750691
Shall I pull this patch? (8/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 07:03:45 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: added test for nua_bye() sending CANCEL
Shall I pull this patch? (9/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 31 12:08:09 EDT 2007 Pekka.Pessi@nokia.com
* url.c: fixed escaping of '/' %2F, ';' %3B and '=' %3D in URL path/params
Thanks for Fabio Margarido for reporting this bug.
Shall I pull this patch? (10/43) [ynWvpxqadjk], or ? for help: y
Mon Sep 3 10:14:55 EDT 2007 Pekka.Pessi@nokia.com
* url.c: do not un-escape %40 in URI parameters.
Do not unescape %2C, %3B, %3D, or %40 in URI parameters, nor
%2C, %2F, %3B, %3D, or %40 in URI path.
The @ sign can be ambiguous in the SIP URL, e.g.,
<sip:test.info;p=value@test.com>
can be parsed in two ways:
1) username contains test.info;param=value and host part has test.com
2) empty username, host part test.info, URI parameter p=value@test.com
Previously Sofia URL parser converted escaped '@' at signs (%40) in the URI
parameters to the unescaped form. The resulting URI could be ambiguous and
sometimes fail the syntax check if there was no '@' sign before the
unescaped one.
Thanks for Jan van den Bosch and Mikhail Zabaluev for reporting this bug.
Shall I pull this patch? (11/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 04:59:57 EDT 2007 Pekka.Pessi@nokia.com
* tport.c: fixed indenting, logging
Shall I pull this patch? (12/43) [ynWvpxqadjk], or ? for help: y
Fri Jul 13 12:47:33 EDT 2007 Pekka.Pessi@nokia.com
* nua/test_proxy.h, nua/test_proxy.c: added support for multiple domains
Each domain has its own registrar and authentication module.
Shall I pull this patch? (13/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:19:33 EDT 2007 Pekka.Pessi@nokia.com
* test_ops.c: added timestamp to event logging
Shall I pull this patch? (14/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:20:12 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: fixed timing problems in testing.
Shall I pull this patch? (15/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:31:04 EDT 2007 Pekka.Pessi@nokia.com
* test_ops.c: reduce su_root_step() delay to 0.1 seconds
Shall I pull this patch? (16/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:31:22 EDT 2007 Pekka.Pessi@nokia.com
* test_register.c: fixed timing problem
Shall I pull this patch? (17/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 17:03:46 EDT 2007 Pekka.Pessi@nokia.com
* test_100rel.c: fixed timing problems resulting in events being reordered
Shall I pull this patch? (18/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:40:53 EDT 2007 Pekka.Pessi@nokia.com
* nua (test_init.c, test_register.c): using test_proxy domains
Shall I pull this patch? (19/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 12:12:32 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: added cleanup code
Shall I pull this patch? (20/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:35:35 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: increase lifetime of ACK transaction from T4 to T1 x 64
nta.c creates a ACK transaction in order to restransmit ACK requests when
ever a retransmitted 2XX response to INVITE is received. The UAS retransmits
the 2XX responses for 64 x T1 (32 second by default).
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (21/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 10:21:04 EDT 2007 Pekka.Pessi@nokia.com
* Makefile.am: generating libsofia-sip-ua/docs/Doxyfile.rfc before making manpages
Shall I pull this patch? (22/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:05:33 EDT 2007 Pekka.Pessi@nokia.com
* sofia-sip/tport_tag.h: added TPTAG_KEEPALIVE(), TPTAG_PINGPONG(), TPTAG_PONG2PING()
Shall I pull this patch? (23/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:09:06 EDT 2007 Pekka.Pessi@nokia.com
* tport: added ping-pong keepalive on TCP. replaced single tick with connection-specific timer
Now detecting closed connections on TLS, too.
Added tests for idle timeout, receive timeout, ping-pong timeout.
Shall I pull this patch? (24/43) [ynWvpxqadjk], or ? for help: y
Fri Jul 6 10:19:32 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: added nta_incoming_received()
Shall I pull this patch? (25/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:29:56 EDT 2007 Pekka.Pessi@nokia.com
* nua_session.c: delay transition to ready when O/A is incomplete
Delay sending ACK and subsequent transition of call to the ready state when
the 200 OK response to the INVITE is received if the SDP Offer/Answer
exchange using UPDATE/PRACK was still incomplete.
Previously, if the O/A using UPDATE or PRACK was incomplete and an 200 OK
was received, the call setup logic regarded this as a fatal error and
terminated the call.
Thanks for Mike Jerris for detecting and reporting this bug.
Shall I pull this patch? (26/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:22:46 EDT 2007 Pekka.Pessi@nokia.com
* test_call_reject.c: testing Retry-After
Shall I pull this patch? (27/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:42:51 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: using rudimentary outbound support in B's proxy.
Shall I pull this patch? (28/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:48:33 EDT 2007 Pekka.Pessi@nokia.com
* nua_register.c: added some logging to nua_register_connection_closed()
Shall I pull this patch? (29/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:43:57 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: using AUTHTAG_MAX_NCOUNT(1) for Mr. C
C is now challenged every time.
Shall I pull this patch? (30/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 11:05:19 EDT 2007 Pekka.Pessi@nokia.com
* nua/test_100rel.c: fixed timing problem re response to PRACK and ACK
Shall I pull this patch? (31/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 06:02:50 EDT 2007 Mikhail Zabaluev <mikhail.zabaluev@nokia.com>
* DIST_SUBDIRS must include everything unconditionally
Shall I pull this patch? (32/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 13:53:04 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: silenced warnings
Shall I pull this patch? (33/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 16:59:48 EDT 2007 Pekka.Pessi@nokia.com
* nua: refactored dialog refresh code
Shall I pull this patch? (34/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 16:59:48 EDT 2007 Pekka.Pessi@nokia.com
UNDO: nua: refactored dialog refresh code
Shall I pull this patch? (35/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:01:25 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.[hc]: renamed functions setting refresh interval
Shall I pull this patch? (36/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:15:03 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.[hc], nua_stack.c: added nua_dialog_repeat_shutdown()
Shall I pull this patch? (37/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:19:20 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.h: renamed nua_remote_t as nua_dialog_peer_info_t
Shall I pull this patch? (38/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:23:04 EDT 2007 Pekka.Pessi@nokia.com
* nua_stack.c: added timer to client request in order to implement Retry-After
Shall I pull this patch? (39/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:33:53 EDT 2007 Pekka.Pessi@nokia.com
* nua: added backpointers to nua_dialog_usage_t and nua_dialog_state_t
Shall I pull this patch? (40/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 13:56:48 EDT 2007 Pekka.Pessi@nokia.com
* test_nua.c: abort() in timeout alarm function if -a is given
Shall I pull this patch? (41/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 17:13:18 EDT 2007 Pekka.Pessi@nokia.com
* nua_subnotref.c: include SIPTAG_EVENT() in the nua_i_notify tag list
Shall I pull this patch? (42/43) [ynWvpxqadjk], or ? for help: y
Mon Sep 10 12:27:53 EDT 2007 Pekka.Pessi@nokia.com
* nua: save Contact from target refresh request or response.
Save the Contact header which the application has added to the target
refresh requests or responses and use the saved contact in subsequent target
refresh requests or responses.
Previously the application had no way of specifying the Contact included in
the automatic responses to target refresh requests.
Thanks for Anthony Minessale for reporting this problem.
Shall I pull this patch? (43/43) [ynWvpxqadjk], or ? for help: y
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@5692 d0543943-73ff-0310-b7d9-9358b9ac24b2
2007-09-10 20:45:25 +00:00
|
|
|
if (ret > 0)
|
2007-10-11 19:58:13 +00:00
|
|
|
return 2;
|
Merge up to the most recent sofia-sip darcs tree. Includes the following patches from darcs:
Tue Aug 21 09:38:59 EDT 2007 Pekka.Pessi@nokia.com
* tport_type_udp.c: checking error while checking that MSG_TRUNC works.
Shall I pull this patch? (1/43) [ynWvpxqadjk], or ? for help: y
Tue Aug 21 10:49:33 EDT 2007 Pekka.Pessi@nokia.com
* nua_params.c: NUTAG_SIPS_URL() now sets the handle target, too.
Problem reported by Jari Tenhunen.
Shall I pull this patch? (2/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 11:22:42 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: do not destroy INVITE transaction if it has been CANCELed
Handle gracefully cases where the INVITE transaction is destroyed
immediately after canceling it. The old behaviour was to left it up to the
application to ACK the final response returned to INVITE.
Thanks for Fabio Margarido for reporting this problem.
Shall I pull this patch? (3/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 13:02:01 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: added test with user SDP containing already rejected media
Shall I pull this patch? (4/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:41:20 EDT 2007 Pekka.Pessi@nokia.com
* nta: added option for processing orphan responses matching with a dialog
The orphan responses matching with the dialog can now be processed by the
response callback.The dialog leg can be created with
NTATAG_RESPONSE_CALLBACK() or a response callback can be later bound to the
leg with nta_leg_bind_response().
This is practically useful only with 200 OK responses to the INVITE that are
retransmitted by the UAS. By default, the retransmission are catched by the
ACK transaction (which then retransmits the ACK request message). However,
after ACK transaction times out, the retransmitted 200 OK indicates most
probably that the ACK request messages do not reach UAS.
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (5/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:41:20 EDT 2007 Pekka.Pessi@nokia.com
UNDO: nta: added option for processing orphan responses matching with a dialog
The orphan responses matching with the dialog can now be processed by the
response callback.The dialog leg can be created with
NTATAG_RESPONSE_CALLBACK() or a response callback can be later bound to the
leg with nta_leg_bind_response().
This is practically useful only with 200 OK responses to the INVITE that are
retransmitted by the UAS. By default, the retransmission are catched by the
ACK transaction (which then retransmits the ACK request message). However,
after ACK transaction times out, the retransmitted 200 OK indicates most
probably that the ACK request messages do not reach UAS.
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (6/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 07:00:10 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: disabled nta_msg_ackbye(). Fix for sf.net bug #1750691
Thanks for Mikhail Zabaluev for reporting this bug.
Shall I pull this patch? (7/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 06:54:38 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: added test for sf.net bug #1750691
Shall I pull this patch? (8/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 07:03:45 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: added test for nua_bye() sending CANCEL
Shall I pull this patch? (9/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 31 12:08:09 EDT 2007 Pekka.Pessi@nokia.com
* url.c: fixed escaping of '/' %2F, ';' %3B and '=' %3D in URL path/params
Thanks for Fabio Margarido for reporting this bug.
Shall I pull this patch? (10/43) [ynWvpxqadjk], or ? for help: y
Mon Sep 3 10:14:55 EDT 2007 Pekka.Pessi@nokia.com
* url.c: do not un-escape %40 in URI parameters.
Do not unescape %2C, %3B, %3D, or %40 in URI parameters, nor
%2C, %2F, %3B, %3D, or %40 in URI path.
The @ sign can be ambiguous in the SIP URL, e.g.,
<sip:test.info;p=value@test.com>
can be parsed in two ways:
1) username contains test.info;param=value and host part has test.com
2) empty username, host part test.info, URI parameter p=value@test.com
Previously Sofia URL parser converted escaped '@' at signs (%40) in the URI
parameters to the unescaped form. The resulting URI could be ambiguous and
sometimes fail the syntax check if there was no '@' sign before the
unescaped one.
Thanks for Jan van den Bosch and Mikhail Zabaluev for reporting this bug.
Shall I pull this patch? (11/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 04:59:57 EDT 2007 Pekka.Pessi@nokia.com
* tport.c: fixed indenting, logging
Shall I pull this patch? (12/43) [ynWvpxqadjk], or ? for help: y
Fri Jul 13 12:47:33 EDT 2007 Pekka.Pessi@nokia.com
* nua/test_proxy.h, nua/test_proxy.c: added support for multiple domains
Each domain has its own registrar and authentication module.
Shall I pull this patch? (13/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:19:33 EDT 2007 Pekka.Pessi@nokia.com
* test_ops.c: added timestamp to event logging
Shall I pull this patch? (14/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:20:12 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: fixed timing problems in testing.
Shall I pull this patch? (15/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:31:04 EDT 2007 Pekka.Pessi@nokia.com
* test_ops.c: reduce su_root_step() delay to 0.1 seconds
Shall I pull this patch? (16/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:31:22 EDT 2007 Pekka.Pessi@nokia.com
* test_register.c: fixed timing problem
Shall I pull this patch? (17/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 17:03:46 EDT 2007 Pekka.Pessi@nokia.com
* test_100rel.c: fixed timing problems resulting in events being reordered
Shall I pull this patch? (18/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:40:53 EDT 2007 Pekka.Pessi@nokia.com
* nua (test_init.c, test_register.c): using test_proxy domains
Shall I pull this patch? (19/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 12:12:32 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: added cleanup code
Shall I pull this patch? (20/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:35:35 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: increase lifetime of ACK transaction from T4 to T1 x 64
nta.c creates a ACK transaction in order to restransmit ACK requests when
ever a retransmitted 2XX response to INVITE is received. The UAS retransmits
the 2XX responses for 64 x T1 (32 second by default).
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (21/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 10:21:04 EDT 2007 Pekka.Pessi@nokia.com
* Makefile.am: generating libsofia-sip-ua/docs/Doxyfile.rfc before making manpages
Shall I pull this patch? (22/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:05:33 EDT 2007 Pekka.Pessi@nokia.com
* sofia-sip/tport_tag.h: added TPTAG_KEEPALIVE(), TPTAG_PINGPONG(), TPTAG_PONG2PING()
Shall I pull this patch? (23/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:09:06 EDT 2007 Pekka.Pessi@nokia.com
* tport: added ping-pong keepalive on TCP. replaced single tick with connection-specific timer
Now detecting closed connections on TLS, too.
Added tests for idle timeout, receive timeout, ping-pong timeout.
Shall I pull this patch? (24/43) [ynWvpxqadjk], or ? for help: y
Fri Jul 6 10:19:32 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: added nta_incoming_received()
Shall I pull this patch? (25/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:29:56 EDT 2007 Pekka.Pessi@nokia.com
* nua_session.c: delay transition to ready when O/A is incomplete
Delay sending ACK and subsequent transition of call to the ready state when
the 200 OK response to the INVITE is received if the SDP Offer/Answer
exchange using UPDATE/PRACK was still incomplete.
Previously, if the O/A using UPDATE or PRACK was incomplete and an 200 OK
was received, the call setup logic regarded this as a fatal error and
terminated the call.
Thanks for Mike Jerris for detecting and reporting this bug.
Shall I pull this patch? (26/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:22:46 EDT 2007 Pekka.Pessi@nokia.com
* test_call_reject.c: testing Retry-After
Shall I pull this patch? (27/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:42:51 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: using rudimentary outbound support in B's proxy.
Shall I pull this patch? (28/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:48:33 EDT 2007 Pekka.Pessi@nokia.com
* nua_register.c: added some logging to nua_register_connection_closed()
Shall I pull this patch? (29/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:43:57 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: using AUTHTAG_MAX_NCOUNT(1) for Mr. C
C is now challenged every time.
Shall I pull this patch? (30/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 11:05:19 EDT 2007 Pekka.Pessi@nokia.com
* nua/test_100rel.c: fixed timing problem re response to PRACK and ACK
Shall I pull this patch? (31/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 06:02:50 EDT 2007 Mikhail Zabaluev <mikhail.zabaluev@nokia.com>
* DIST_SUBDIRS must include everything unconditionally
Shall I pull this patch? (32/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 13:53:04 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: silenced warnings
Shall I pull this patch? (33/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 16:59:48 EDT 2007 Pekka.Pessi@nokia.com
* nua: refactored dialog refresh code
Shall I pull this patch? (34/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 16:59:48 EDT 2007 Pekka.Pessi@nokia.com
UNDO: nua: refactored dialog refresh code
Shall I pull this patch? (35/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:01:25 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.[hc]: renamed functions setting refresh interval
Shall I pull this patch? (36/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:15:03 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.[hc], nua_stack.c: added nua_dialog_repeat_shutdown()
Shall I pull this patch? (37/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:19:20 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.h: renamed nua_remote_t as nua_dialog_peer_info_t
Shall I pull this patch? (38/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:23:04 EDT 2007 Pekka.Pessi@nokia.com
* nua_stack.c: added timer to client request in order to implement Retry-After
Shall I pull this patch? (39/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:33:53 EDT 2007 Pekka.Pessi@nokia.com
* nua: added backpointers to nua_dialog_usage_t and nua_dialog_state_t
Shall I pull this patch? (40/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 13:56:48 EDT 2007 Pekka.Pessi@nokia.com
* test_nua.c: abort() in timeout alarm function if -a is given
Shall I pull this patch? (41/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 17:13:18 EDT 2007 Pekka.Pessi@nokia.com
* nua_subnotref.c: include SIPTAG_EVENT() in the nua_i_notify tag list
Shall I pull this patch? (42/43) [ynWvpxqadjk], or ? for help: y
Mon Sep 10 12:27:53 EDT 2007 Pekka.Pessi@nokia.com
* nua: save Contact from target refresh request or response.
Save the Contact header which the application has added to the target
refresh requests or responses and use the saved contact in subsequent target
refresh requests or responses.
Previously the application had no way of specifying the Contact included in
the automatic responses to target refresh requests.
Thanks for Anthony Minessale for reporting this problem.
Shall I pull this patch? (43/43) [ynWvpxqadjk], or ? for help: y
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@5692 d0543943-73ff-0310-b7d9-9358b9ac24b2
2007-09-10 20:45:25 +00:00
|
|
|
else if (ret == 0)
|
2006-12-21 06:30:28 +00:00
|
|
|
return 0;
|
Merge up to the most recent sofia-sip darcs tree. Includes the following patches from darcs:
Tue Aug 21 09:38:59 EDT 2007 Pekka.Pessi@nokia.com
* tport_type_udp.c: checking error while checking that MSG_TRUNC works.
Shall I pull this patch? (1/43) [ynWvpxqadjk], or ? for help: y
Tue Aug 21 10:49:33 EDT 2007 Pekka.Pessi@nokia.com
* nua_params.c: NUTAG_SIPS_URL() now sets the handle target, too.
Problem reported by Jari Tenhunen.
Shall I pull this patch? (2/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 11:22:42 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: do not destroy INVITE transaction if it has been CANCELed
Handle gracefully cases where the INVITE transaction is destroyed
immediately after canceling it. The old behaviour was to left it up to the
application to ACK the final response returned to INVITE.
Thanks for Fabio Margarido for reporting this problem.
Shall I pull this patch? (3/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 13:02:01 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: added test with user SDP containing already rejected media
Shall I pull this patch? (4/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:41:20 EDT 2007 Pekka.Pessi@nokia.com
* nta: added option for processing orphan responses matching with a dialog
The orphan responses matching with the dialog can now be processed by the
response callback.The dialog leg can be created with
NTATAG_RESPONSE_CALLBACK() or a response callback can be later bound to the
leg with nta_leg_bind_response().
This is practically useful only with 200 OK responses to the INVITE that are
retransmitted by the UAS. By default, the retransmission are catched by the
ACK transaction (which then retransmits the ACK request message). However,
after ACK transaction times out, the retransmitted 200 OK indicates most
probably that the ACK request messages do not reach UAS.
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (5/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:41:20 EDT 2007 Pekka.Pessi@nokia.com
UNDO: nta: added option for processing orphan responses matching with a dialog
The orphan responses matching with the dialog can now be processed by the
response callback.The dialog leg can be created with
NTATAG_RESPONSE_CALLBACK() or a response callback can be later bound to the
leg with nta_leg_bind_response().
This is practically useful only with 200 OK responses to the INVITE that are
retransmitted by the UAS. By default, the retransmission are catched by the
ACK transaction (which then retransmits the ACK request message). However,
after ACK transaction times out, the retransmitted 200 OK indicates most
probably that the ACK request messages do not reach UAS.
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (6/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 07:00:10 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: disabled nta_msg_ackbye(). Fix for sf.net bug #1750691
Thanks for Mikhail Zabaluev for reporting this bug.
Shall I pull this patch? (7/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 06:54:38 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: added test for sf.net bug #1750691
Shall I pull this patch? (8/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 30 07:03:45 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: added test for nua_bye() sending CANCEL
Shall I pull this patch? (9/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 31 12:08:09 EDT 2007 Pekka.Pessi@nokia.com
* url.c: fixed escaping of '/' %2F, ';' %3B and '=' %3D in URL path/params
Thanks for Fabio Margarido for reporting this bug.
Shall I pull this patch? (10/43) [ynWvpxqadjk], or ? for help: y
Mon Sep 3 10:14:55 EDT 2007 Pekka.Pessi@nokia.com
* url.c: do not un-escape %40 in URI parameters.
Do not unescape %2C, %3B, %3D, or %40 in URI parameters, nor
%2C, %2F, %3B, %3D, or %40 in URI path.
The @ sign can be ambiguous in the SIP URL, e.g.,
<sip:test.info;p=value@test.com>
can be parsed in two ways:
1) username contains test.info;param=value and host part has test.com
2) empty username, host part test.info, URI parameter p=value@test.com
Previously Sofia URL parser converted escaped '@' at signs (%40) in the URI
parameters to the unescaped form. The resulting URI could be ambiguous and
sometimes fail the syntax check if there was no '@' sign before the
unescaped one.
Thanks for Jan van den Bosch and Mikhail Zabaluev for reporting this bug.
Shall I pull this patch? (11/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 04:59:57 EDT 2007 Pekka.Pessi@nokia.com
* tport.c: fixed indenting, logging
Shall I pull this patch? (12/43) [ynWvpxqadjk], or ? for help: y
Fri Jul 13 12:47:33 EDT 2007 Pekka.Pessi@nokia.com
* nua/test_proxy.h, nua/test_proxy.c: added support for multiple domains
Each domain has its own registrar and authentication module.
Shall I pull this patch? (13/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:19:33 EDT 2007 Pekka.Pessi@nokia.com
* test_ops.c: added timestamp to event logging
Shall I pull this patch? (14/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:20:12 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: fixed timing problems in testing.
Shall I pull this patch? (15/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:31:04 EDT 2007 Pekka.Pessi@nokia.com
* test_ops.c: reduce su_root_step() delay to 0.1 seconds
Shall I pull this patch? (16/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:31:22 EDT 2007 Pekka.Pessi@nokia.com
* test_register.c: fixed timing problem
Shall I pull this patch? (17/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 17:03:46 EDT 2007 Pekka.Pessi@nokia.com
* test_100rel.c: fixed timing problems resulting in events being reordered
Shall I pull this patch? (18/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:40:53 EDT 2007 Pekka.Pessi@nokia.com
* nua (test_init.c, test_register.c): using test_proxy domains
Shall I pull this patch? (19/43) [ynWvpxqadjk], or ? for help: y
Thu Aug 23 12:12:32 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: added cleanup code
Shall I pull this patch? (20/43) [ynWvpxqadjk], or ? for help: y
Fri Aug 24 09:35:35 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: increase lifetime of ACK transaction from T4 to T1 x 64
nta.c creates a ACK transaction in order to restransmit ACK requests when
ever a retransmitted 2XX response to INVITE is received. The UAS retransmits
the 2XX responses for 64 x T1 (32 second by default).
Partially fixes the sf.net bug #1750691 reported by Mikhail Zabaluev.
Shall I pull this patch? (21/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 10:21:04 EDT 2007 Pekka.Pessi@nokia.com
* Makefile.am: generating libsofia-sip-ua/docs/Doxyfile.rfc before making manpages
Shall I pull this patch? (22/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:05:33 EDT 2007 Pekka.Pessi@nokia.com
* sofia-sip/tport_tag.h: added TPTAG_KEEPALIVE(), TPTAG_PINGPONG(), TPTAG_PONG2PING()
Shall I pull this patch? (23/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:09:06 EDT 2007 Pekka.Pessi@nokia.com
* tport: added ping-pong keepalive on TCP. replaced single tick with connection-specific timer
Now detecting closed connections on TLS, too.
Added tests for idle timeout, receive timeout, ping-pong timeout.
Shall I pull this patch? (24/43) [ynWvpxqadjk], or ? for help: y
Fri Jul 6 10:19:32 EDT 2007 Pekka.Pessi@nokia.com
* nta.c: added nta_incoming_received()
Shall I pull this patch? (25/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 11:29:56 EDT 2007 Pekka.Pessi@nokia.com
* nua_session.c: delay transition to ready when O/A is incomplete
Delay sending ACK and subsequent transition of call to the ready state when
the 200 OK response to the INVITE is received if the SDP Offer/Answer
exchange using UPDATE/PRACK was still incomplete.
Previously, if the O/A using UPDATE or PRACK was incomplete and an 200 OK
was received, the call setup logic regarded this as a fatal error and
terminated the call.
Thanks for Mike Jerris for detecting and reporting this bug.
Shall I pull this patch? (26/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:22:46 EDT 2007 Pekka.Pessi@nokia.com
* test_call_reject.c: testing Retry-After
Shall I pull this patch? (27/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:42:51 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: using rudimentary outbound support in B's proxy.
Shall I pull this patch? (28/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:48:33 EDT 2007 Pekka.Pessi@nokia.com
* nua_register.c: added some logging to nua_register_connection_closed()
Shall I pull this patch? (29/43) [ynWvpxqadjk], or ? for help: y
Wed Jul 25 12:43:57 EDT 2007 Pekka.Pessi@nokia.com
* test_nua: using AUTHTAG_MAX_NCOUNT(1) for Mr. C
C is now challenged every time.
Shall I pull this patch? (30/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 11:05:19 EDT 2007 Pekka.Pessi@nokia.com
* nua/test_100rel.c: fixed timing problem re response to PRACK and ACK
Shall I pull this patch? (31/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 06:02:50 EDT 2007 Mikhail Zabaluev <mikhail.zabaluev@nokia.com>
* DIST_SUBDIRS must include everything unconditionally
Shall I pull this patch? (32/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 13:53:04 EDT 2007 Pekka.Pessi@nokia.com
* test_soa.c: silenced warnings
Shall I pull this patch? (33/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 16:59:48 EDT 2007 Pekka.Pessi@nokia.com
* nua: refactored dialog refresh code
Shall I pull this patch? (34/43) [ynWvpxqadjk], or ? for help: y
Mon Jul 23 16:59:48 EDT 2007 Pekka.Pessi@nokia.com
UNDO: nua: refactored dialog refresh code
Shall I pull this patch? (35/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:01:25 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.[hc]: renamed functions setting refresh interval
Shall I pull this patch? (36/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:15:03 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.[hc], nua_stack.c: added nua_dialog_repeat_shutdown()
Shall I pull this patch? (37/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:19:20 EDT 2007 Pekka.Pessi@nokia.com
* nua_dialog.h: renamed nua_remote_t as nua_dialog_peer_info_t
Shall I pull this patch? (38/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:23:04 EDT 2007 Pekka.Pessi@nokia.com
* nua_stack.c: added timer to client request in order to implement Retry-After
Shall I pull this patch? (39/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 12:33:53 EDT 2007 Pekka.Pessi@nokia.com
* nua: added backpointers to nua_dialog_usage_t and nua_dialog_state_t
Shall I pull this patch? (40/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 13:56:48 EDT 2007 Pekka.Pessi@nokia.com
* test_nua.c: abort() in timeout alarm function if -a is given
Shall I pull this patch? (41/43) [ynWvpxqadjk], or ? for help: y
Thu Sep 6 17:13:18 EDT 2007 Pekka.Pessi@nokia.com
* nua_subnotref.c: include SIPTAG_EVENT() in the nua_i_notify tag list
Shall I pull this patch? (42/43) [ynWvpxqadjk], or ? for help: y
Mon Sep 10 12:27:53 EDT 2007 Pekka.Pessi@nokia.com
* nua: save Contact from target refresh request or response.
Save the Contact header which the application has added to the target
refresh requests or responses and use the saved contact in subsequent target
refresh requests or responses.
Previously the application had no way of specifying the Contact included in
the automatic responses to target refresh requests.
Thanks for Anthony Minessale for reporting this problem.
Shall I pull this patch? (43/43) [ynWvpxqadjk], or ? for help: y
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@5692 d0543943-73ff-0310-b7d9-9358b9ac24b2
2007-09-10 20:45:25 +00:00
|
|
|
else if (errno == EAGAIN)
|
2007-10-11 19:58:13 +00:00
|
|
|
return 3; /* ??? */
|
2006-12-21 06:30:28 +00:00
|
|
|
else
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2007-10-11 19:58:13 +00:00
|
|
|
return 1;
|
2006-12-21 06:30:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t tls_write(tls_t *tls, void *buf, size_t size)
|
|
|
|
{
|
|
|
|
ssize_t ret;
|
|
|
|
|
2008-12-16 18:05:22 +00:00
|
|
|
if (0)
|
|
|
|
SU_DEBUG_1(("tls_write(%p, %p, "MOD_ZU") called on %s\n",
|
2007-04-15 02:03:41 +00:00
|
|
|
(void *)tls, buf, size,
|
2009-02-11 17:03:59 +00:00
|
|
|
tls && tls->type == tls_slave ? "master" : "slave"));
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
if (tls == NULL || buf == NULL) {
|
|
|
|
errno = EINVAL;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tls->write_buffer) {
|
|
|
|
assert(buf == tls->write_buffer);
|
|
|
|
assert(size >= tls->write_buffer_len);
|
|
|
|
assert(tls->write_events == 0);
|
|
|
|
|
|
|
|
if (tls->write_events ||
|
2008-12-16 18:05:22 +00:00
|
|
|
buf != tls->write_buffer ||
|
2006-12-21 06:30:28 +00:00
|
|
|
size < tls->write_buffer_len) {
|
2008-12-16 18:05:22 +00:00
|
|
|
errno = EIO;
|
2006-12-21 06:30:28 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = tls->write_buffer_len;
|
|
|
|
|
|
|
|
tls->write_buffer = NULL;
|
|
|
|
tls->write_buffer_len = 0;
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (size == 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
tls->write_events = 0;
|
|
|
|
|
|
|
|
ret = SSL_write(tls->con, buf, size);
|
|
|
|
if (ret < 0)
|
2008-02-15 15:58:10 +00:00
|
|
|
return tls_error(tls, ret, "tls_write: SSL_write", buf, size);
|
2006-12-21 06:30:28 +00:00
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
int tls_want_write(tls_t *tls, int events)
|
|
|
|
{
|
|
|
|
if (tls && (events & tls->write_events)) {
|
|
|
|
int ret;
|
|
|
|
void *buf = tls->write_buffer;
|
|
|
|
size_t size = tls->write_buffer_len;
|
|
|
|
|
|
|
|
tls->write_events = 0;
|
|
|
|
|
|
|
|
/* remove buf */
|
|
|
|
tls->write_buffer = NULL;
|
|
|
|
tls->write_buffer_len = 0;
|
|
|
|
|
|
|
|
ret = tls_write(tls, buf, size);
|
|
|
|
|
|
|
|
if (ret >= 0)
|
|
|
|
/* Restore buf */
|
|
|
|
return tls->write_buffer = buf, tls->write_buffer_len = ret;
|
|
|
|
else if (errno == EAGAIN)
|
|
|
|
return 0;
|
|
|
|
else
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int tls_events(tls_t const *tls, int mask)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (!tls)
|
|
|
|
return mask;
|
|
|
|
|
|
|
|
if (tls->type == tls_master)
|
|
|
|
return mask;
|
2008-12-16 18:05:22 +00:00
|
|
|
|
2006-12-21 06:30:28 +00:00
|
|
|
return
|
|
|
|
(mask & ~(SU_WAIT_IN|SU_WAIT_OUT)) |
|
2008-12-16 18:05:22 +00:00
|
|
|
((mask & SU_WAIT_IN) ? tls->read_events : 0) |
|
2006-12-21 06:30:28 +00:00
|
|
|
((mask & SU_WAIT_OUT) ? tls->write_events : 0);
|
|
|
|
}
|
2009-02-11 16:11:33 +00:00
|
|
|
|
|
|
|
int tls_connect(su_root_magic_t *magic, su_wait_t *w, tport_t *self)
|
|
|
|
{
|
|
|
|
tport_master_t *mr = self->tp_master;
|
|
|
|
tport_tls_t *tlstp = (tport_tls_t *)self;
|
|
|
|
tls_t *tls;
|
|
|
|
int events = su_wait_events(w, self->tp_socket);
|
|
|
|
int error;
|
|
|
|
|
2009-02-11 17:00:16 +00:00
|
|
|
SU_DEBUG_7(("%s(%p): events%s%s%s%s\n", __func__, (void *)self,
|
2009-02-11 16:11:33 +00:00
|
|
|
events & (SU_WAIT_CONNECT) ? " CONNECTING" : "",
|
|
|
|
events & SU_WAIT_IN ? " NEGOTIATING" : "",
|
|
|
|
events & SU_WAIT_ERR ? " ERROR" : "",
|
|
|
|
events & SU_WAIT_HUP ? " HANGUP" : ""));
|
|
|
|
|
|
|
|
#if HAVE_POLL
|
|
|
|
assert(w->fd == self->tp_socket);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
if (events & SU_WAIT_ERR)
|
|
|
|
tport_error_event(self);
|
|
|
|
|
|
|
|
if (events & SU_WAIT_HUP && !self->tp_closed)
|
|
|
|
tport_hup_event(self);
|
|
|
|
|
|
|
|
if (self->tp_closed)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
error = su_soerror(self->tp_socket);
|
|
|
|
if (error) {
|
|
|
|
tport_error_report(self, error, NULL);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((tls = tlstp->tlstp_context) == NULL) {
|
2009-02-11 17:00:16 +00:00
|
|
|
SU_DEBUG_3(("%s(%p): Error: no TLS context data for connected socket.\n",
|
2009-12-01 22:42:18 +00:00
|
|
|
__func__, (void *)tlstp));
|
2009-02-11 16:11:33 +00:00
|
|
|
tport_close(self);
|
|
|
|
tport_set_secondary_timer(self);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (self->tp_is_connected == 0) {
|
|
|
|
int ret, status;
|
|
|
|
|
2009-02-11 17:03:59 +00:00
|
|
|
ret = self->tp_accepted ? SSL_accept(tls->con) : SSL_connect(tls->con);
|
2009-02-11 16:11:33 +00:00
|
|
|
status = SSL_get_error(tls->con, ret);
|
|
|
|
|
|
|
|
switch (status) {
|
|
|
|
case SSL_ERROR_WANT_READ:
|
|
|
|
/* OpenSSL is waiting for the peer to send handshake data */
|
|
|
|
self->tp_events = SU_WAIT_IN | SU_WAIT_ERR | SU_WAIT_HUP;
|
|
|
|
su_root_eventmask(mr->mr_root, self->tp_index,
|
|
|
|
self->tp_socket, self->tp_events);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case SSL_ERROR_WANT_WRITE:
|
|
|
|
/* OpenSSL is waiting for the peer to receive handshake data */
|
|
|
|
self->tp_events = SU_WAIT_IN | SU_WAIT_ERR | SU_WAIT_HUP | SU_WAIT_OUT;
|
2009-02-11 17:00:16 +00:00
|
|
|
su_root_eventmask(mr->mr_root, self->tp_index,
|
2009-02-11 16:11:33 +00:00
|
|
|
self->tp_socket, self->tp_events);
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
case SSL_ERROR_NONE:
|
|
|
|
/* TLS Handshake complete */
|
2009-02-11 17:03:59 +00:00
|
|
|
status = tls_post_connection_check(self, tls);
|
|
|
|
if ( status == X509_V_OK ) {
|
2009-02-11 16:11:33 +00:00
|
|
|
su_wait_t wait[1] = {SU_WAIT_INIT};
|
|
|
|
tport_master_t *mr = self->tp_master;
|
|
|
|
|
|
|
|
su_root_deregister(mr->mr_root, self->tp_index);
|
|
|
|
self->tp_index = -1;
|
|
|
|
self->tp_events = SU_WAIT_IN | SU_WAIT_ERR | SU_WAIT_HUP;
|
|
|
|
|
|
|
|
if ((su_wait_create(wait, self->tp_socket, self->tp_events) == -1) ||
|
2009-02-11 17:00:16 +00:00
|
|
|
((self->tp_index = su_root_register(mr->mr_root, wait, tport_wakeup,
|
2009-02-11 16:11:33 +00:00
|
|
|
self, 0)) == -1)) {
|
|
|
|
tport_close(self);
|
|
|
|
tport_set_secondary_timer(self);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
tls->read_events = SU_WAIT_IN;
|
|
|
|
tls->write_events = 0;
|
|
|
|
self->tp_is_connected = 1;
|
2009-02-11 17:03:59 +00:00
|
|
|
self->tp_verified = tls->x509_verified;
|
|
|
|
self->tp_subjects = tls->subjects;
|
2009-02-11 16:11:33 +00:00
|
|
|
|
|
|
|
if (tport_has_queued(self))
|
|
|
|
tport_send_event(self);
|
|
|
|
else
|
|
|
|
tport_set_secondary_timer(self);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
{
|
|
|
|
char errbuf[64];
|
|
|
|
ERR_error_string_n(status, errbuf, 64);
|
2009-02-11 17:00:16 +00:00
|
|
|
SU_DEBUG_3(("%s(%p): TLS setup failed (%s)\n",
|
2009-12-01 22:42:18 +00:00
|
|
|
__func__, (void *)self, errbuf));
|
2009-02-11 16:11:33 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* TLS Handshake Failed or Peer Certificate did not Verify */
|
|
|
|
tport_close(self);
|
|
|
|
tport_set_secondary_timer(self);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|