kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
24,719 Commits 54 Branches 148 Tags 229 MiB
Commit Graph

9 Commits

Author SHA1 Message Date
Anthony Minessale 668f4a6207 working mo better 2013-03-31 21:27:20 -05:00
Travis Cross c85c8d7bbd
Add mechanism to set OpenSSL session timeout 
In a sofia profile, you can now set the parameter tls-timeout to a
positive integer value which represents the maximum time in seconds
that OpenSSL will keep a TLS session (and its ephemeral keys) alive.

This value is passed to OpenSSL's SSL_CTX_set_timeout(3).

OpenSSL's default value is 300 seconds, but the relevant standard
(RFC 2246) suggests that much longer session lifetimes are
acceptable (it recommends values less than 24 hours).

Longer values can be useful for extending battery life on mobile
devices.

Signed-off-by: Travis Cross <tc@traviscross.com>
 2012-06-11 21:46:05 +00:00
Marc Olivier Chouinard f97a3266df FS-3071 I've commited the upstream passphrase backport 2011-12-18 11:04:59 -05:00
Michael Jerris 38dabb3635 Thu Jan 15 09:50:45 CST 2009 Jarod Neuner <janeuner@networkharbor.com> 
* TLS Subject Checking in tport
  
  sofia-sip/tport.h:
  * tport_delivered_from_subjects() returns type (su_strlst_t const *)
  * Export tport_subject_search()
  
  sofia-sip/tport_tag.h + tport_tag.c:
  * Remove TPTAG_TLS_VERIFY_PEER()
    - Depreciated.  Use TPTAG_TLS_VERIFY_POLICY instead.
    - Binary Compatibility is preserved.
  * Add TPTAG_TLS_VERIFY_POLICY()
    - tport can verify incoming and/or outgoing connections, using:
      1) Certificate Signatures only - or - 
      2) Certificate Signatures and Certificate Subjects
  * Add TPTAG_TLS_VERIFY_DEPTH()
    - Restrict certificate chain verification to a set length.
  * Add TPTAG_TLS_VERIFY_DATE()
    - Disable notBefore/notAfter checking (application: embedded devices)
  * Add TPTAG_TLS_VERIFY_SUBJECTS()
    - Incoming connections must present client certificates with subjects
      that match an item in this list.
    - Intended Use: Proxy Authentication
  * Replaced TPTAG_TRUSTED() with TPTAG_X509_SUBJECT()
    - Commented out for future use.
    - Intended Use: SIP User Identities in Server Certificates.
  * Add appropriate doxygen documentation.
  
  tport.c
  * Add tport_subject_search()
    - Subject can be a hostname, IP Address, or a URI.
    - Valid subject examples include:
        example.com
        alice@example.com
        sip:alice@example.com
        sips:alice@example.com
  * tport_by_addrinfo() matches tpn_canon against the subject list
      of reusable TLS connections.
  
  tport_tls.h:
  * Add tls_init_secondary()
  * Remove tls_init_slave() & tls_init_client()
  
  tport_tls.c:
  * tls_verify_cb() supports TPTAG_TLS_VERIFY_DATE()
  * tls_post_connection_check() verifies certificate subjects.
  * tls_init_secondary()
    - Replaces tls_init_slave(), tls_init_client(), and tls_clone().
  
  tport_type_tls.c:
  * Removed erroneous reference to tport_tls_deliver()
  * Fix a memory leak caused by duplicate calls to tls_clone().
  * Populate the (tport_t *)->tp_subjects field with peer certificate data for
    new secondary connections.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11830 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 17:03:59 +00:00
Michael Jerris 52fa079b2b Tue Dec 16 16:19:37 CST 2008 Jarod Neuner <janeuner@networkharbor.com> 
* Early TLS Handshake and Verification
  
  tport_type_tls.c:
  * tport_tls_accept():
    - Replaces tport_accept for incoming TLS connections.
  * tport_tls_connect():
    - Replaces tport_base_connect() for outgoing TLS connections.
  
  tport_tls.c:
  * tls_t now use a memory home instead of malloc.
  * removed tls_check_hosts()
  * tls_connect():
    - Replaces tport_base_connect for TLS connection setup.
    - Completes TLS handshake and verifies peer certificates.
    - Destroys suspect TLS connections before sending/receiving payload.
    - Populates a su_strlst_t with subjects from the peer certificate.
  
  tport.c:
  * tport_is_verified()
    - true if peer certificate validated successfully
  * tport_delivered_from_subjects()
    - Certificate subjects listed in the peer certificate.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11769 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2009-02-11 16:11:33 +00:00
Michael Jerris 253c81bb45 Wed Nov 26 12:42:31 CST 2008 Paulo Pizarro <paulo DOT pizarro AT gmail DOT com> 
* tport: new tag TPTAG_TLS_VERIFY_PEER

  With this tag, the verification of certificates can be controlled:
  0: no verify certificates.
  1: on server mode, the certificate returned by client is checked and
     if fail the TLS/SSL handshake is immediately terminated.
  1: on client mode, the server certificate is verified and
     if fail the TLS/SSL handshake is immediately terminated.

  I added this tag, because I'd like that my application not connected to a
  server with a untrusted certificate.



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@10824 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2008-12-16 20:26:19 +00:00
Michael Jerris d8c4d22d40 merge whitespace fixes from sofia-sip tree 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@10802 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2008-12-16 18:05:22 +00:00
Michael Jerris 5e81b98eba Sync to current darcs tree: 
Mon Sep 17 14:50:04 EDT 2007  Pekka.Pessi@nokia.com
  * sofia-sip/sip_util.h: updated documentation

Mon Sep 17 14:50:18 EDT 2007  Pekka.Pessi@nokia.com
  * sofia-sip/tport_tag.h: updated documentation

Mon Sep 17 14:50:28 EDT 2007  Pekka.Pessi@nokia.com
  * soa_tag.c: updated documentation

Wed Sep 19 12:50:01 EDT 2007  Pekka.Pessi@nokia.com
  * msg: updated documentation

Wed Sep 19 13:29:50 EDT 2007  Pekka.Pessi@nokia.com
  * url: updated documentation

Wed Sep 19 13:32:14 EDT 2007  Pekka.Pessi@nokia.com
  * nth: updated documentation

Wed Sep 19 13:32:27 EDT 2007  Pekka.Pessi@nokia.com
  * nea: updated documentation

Wed Sep 19 13:33:36 EDT 2007  Pekka.Pessi@nokia.com
  * http: updated documentation

Wed Sep 19 13:36:58 EDT 2007  Pekka.Pessi@nokia.com
  * bnf: updated documentation

Wed Sep 19 13:38:58 EDT 2007  Pekka.Pessi@nokia.com
  * nua: updated nua_stack_init_handle() prototype

Wed Sep 19 18:45:56 EDT 2007  Pekka.Pessi@nokia.com
  * sip: added sip_name_addr_xtra(), sip_name_addr_dup()

Wed Sep 19 19:00:19 EDT 2007  Pekka.Pessi@nokia.com
  * sip_basic.c: cleaned old crud

Thu Sep 20 13:34:04 EDT 2007  Pekka.Pessi@nokia.com
  * iptsec: updated documentation

Thu Sep 20 13:36:22 EDT 2007  Pekka.Pessi@nokia.com
  * tport: updated documentation

Thu Sep 20 13:36:56 EDT 2007  Pekka.Pessi@nokia.com
  * su: updated documentation
  Removed internal files from doxygen-generated documentation.

Thu Sep 20 13:38:29 EDT 2007  Pekka.Pessi@nokia.com
  * soa: fixed documentation

Thu Sep 20 13:39:56 EDT 2007  Pekka.Pessi@nokia.com
  * sdp: updated documentation

Thu Sep 20 13:40:16 EDT 2007  Pekka.Pessi@nokia.com
  * ipt: updated documentation

Thu Sep 20 14:24:20 EDT 2007  Pekka.Pessi@nokia.com
  * nta: updated documentation

Thu Sep 20 14:41:04 EDT 2007  Pekka.Pessi@nokia.com
  * nua: updated documentation

  Updated tag documentation.

  Moved doxygen doc entries from sofia-sip/nua_tag.h to nua_tag.c.

  Removed internal datatypes and files from the generated documents.

Wed Sep 19 13:34:20 EDT 2007  Pekka.Pessi@nokia.com
  * docs: updated the generation of documentation. Updated links to header files.

Thu Sep 20 08:45:32 EDT 2007  Pekka.Pessi@nokia.com
  * sip/Makefile.am: added tags to <sofia-sip/sip_extra.h>

  Added check for extra tags in torture_sip.c.

Thu Sep 20 14:45:22 EDT 2007  Pekka.Pessi@nokia.com
  * stun: updated documentation

Wed Jul  4 18:55:20 EDT 2007  Pekka.Pessi@nokia.com
  * torture_heap.c: added tests for ##sort() and su_smoothsort()

Wed Jul  4 18:56:59 EDT 2007  Pekka.Pessi@nokia.com
  * Makefile.am: added smoothsort.c

Fri Jul 13 12:38:44 EDT 2007  Pekka.Pessi@nokia.com
  * sofia-sip/heap.h: heap_remove() now set()s index to 0 on removed item

Mon Jul 23 11:14:22 EDT 2007  Pekka.Pessi@nokia.com
  * sofia-sip/heap.h: fixed bug in heap##remove()

  If left kid was in heap but right was not, left kid was ignored.

Wed Jul  4 18:51:08 EDT 2007  Pekka.Pessi@nokia.com
  * smoothsort.c: added

Wed Jul  4 18:51:34 EDT 2007  Pekka.Pessi@nokia.com
  * heap.h: using su_smoothsort()

Fri Jul  6 10:20:27 EDT 2007  Pekka.Pessi@nokia.com
  * smoothsort.c: added

Wed Sep 19 17:40:30 EDT 2007  Pekka.Pessi@nokia.com
  * msg_parser.awk: generate two parser tables, default and extended

Wed Sep 19 18:39:45 EDT 2007  Pekka.Pessi@nokia.com
  * msg_parser.awk: just generate list of extra headers

  Allocate extended parser dynamically.

Wed Sep 19 18:59:59 EDT 2007  Pekka.Pessi@nokia.com
  * sip: added Remote-Party-ID, P-Asserted-Identity, P-Preferred-Identity

  Added functions sip_update_default_mclass() and sip_extend_mclass()
  for handling the extended parser. Note that Reply-To and Alert-Info are only
  available with the extended parser.

Wed Sep 19 19:05:44 EDT 2007  Pekka.Pessi@nokia.com
  * RELEASE: updated

Thu Sep 20 13:38:59 EDT 2007  Pekka.Pessi@nokia.com
  * sip: updated documentation

Thu Sep 20 14:17:28 EDT 2007  Pekka.Pessi@nokia.com
  * docs/conformance.docs: updated

Mon Oct  1 10:11:14 EDT 2007  Pekka.Pessi@nokia.com
  * tport_tag.c: re-enabled tptag_trusted

Thu Oct  4 09:21:07 EDT 2007  Pekka.Pessi@nokia.com
  * su_osx_runloop.c: moved virtual function table after struct definition

  Preparing for su_port_vtable_t refactoring.

Thu Oct  4 10:22:03 EDT 2007  Pekka.Pessi@nokia.com
  * su_source.c: refactored initialization/deinitialization

Fri Oct  5 04:58:18 EDT 2007  Pekka Pessi <Pekka.Pessi@nokia.com>
  * sip_extra.c: fixed prototypes with isize_t

Fri Oct  5 04:58:45 EDT 2007  Pekka Pessi <Pekka.Pessi@nokia.com>
  * test_nta_api.c: removed warnings about signedness

Fri Oct  5 04:59:02 EDT 2007  Pekka Pessi <Pekka.Pessi@nokia.com>
  * test_nua_params.c: removed warnings about constness

Fri Oct  5 07:20:26 EDT 2007  Pekka Pessi <first.lastname@nokia.com>
  * su_port.h, su_root.c: cleaned argument checking

  The su_root_*() and su_port_*() functions now check their arguments once
  and do not assert() with NULL arguments. The sur_task->sut_port should
  always be valid while su_root_t is alive.

Fri Oct  5 07:22:09 EDT 2007  Pekka Pessi <first.lastname@nokia.com>
  * su: added su_root_obtain(), su_root_release() and su_root_has_thread()

  When root is created with su_root_create() or cloned with su_clone_start(),
  the resulting root is obtained by the calling or created thread,
  respectively.

  The root can be released with su_root_release() and another thread can
  obtain it.

  The function su_root_has_thread() can be used to check if a thread has
  obtained or released the root.

  Implementation upgraded the su_port_own_thread() method as su_port_thread().

Fri Oct  5 07:28:10 EDT 2007  Pekka Pessi <first.lastname@nokia.com>
  * su_port.h: removed su_port_threadsafe() and su_port_yield() methods

  su_port_wait_events() replaces su_port_yield().

Fri Oct  5 13:26:04 EDT 2007  Pekka Pessi <Pekka.Pessi@nokia.com>
  * msg_parser.awk: not extending header structure unless needed.

  Removed gawk-ish /* comments */.

Fri Oct  5 14:32:25 EDT 2007  Pekka Pessi <Pekka.Pessi@nokia.com>
  * run_test_su: removed GNUisms

Fri Oct  5 14:32:47 EDT 2007  Pekka Pessi <Pekka.Pessi@nokia.com>
  * Makefile.am: removed implicit check target test_urlmap

Fri Oct  5 14:22:32 EDT 2007  Pekka Pessi <first.lastname@nokia.com>
  * torture_sresolv.c: use CLOCK_REALTIME if no CLOCK_PROCESS_CPUTIME_ID available

  Casting timespec tv_sec to unsigned long.

Fri Oct * nua_s added handling nua_prack()

  Thanks to Fabio Margarido for the patch.

Mon Oct  8 10:24:35 EDT 2007  Pekka.Pessi@nokia.com
  * test_nua: added test for sf.net bug #1803686

Mon Oct  8 08:15:23 EDT 2007  Pekka.Pessi@nokia.com
  * RELEASE: updated.

Mon Oct  8 09:30:36 EDT 2007  Pekka.Pessi@nokia.com
  * nua_stack: added handling nua_prack()

  Thanks to Fabio Margarido for the patch.

Mon Oct  8 10:24:35 EDT 2007  Pekka.Pessi@nokia.com
  * test_nua: added test for sf.net bug #1803686

Mon Oct  8 10:26:31 EDT 2007  Pekka.Pessi@nokia.com
  * nua: added test for nua_prack() (sf.net bug #1804248)

  Avoid sending nua_i_state after nua_prack() if no SDP O/A is happening, too.

Mon Oct  8 10:32:04 EDT 2007  Mikhail Zabaluev <mikhail.zabaluev@nokia.com>
  * su_source.c: don t leak the wait arrays

Mon Oct  8 10:37:11 EDT 2007  Pekka.Pessi@nokia.com
  * RELEASE: updated

Wed Oct 10 11:55:21 EDT 2007  Pekka.Pessi@nokia.com
  * sip_parser.c: silenced warning about extra const in sip_extend_mclass()

Wed Oct 10 11:57:08 EDT 2007  Pekka.Pessi@nokia.com
  * nta_tag.c: updated tag documentation

Wed Oct 10 13:16:40 EDT 2007  Pekka.Pessi@nokia.com
  * nua: fix logging crash if outbound used with application contact

  Silenced warnings.

Wed Oct 10 13:30:45 EDT 2007  Pekka.Pessi@nokia.com
  * msg_parser.awk: removed extra "const"

Wed Oct 10 13:31:45 EDT 2007  Pekka.Pessi@nokia.com
  * Makefile.am's: fixed distclean of documentation



git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@5840 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2007-10-11 14:16:59 +00:00
Michael Jerris 2ecac238f3 add sofia-sip 1.12.4 (plus some patches through 12/21/2006) to in tree libs 
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@3774 d0543943-73ff-0310-b7d9-9358b9ac24b2
 2006-12-21 06:30:28 +00:00