38dabb3635
* TLS Subject Checking in tport
sofia-sip/tport.h:
* tport_delivered_from_subjects() returns type (su_strlst_t const *)
* Export tport_subject_search()
sofia-sip/tport_tag.h + tport_tag.c:
* Remove TPTAG_TLS_VERIFY_PEER()
- Depreciated. Use TPTAG_TLS_VERIFY_POLICY instead.
- Binary Compatibility is preserved.
* Add TPTAG_TLS_VERIFY_POLICY()
- tport can verify incoming and/or outgoing connections, using:
1) Certificate Signatures only - or -
2) Certificate Signatures and Certificate Subjects
* Add TPTAG_TLS_VERIFY_DEPTH()
- Restrict certificate chain verification to a set length.
* Add TPTAG_TLS_VERIFY_DATE()
- Disable notBefore/notAfter checking (application: embedded devices)
* Add TPTAG_TLS_VERIFY_SUBJECTS()
- Incoming connections must present client certificates with subjects
that match an item in this list.
- Intended Use: Proxy Authentication
* Replaced TPTAG_TRUSTED() with TPTAG_X509_SUBJECT()
- Commented out for future use.
- Intended Use: SIP User Identities in Server Certificates.
* Add appropriate doxygen documentation.
tport.c
* Add tport_subject_search()
- Subject can be a hostname, IP Address, or a URI.
- Valid subject examples include:
example.com
alice@example.com
sip:alice@example.com
sips:alice@example.com
* tport_by_addrinfo() matches tpn_canon against the subject list
of reusable TLS connections.
tport_tls.h:
* Add tls_init_secondary()
* Remove tls_init_slave() & tls_init_client()
tport_tls.c:
* tls_verify_cb() supports TPTAG_TLS_VERIFY_DATE()
* tls_post_connection_check() verifies certificate subjects.
* tls_init_secondary()
- Replaces tls_init_slave(), tls_init_client(), and tls_clone().
tport_type_tls.c:
* Removed erroneous reference to tport_tls_deliver()
* Fix a memory leak caused by duplicate calls to tls_clone().
* Populate the (tport_t *)->tp_subjects field with peer certificate data for
new secondary connections.
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11830 d0543943-73ff-0310-b7d9-9358b9ac24b2
|
||
|---|---|---|
| build | ||
| cmake_modules | ||
| conf | ||
| debian | ||
| docs | ||
| dtd | ||
| freeswitch.xcodeproj | ||
| htdocs | ||
| libs | ||
| scripts | ||
| src | ||
| support-d | ||
| w32 | ||
| CMakeLists.txt | ||
| Freeswitch.2005.unsupported.sln | ||
| Freeswitch.2008.express.sln | ||
| Freeswitch.2008.sln | ||
| INSTALL | ||
| Makefile.am | ||
| acinclude.m4 | ||
| bootstrap.sh | ||
| configure.in | ||
| freeswitch.spec | ||