<!-- Kamailio Pull Request Template -->
<!-- IMPORTANT: - for detailed contributing guidelines, read: https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md - pull requests must be done to master branch, unless they are backports of fixes from master branch to a stable branch - backports to stable branches must be done with 'git cherry-pick -x ...' - code is contributed under BSD for core and main components (tm, sl, auth, tls) - code is contributed GPLv2 or a compatible license for the other components - GPL code is contributed with OpenSSL licensing exception -->
#### Pre-Submission Checklist <!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply --> <!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above--> <!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list --> - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change - [x] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist: <!-- Go over all points below, and after creating the PR, tick the checkboxes that apply --> - [ ] PR should be backported to stable branches - [x] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
fix wrong connections reuse in tls_connection_match_domain=yes mode and add test for it
* change related places for tls and tls_wolfssl modules * fix protocol checking in _tcpconn_find * add test/unit/62.sh
test/unit/62.sh execution time: ``` test/unit$ time make run UNIT=62.sh Run test 62: checks tls_connection_match_domain=yes creates new connection to the same dst ip:port for another tls domain Test unit file 62.sh: ok
real 0m1.191s user 0m0.048s sys 0m0.019s ```
was wrongly reusing the same TLS connection even between different TLS domains because: * invalid proto check in _tcpconn_find was skipping tls hook match_domain when it called with proto:0 * passing connection ptr to the get_tls_domain_str in tls_h_match_domain_f was causing tls_get_connect_server_name,tls_get_connect_server_id to check connection against itself instead of XAVPs lookup for the new connection context You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/4676?email_source=notifications&am...
-- Commit Summary --
* tls: fix tls_h_match_domain_f connection matching * tls_wolfssl: fix tls_h_match_domain_f connection matching * core: _tcpconn_find: fix protocol checking for tls_connection_match_domain * test: add unit/62.sh for tls_connection_match_domain=yes
-- File Changes --
M src/core/tcp_main.c (2) M src/modules/tls/tls_server.c (4) M src/modules/tls_wolfssl/tls_server.c (4) A test/unit/62.cfg (37) A test/unit/62.sh (131) A test/unit/62_tls.cfg (11)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/4676.patch?email_source=notificati...
miconda left a comment (kamailio/kamailio#4676)
Thanks for this PR, I will review the code changes. One thing at this moment: can you adapt and create the test unit in the repository:
- https://github.com/kamailio/kamailio-tests
The ones in the source code are no longer maintained, they should be moved to archive.
@furmur pushed 0 commits.
furmur left a comment (kamailio/kamailio#4676)
* rm commit with unit test * mv it to kamailio-tests: https://github.com/kamailio/kamailio-tests/pull/21
miconda left a comment (kamailio/kamailio#4676)
Thanks!
Merged #4676 into master.
-
Daniel-Constantin Mierla -
Michael Furmur