[sr-dev] git:master:fc7239b6: tls: add support for unique identifier PVs and select (GH #1843)
Henning Westerholt
hw at kamailio.org
Sun Feb 10 14:36:10 CET 2019
Module: kamailio
Branch: master
Commit: fc7239b6cc171b9c1dc5d25f9aa1b759651996c3
URL: https://github.com/kamailio/kamailio/commit/fc7239b6cc171b9c1dc5d25f9aa1b759651996c3
Author: Henning Westerholt <hw at kamailio.org>
Committer: Henning Westerholt <hw at kamailio.org>
Date: 2019-02-10T14:30:45+01:00
tls: add support for unique identifier PVs and select (GH #1843)
- add support for unique identifier PVs and select, related to issue GH #1843
- new PVs: $tls_peer_subject_uid and $tls_my_subject_uid
- new selects: uid, uniqueIdentifier and unique_identifier
---
Modified: src/modules/tls/tls_select.c
---
Diff: https://github.com/kamailio/kamailio/commit/fc7239b6cc171b9c1dc5d25f9aa1b759651996c3.diff
Patch: https://github.com/kamailio/kamailio/commit/fc7239b6cc171b9c1dc5d25f9aa1b759651996c3.patch
---
diff --git a/src/modules/tls/tls_select.c b/src/modules/tls/tls_select.c
index ba765ff755..60c5307370 100644
--- a/src/modules/tls/tls_select.c
+++ b/src/modules/tls/tls_select.c
@@ -68,6 +68,7 @@ enum {
COMP_URI, /* URI from subject/alternative */
COMP_E, /* Email address */
COMP_IP, /* IP from subject/alternative */
+ COMP_UI, /* Unique identifier */
TLSEXT_SN /* Server name of the peer */
};
@@ -96,8 +97,9 @@ enum {
PV_COMP_URI = 1<<17, /* URI from subject/alternative */
PV_COMP_E = 1<<18, /* Email address */
PV_COMP_IP = 1<<19, /* IP from subject/alternative */
+ PV_COMP_UI = 1<<20, /* Unique identifier */
- PV_TLSEXT_SNI = 1<<20, /* Peer's server name (TLS extension) */
+ PV_TLSEXT_SNI = 1<<21, /* Peer's server name (TLS extension) */
};
@@ -712,6 +714,7 @@ static int get_comp(str* res, int local, int issuer, int nid, sip_msg_t* msg)
case NID_countryName: elem = "CountryName"; break;
case NID_stateOrProvinceName: elem = "StateOrProvinceName"; break;
case NID_localityName: elem = "LocalityName"; break;
+ case NID_x500UniqueIdentifier: elem = "UniqueIdentifier"; break;
default: elem = "Unknown"; break;
}
DBG("Element %s not found in certificate subject/issuer\n", elem);
@@ -759,6 +762,7 @@ static int sel_comp(str* res, select_t* s, sip_msg_t* msg)
case COMP_C: nid = NID_countryName; break;
case COMP_ST: nid = NID_stateOrProvinceName; break;
case COMP_L: nid = NID_localityName; break;
+ case COMP_UI: nid = NID_x500UniqueIdentifier; break;
default:
BUG("Bug in sel_comp: %d\n", s->params[s->n - 1].v.i);
return -1;
@@ -806,6 +810,7 @@ static int pv_comp(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
case PV_COMP_C: nid = NID_countryName; break;
case PV_COMP_ST: nid = NID_stateOrProvinceName; break;
case PV_COMP_L: nid = NID_localityName; break;
+ case PV_COMP_UI: nid = NID_x500UniqueIdentifier; break;
default: nid = NID_undef;
}
@@ -1132,6 +1137,10 @@ select_row_t tls_sel[] = {
{ sel_name, SEL_PARAM_STR, STR_STATIC_INIT("organizational_unit_name"), sel_comp, DIVERSION | COMP_OU},
{ sel_name, SEL_PARAM_STR, STR_STATIC_INIT("unit"), sel_comp, DIVERSION | COMP_OU},
+ { sel_name, SEL_PARAM_STR, STR_STATIC_INIT("uid"), sel_comp, DIVERSION | COMP_UI},
+ { sel_name, SEL_PARAM_STR, STR_STATIC_INIT("uniqueIdentifier"), sel_comp, DIVERSION | COMP_UI},
+ { sel_name, SEL_PARAM_STR, STR_STATIC_INIT("unique_identifier"), sel_comp, DIVERSION | COMP_UI},
+
{ NULL, SEL_PARAM_INT, STR_NULL, NULL, 0}
};
@@ -1251,6 +1260,13 @@ pv_export_t tls_pv[] = {
{{"tls_my_issuer_unit", sizeof("tls_my_issuer_unit")-1},
PVT_OTHER, pv_comp, 0,
0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_ISSUER | PV_COMP_OU },
+ /* unique identifier for peer and local */
+ {{"tls_peer_subject_uid", sizeof("tls_peer_subject_uid")-1},
+ PVT_OTHER, pv_comp, 0,
+ 0, 0, pv_init_iname, PV_CERT_PEER | PV_CERT_SUBJECT | PV_COMP_UI },
+ {{"tls_my_subject_uid", sizeof("tls_my_subject_uid")-1},
+ PVT_OTHER, pv_comp, 0,
+ 0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_UI },
/* subject alternative name parameters for peer and local */
{{"tls_peer_san_email", sizeof("tls_peer_san_email")-1},
PVT_OTHER, pv_alt, 0,
More information about the sr-dev
mailing list