[sr-dev] git:master:c2c3c8b5: tls: new config variable $tls(key)

Wed Nov 24 11:46:39 CET 2021

Module: kamailio
Branch: master
Commit: c2c3c8b5615294989ac81203e65df76b2a08fb02
URL: https://github.com/kamailio/kamailio/commit/c2c3c8b5615294989ac81203e65df76b2a08fb02

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2021-11-24T11:41:17+01:00

tls: new config variable $tls(key)

- return attributes related to tls communication
- first implemented keys:
  - m_subject_line - return local (my) certificate subject line
  - p_subject_line - return remote (peer) certificate subject line

---

Modified: src/modules/tls/tls_select.c

---

Diff:  https://github.com/kamailio/kamailio/commit/c2c3c8b5615294989ac81203e65df76b2a08fb02.diff
Patch: https://github.com/kamailio/kamailio/commit/c2c3c8b5615294989ac81203e65df76b2a08fb02.patch

---

diff --git a/src/modules/tls/tls_select.c b/src/modules/tls/tls_select.c
index 89b6a44b67..9a1f6b94b3 100644
--- a/src/modules/tls/tls_select.c
+++ b/src/modules/tls/tls_select.c
@@ -39,6 +39,7 @@
 #include "../../core/tcp_server.h"
 #include "../../core/tcp_conn.h"
 #include "../../core/ut.h"
+#include "../../core/pvapi.h"
 #include "../../core/cfg/cfg.h"
 #include "../../core/dprint.h"
 #include "../../core/strutils.h"
@@ -1256,8 +1257,84 @@ static int pv_tlsext_sn(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
 }
 
 
+int pv_parse_tls_name(pv_spec_p sp, str *in)
+{
+	if(sp==NULL || in==NULL || in->len<=0)
+		return -1;
+
+	switch(in->len) {
+		case 14:
+			if(strncmp(in->s, "m_subject_line", 14)==0)
+				sp->pvp.pvn.u.isname.name.n = 1000;
+			else if(strncmp(in->s, "p_subject_line", 14)==0)
+				sp->pvp.pvn.u.isname.name.n = 5000;
+			else goto error;
+		break;
+		default:
+			goto error;
+	}
+	sp->pvp.pvn.type = PV_NAME_INTSTR;
+	sp->pvp.pvn.u.isname.type = 0;
 
+	return 0;
 
+error:
+	LM_ERR("unknown PV tls name %.*s\n", in->len, in->s);
+	return -1;
+}
+
+
+int pv_get_tls(struct sip_msg *msg, pv_param_t *param,
+		pv_value_t *res)
+{
+	SSL *ssl = NULL;
+	tcp_connection_t *c = NULL;
+	X509 *cert = NULL;
+	str sv = STR_NULL;
+
+	if(msg==NULL || param==NULL) {
+		return -1;
+	}
+
+	c = get_cur_connection(msg);
+	if (c == NULL) {
+		LM_DBG("TLS connection not found\n");
+		return pv_get_null(msg, param, res);
+	}
+	ssl = get_ssl(c);
+	if (ssl == NULL) {
+		goto error;
+	}
+	cert = (param->pvn.u.isname.name.n < 5000) ? SSL_get_certificate(ssl)
+					: SSL_get_peer_certificate(ssl);
+	if (cert == NULL) {
+		if (param->pvn.u.isname.name.n < 5000) {
+			LM_ERR("Unable to retrieve my TLS certificate from SSL structure\n");
+		} else {
+			LM_ERR("Unable to retrieve peer TLS certificate from SSL structure\n");
+		}
+		goto error;
+	}
+
+	switch(param->pvn.u.isname.name.n)
+	{
+		case 1000:
+		case 5000:
+			sv.s = pv_get_buffer();
+			sv.len = pv_get_buffer_size() - 1;
+			if(X509_NAME_oneline(X509_get_subject_name(cert), sv.s, sv.len)==NULL) {
+				goto error;
+			}
+			return pv_get_strzval(msg, param, res, sv.s);
+		break;
+		default:
+			goto error;
+	}
+
+error:
+	tcpconn_put(c);
+	return pv_get_null(msg, param, res);
+}
 
 select_row_t tls_sel[] = {
 	/* Current cipher parameters */
@@ -1544,6 +1621,8 @@ pv_export_t tls_pv[] = {
 	{{"tls_peer_server_name", sizeof("tls_peer_server_name")-1},
 		PVT_OTHER, pv_tlsext_sn, 0,
 		0, 0, pv_init_iname, PV_TLSEXT_SNI },
+	{ {"tls", (sizeof("tls")-1)}, PVT_OTHER, pv_get_tls,
+		0, pv_parse_tls_name, 0, 0, 0},
 
 	{ {0, 0}, 0, 0, 0, 0, 0, 0, 0 }
 


