[sr-dev] git:master:c2c3c8b5: tls: new config variable $tls(key)
Daniel-Constantin Mierla
miconda at gmail.com
Wed Nov 24 11:46:39 CET 2021
Module: kamailio
Branch: master
Commit: c2c3c8b5615294989ac81203e65df76b2a08fb02
URL: https://github.com/kamailio/kamailio/commit/c2c3c8b5615294989ac81203e65df76b2a08fb02
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2021-11-24T11:41:17+01:00
tls: new config variable $tls(key)
- return attributes related to tls communication
- first implemented keys:
- m_subject_line - return local (my) certificate subject line
- p_subject_line - return remote (peer) certificate subject line
---
Modified: src/modules/tls/tls_select.c
---
Diff: https://github.com/kamailio/kamailio/commit/c2c3c8b5615294989ac81203e65df76b2a08fb02.diff
Patch: https://github.com/kamailio/kamailio/commit/c2c3c8b5615294989ac81203e65df76b2a08fb02.patch
---
diff --git a/src/modules/tls/tls_select.c b/src/modules/tls/tls_select.c
index 89b6a44b67..9a1f6b94b3 100644
--- a/src/modules/tls/tls_select.c
+++ b/src/modules/tls/tls_select.c
@@ -39,6 +39,7 @@
#include "../../core/tcp_server.h"
#include "../../core/tcp_conn.h"
#include "../../core/ut.h"
+#include "../../core/pvapi.h"
#include "../../core/cfg/cfg.h"
#include "../../core/dprint.h"
#include "../../core/strutils.h"
@@ -1256,8 +1257,84 @@ static int pv_tlsext_sn(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
}
+int pv_parse_tls_name(pv_spec_p sp, str *in)
+{
+ if(sp==NULL || in==NULL || in->len<=0)
+ return -1;
+
+ switch(in->len) {
+ case 14:
+ if(strncmp(in->s, "m_subject_line", 14)==0)
+ sp->pvp.pvn.u.isname.name.n = 1000;
+ else if(strncmp(in->s, "p_subject_line", 14)==0)
+ sp->pvp.pvn.u.isname.name.n = 5000;
+ else goto error;
+ break;
+ default:
+ goto error;
+ }
+ sp->pvp.pvn.type = PV_NAME_INTSTR;
+ sp->pvp.pvn.u.isname.type = 0;
+ return 0;
+error:
+ LM_ERR("unknown PV tls name %.*s\n", in->len, in->s);
+ return -1;
+}
+
+
+int pv_get_tls(struct sip_msg *msg, pv_param_t *param,
+ pv_value_t *res)
+{
+ SSL *ssl = NULL;
+ tcp_connection_t *c = NULL;
+ X509 *cert = NULL;
+ str sv = STR_NULL;
+
+ if(msg==NULL || param==NULL) {
+ return -1;
+ }
+
+ c = get_cur_connection(msg);
+ if (c == NULL) {
+ LM_DBG("TLS connection not found\n");
+ return pv_get_null(msg, param, res);
+ }
+ ssl = get_ssl(c);
+ if (ssl == NULL) {
+ goto error;
+ }
+ cert = (param->pvn.u.isname.name.n < 5000) ? SSL_get_certificate(ssl)
+ : SSL_get_peer_certificate(ssl);
+ if (cert == NULL) {
+ if (param->pvn.u.isname.name.n < 5000) {
+ LM_ERR("Unable to retrieve my TLS certificate from SSL structure\n");
+ } else {
+ LM_ERR("Unable to retrieve peer TLS certificate from SSL structure\n");
+ }
+ goto error;
+ }
+
+ switch(param->pvn.u.isname.name.n)
+ {
+ case 1000:
+ case 5000:
+ sv.s = pv_get_buffer();
+ sv.len = pv_get_buffer_size() - 1;
+ if(X509_NAME_oneline(X509_get_subject_name(cert), sv.s, sv.len)==NULL) {
+ goto error;
+ }
+ return pv_get_strzval(msg, param, res, sv.s);
+ break;
+ default:
+ goto error;
+ }
+
+error:
+ tcpconn_put(c);
+ return pv_get_null(msg, param, res);
+}
select_row_t tls_sel[] = {
/* Current cipher parameters */
@@ -1544,6 +1621,8 @@ pv_export_t tls_pv[] = {
{{"tls_peer_server_name", sizeof("tls_peer_server_name")-1},
PVT_OTHER, pv_tlsext_sn, 0,
0, 0, pv_init_iname, PV_TLSEXT_SNI },
+ { {"tls", (sizeof("tls")-1)}, PVT_OTHER, pv_get_tls,
+ 0, pv_parse_tls_name, 0, 0, 0},
{ {0, 0}, 0, 0, 0, 0, 0, 0, 0 }
More information about the sr-dev
mailing list