Browse code

Exporting TLS module functions through the pseudo-variable interface

This patch adds pseudo-variable related function from kamailio, these
function work on top of the generic functions in tls_select.c

Jan Janak authored on 27/03/2009 17:12:12
Showing 2 changed files
... ...
@@ -5,7 +5,8 @@
5 5
  *
6 6
  * Copyright (C) 2001-2003 FhG FOKUS
7 7
  * Copyright (C) 2004,2005 Free Software Foundation, Inc.
8
- * COpyright (C) 2005 iptelorg GmbH
8
+ * Copyright (C) 2005 iptelorg GmbH
9
+ * Copyright (C) 2006 enum.at
9 10
  *
10 11
  * This file is part of ser, a free SIP server.
11 12
  *
... ...
@@ -64,6 +65,38 @@ enum {
64 65
 };
65 66
 
66 67
 
68
+enum {
69
+	PV_CERT_LOCAL      = 1<<0,   /* Select local certificate */
70
+	PV_CERT_PEER       = 1<<1,   /* Select peer certificate */
71
+	PV_CERT_SUBJECT    = 1<<2,   /* Select subject part of certificate */
72
+	PV_CERT_ISSUER     = 1<<3,   /* Select issuer part of certificate */
73
+
74
+	PV_CERT_VERIFIED   = 1<<4,   /* Test for verified certificate */
75
+	PV_CERT_REVOKED    = 1<<5,   /* Test for revoked certificate */
76
+	PV_CERT_EXPIRED    = 1<<6,   /* Expiration certificate test */
77
+	PV_CERT_SELFSIGNED = 1<<7,   /* self-signed certificate test */
78
+	PV_CERT_NOTBEFORE  = 1<<8,   /* Select validity end from certificate */
79
+	PV_CERT_NOTAFTER   = 1<<9,   /* Select validity start from certificate */
80
+
81
+	PV_COMP_CN = 1<<10,          /* Common name */
82
+	PV_COMP_O  = 1<<11,          /* Organization name */
83
+	PV_COMP_OU = 1<<12,          /* Organization unit */
84
+	PV_COMP_C  = 1<<13,          /* Country name */
85
+	PV_COMP_ST = 1<<14,          /* State */
86
+	PV_COMP_L  = 1<<15,          /* Locality/town */
87
+
88
+	PV_COMP_HOST = 1<<16,        /* hostname from subject/alternative */
89
+	PV_COMP_URI  = 1<<17,        /* URI from subject/alternative */
90
+	PV_COMP_E    = 1<<18,        /* Email address */
91
+	PV_COMP_IP   = 1<<19,        /* IP from subject/alternative */
92
+
93
+	PV_TLSEXT_SNI = 1<<20,       /* Peer's server name (TLS extension) */
94
+};
95
+
96
+
97
+
98
+
99
+
67 100
 struct tcp_connection* get_cur_connection(struct sip_msg* msg)
68 101
 {
69 102
 	struct tcp_connection* c;
... ...
@@ -160,7 +193,14 @@ static int sel_cipher(str* res, select_t* s, sip_msg_t* msg)
160 193
 }
161 194
 
162 195
 
163
-
196
+static int pv_cipher(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
197
+{
198
+	if (get_cipher(&res->rs, msg) < 0) {
199
+		return pv_get_null(msg, param, res);
200
+	}
201
+	res->flags = PV_VAL_STR;
202
+	return 0;
203
+}
164 204
 
165 205
 
166 206
 static int get_bits(str* res, int* i, sip_msg_t* msg) 
... ...
@@ -204,6 +244,14 @@ static int sel_bits(str* res, select_t* s, sip_msg_t* msg)
204 244
 	return get_bits(res, NULL, msg);
205 245
 }
206 246
 
247
+static int pv_bits(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
248
+{
249
+	if (get_bits(&res->rs, &res->ri, msg) < 0) {
250
+		return pv_get_null(msg, param, res);
251
+	}
252
+	res->flags = PV_VAL_STR | PV_VAL_INT;
253
+	return 0;
254
+}
207 255
 
208 256
 
209 257
 static int get_version(str* res, sip_msg_t* msg)
... ...
@@ -246,6 +294,17 @@ static int sel_version(str* res, select_t* s, sip_msg_t* msg)
246 294
 }
247 295
 
248 296
 
297
+static int pv_version(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
298
+{
299
+	if (get_version(&res->rs, msg) < 0) {
300
+		return pv_get_null(msg, param, res);
301
+	}
302
+	res->flags = PV_VAL_STR;
303
+	return 0;
304
+}
305
+
306
+
307
+
249 308
 static int get_desc(str* res, sip_msg_t* msg)
250 309
 {
251 310
 	static char buf[128];
... ...
@@ -279,6 +338,16 @@ static int sel_desc(str* res, select_t* s, sip_msg_t* msg)
279 338
 	return get_desc(res, msg);
280 339
 }
281 340
 
341
+static int pv_desc(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
342
+{
343
+	if (get_desc(&res->rs, msg) < 0) {
344
+		return pv_get_null(msg, param, res);
345
+	}
346
+	res->flags = PV_VAL_STR;
347
+	return 0;
348
+}
349
+
350
+
282 351
 
283 352
 static int get_cert_version(str* res, int local, sip_msg_t* msg)
284 353
 {
... ...
@@ -311,6 +380,26 @@ static int sel_cert_version(str* res, select_t* s, sip_msg_t* msg)
311 380
 	return get_cert_version(res, local, msg);
312 381
 }
313 382
 
383
+static int pv_cert_version(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
384
+{
385
+	int local;
386
+	
387
+	if (param->pvn.u.isname.name.n & PV_CERT_PEER) {
388
+		local = 0;
389
+	} else if (param->pvn.u.isname.name.n & PV_CERT_LOCAL) {
390
+		local = 1;
391
+	} else {
392
+		BUG("bug in call to pv_cert_version\n");
393
+		return pv_get_null(msg, param, res);
394
+	}
395
+
396
+	if (get_cert_version(&res->rs, local, msg) < 0) {
397
+		return pv_get_null(msg, param, res);
398
+	}
399
+	res->flags = PV_VAL_STR;
400
+	return 0;
401
+}
402
+
314 403
 
315 404
 
316 405
 /*
... ...
@@ -381,6 +470,30 @@ static int sel_check_cert(str* res, select_t* s, sip_msg_t* msg)
381 470
 	return check_cert(res, NULL, local, err, msg);
382 471
 }
383 472
 
473
+static int pv_check_cert(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
474
+{
475
+	int err;
476
+	
477
+	switch (param->pvn.u.isname.name.n) {
478
+	case PV_CERT_VERIFIED:   err = X509_V_OK;                              break;
479
+	case PV_CERT_REVOKED:    err = X509_V_ERR_CERT_REVOKED;                break;
480
+	case PV_CERT_EXPIRED:    err = X509_V_ERR_CERT_HAS_EXPIRED;            break;
481
+	case PV_CERT_SELFSIGNED: err = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; break;
482
+	default:
483
+		BUG("unexpected parameter value \"%d\"\n", param->pvn.u.isname.name.n);
484
+		return pv_get_null(msg, param, res);
485
+	}
486
+	
487
+
488
+	if (check_cert(&res->rs, &res->ri, 0, err, msg) < 0) {
489
+		return pv_get_null(msg, param, res);
490
+	}
491
+
492
+	res->flags = PV_VAL_STR | PV_VAL_INT;
493
+	return 0;
494
+}
495
+
496
+
384 497
 
385 498
 
386 499
 static int get_validity(str* res, int local, int bound, sip_msg_t* msg)
... ...
@@ -459,6 +572,26 @@ static int sel_validity(str* res, select_t* s, sip_msg_t* msg)
459 572
 }
460 573
 
461 574
 
575
+static int pv_validity(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
576
+{
577
+	int bound;
578
+	
579
+	switch (param->pvn.u.isname.name.n) {
580
+	case PV_CERT_NOTBEFORE: bound = NOT_BEFORE; break;
581
+	case PV_CERT_NOTAFTER:  bound = NOT_AFTER;  break;
582
+	default:
583
+		BUG("unexpected parameter value \"%d\"\n", param->pvn.u.isname.name.n);
584
+		return pv_get_null(msg, param, res);
585
+	}
586
+
587
+	if (get_validity(&res->rs, 0, bound, msg) < 0) {
588
+		return pv_get_null(msg, param, res);
589
+	}
590
+	
591
+	res->flags = PV_VAL_STR;
592
+	return 0;
593
+}
594
+
462 595
 
463 596
 static int get_sn(str* res, int* ires, int local, sip_msg_t* msg)
464 597
 {
... ...
@@ -496,6 +629,29 @@ static int sel_sn(str* res, select_t* s, sip_msg_t* msg)
496 629
 }
497 630
 
498 631
 
632
+static int pv_sn(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
633
+{
634
+	int local;
635
+	
636
+	if (param->pvn.u.isname.name.n & PV_CERT_PEER) {
637
+		local = 0;
638
+	} else if (param->pvn.u.isname.name.n & PV_CERT_LOCAL) {
639
+		local = 1;
640
+	} else {
641
+		BUG("could not determine certificate\n");
642
+		return pv_get_null(msg, param, res);
643
+	}
644
+	
645
+	if (get_sn(&res->rs, &res->ri, local, msg) < 0) {
646
+		return pv_get_null(msg, param, res);
647
+	}
648
+	
649
+	res->flags = PV_VAL_STR | PV_VAL_INT;
650
+	return 0;
651
+}
652
+
653
+
654
+
499 655
 static int get_comp(str* res, int local, int issuer, int nid, sip_msg_t* msg)
500 656
 {
501 657
 	static char buf[1024];
... ...
@@ -584,6 +740,54 @@ static int sel_comp(str* res, select_t* s, sip_msg_t* msg)
584 740
 }
585 741
 
586 742
 
743
+static int pv_comp(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
744
+{
745
+	int ind_local, local = 0, issuer = 0, nid = NID_commonName;
746
+
747
+	/* copy callback value as we modify it */
748
+	ind_local = param->pvn.u.isname.name.n;	
749
+	DBG("ind_local = %x", ind_local);
750
+
751
+	if (ind_local & PV_CERT_PEER) {
752
+		local = 0;
753
+		ind_local = ind_local ^ PV_CERT_PEER;
754
+	} else if (ind_local & PV_CERT_LOCAL) {
755
+		local = 1;
756
+		ind_local = ind_local ^ PV_CERT_LOCAL;
757
+	} else {
758
+		BUG("could not determine certificate\n");
759
+		return pv_get_null(msg, param, res);
760
+	}
761
+
762
+	if (ind_local & PV_CERT_SUBJECT) {
763
+		issuer = 0;
764
+		ind_local = ind_local ^ PV_CERT_SUBJECT;
765
+	} else if (ind_local & PV_CERT_ISSUER) {
766
+		issuer = 1;
767
+		ind_local = ind_local ^ PV_CERT_ISSUER;
768
+	} else {
769
+		BUG("could not determine subject or issuer\n");
770
+		return pv_get_null(msg, param, res);
771
+	}
772
+
773
+	switch(ind_local) {
774
+		case PV_COMP_CN: nid = NID_commonName;             break;
775
+		case PV_COMP_O:  nid = NID_organizationName;       break;
776
+		case PV_COMP_OU: nid = NID_organizationalUnitName; break;
777
+		case PV_COMP_C:  nid = NID_countryName;            break;
778
+		case PV_COMP_ST: nid = NID_stateOrProvinceName;    break;
779
+		case PV_COMP_L:  nid = NID_localityName;           break;
780
+		default:      nid = NID_undef;
781
+	}
782
+
783
+	if (get_comp(&res->rs, local, issuer, nid, msg) < 0) {
784
+		return pv_get_null(msg, param, res);
785
+	}
786
+
787
+	res->flags = PV_VAL_STR;
788
+	return 0;
789
+}
790
+
587 791
 
588 792
 static int get_alt(str* res, int local, int type, sip_msg_t* msg)
589 793
 {
... ...
@@ -673,6 +877,41 @@ static int sel_alt(str* res, select_t* s, sip_msg_t* msg)
673 877
 }
674 878
 
675 879
 
880
+static int pv_alt(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
881
+{
882
+	int ind_local, local = 0, type = GEN_URI;
883
+	
884
+	ind_local = param->pvn.u.isname.name.n;
885
+
886
+	if (ind_local & PV_CERT_PEER) {
887
+		local = 0;
888
+		ind_local = ind_local ^ PV_CERT_PEER;
889
+	} else if (ind_local & PV_CERT_LOCAL) {
890
+		local = 1;
891
+		ind_local = ind_local ^ PV_CERT_LOCAL;
892
+	} else {
893
+		BUG("could not determine certificate\n");
894
+		return pv_get_null(msg, param, res);
895
+	}
896
+
897
+	switch(ind_local) {
898
+		case PV_COMP_E:    type = GEN_EMAIL; break;
899
+		case PV_COMP_HOST: type = GEN_DNS;   break;
900
+		case PV_COMP_URI:  type = GEN_URI;   break;
901
+		case PV_COMP_IP:   type = GEN_IPADD; break;
902
+		default:
903
+			BUG("ind_local=%d\n", ind_local);
904
+			return pv_get_null(msg, param, res);
905
+	}
906
+
907
+	if (get_alt(&res->rs, local, type, msg) < 0) {
908
+		return pv_get_null(msg, param, res);
909
+	}
910
+	
911
+	res->flags = PV_VAL_STR;
912
+	return 0;
913
+}
914
+
676 915
 
677 916
 static int sel_tls(str* res, select_t* s, struct sip_msg* msg)
678 917
 {
... ...
@@ -759,6 +998,24 @@ static int sel_tlsext_sn(str* res, select_t* s, sip_msg_t* msg)
759 998
 }
760 999
 
761 1000
 
1001
+static int pv_tlsext_sn(sip_msg_t* msg, pv_param_t* param, pv_value_t* res)
1002
+{
1003
+	if (param->pvn.u.isname.name.n != PV_TLSEXT_SNI) {
1004
+		BUG("unexpected parameter value \"%d\"\n",
1005
+			param->pvn.u.isname.name.n);
1006
+		return pv_get_null(msg, param, res);
1007
+	}
1008
+	
1009
+	if (get_tlsext_sn(&res->rs, msg) < 0) {
1010
+		return pv_get_null(msg, param, res);
1011
+	}
1012
+	
1013
+	res->flags = PV_VAL_STR;
1014
+	return 0;
1015
+}
1016
+
1017
+
1018
+
762 1019
 
763 1020
 
764 1021
 select_row_t tls_sel[] = {
... ...
@@ -848,3 +1105,172 @@ select_row_t tls_sel[] = {
848 1105
 
849 1106
 	{ NULL, SEL_PARAM_INT, STR_NULL, NULL, 0}
850 1107
 };
1108
+
1109
+
1110
+/*
1111
+ *  pseudo variables
1112
+ */
1113
+pv_export_t tls_pv[] = {
1114
+	/* TLS session parameters */
1115
+	{{"tls_version", sizeof("tls_version")-1},
1116
+		PVT_OTHER, pv_version, 0,
1117
+		0, 0, 0, 0 },
1118
+	{{"tls_description", sizeof("tls_description")-1},
1119
+		PVT_OTHER, pv_desc, 0,
1120
+		0, 0, 0, 0 },
1121
+	{{"tls_cipher_info", sizeof("tls_cipher_info")-1},
1122
+		PVT_OTHER, pv_cipher, 0,
1123
+		0, 0, 0, 0 },
1124
+	{{"tls_cipher_bits", sizeof("tls_cipher_bits")-1},
1125
+		PVT_OTHER,  pv_bits, 0,
1126
+		0, 0, 0, 0 },
1127
+	/* general certificate parameters for peer and local */
1128
+	{{"tls_peer_version", sizeof("tls_peer_version")-1},
1129
+		PVT_OTHER, pv_cert_version, 0,
1130
+		0, 0, pv_init_iname, PV_CERT_PEER  },
1131
+	{{"tls_my_version", sizeof("tls_my_version")-1},
1132
+		PVT_OTHER, pv_cert_version, 0,
1133
+		0, 0, pv_init_iname, PV_CERT_LOCAL },
1134
+	{{"tls_peer_serial", sizeof("tls_peer_serial")-1},
1135
+		PVT_OTHER, pv_sn, 0,
1136
+		0, 0, pv_init_iname, PV_CERT_PEER  },
1137
+	{{"tls_my_serial", sizeof("tls_my_serial")-1},
1138
+		PVT_OTHER, pv_sn,0,
1139
+		0, 0, pv_init_iname, PV_CERT_LOCAL },
1140
+	/* certificate parameters for peer and local, for subject and issuer*/	
1141
+	{{"tls_peer_subject", sizeof("tls_peer_subject")-1},
1142
+		PVT_OTHER, pv_comp, 0,
1143
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_SUBJECT },
1144
+	{{"tls_peer_issuer", sizeof("tls_peer_issuer")-1},
1145
+		PVT_OTHER, pv_comp, 0,
1146
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_ISSUER  },
1147
+	{{"tls_my_subject", sizeof("tls_my_subject")-1},
1148
+		PVT_OTHER, pv_comp, 0,
1149
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT },
1150
+	{{"tls_my_issuer", sizeof("tls_my_issuer")-1},
1151
+		PVT_OTHER, pv_comp, 0,
1152
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_ISSUER  },
1153
+	{{"tls_peer_subject_cn", sizeof("tls_peer_subject_cn")-1},
1154
+		PVT_OTHER, pv_comp, 0,
1155
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_SUBJECT | PV_COMP_CN },
1156
+	{{"tls_peer_issuer_cn", sizeof("tls_peer_issuer_cn")-1},
1157
+		PVT_OTHER, pv_comp, 0,
1158
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_ISSUER  | PV_COMP_CN },
1159
+	{{"tls_my_subject_cn", sizeof("tls_my_subject_cn")-1},
1160
+		PVT_OTHER, pv_comp, 0,
1161
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_CN },
1162
+	{{"tls_my_issuer_cn", sizeof("tls_my_issuer_cn")-1},
1163
+		PVT_OTHER, pv_comp, 0,
1164
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_ISSUER  | PV_COMP_CN },
1165
+	{{"tls_peer_subject_locality", sizeof("tls_peer_subject_locality")-1},
1166
+		PVT_OTHER, pv_comp, 0,
1167
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_SUBJECT | PV_COMP_L },
1168
+	{{"tls_peer_issuer_locality", sizeof("tls_peer_issuer_locality")-1},
1169
+		PVT_OTHER, pv_comp, 0,
1170
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_ISSUER  | PV_COMP_L },
1171
+	{{"tls_my_subject_locality", sizeof("tls_my_subject_locality")-1},
1172
+		PVT_OTHER, pv_comp, 0,
1173
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_L },
1174
+	{{"tls_my_issuer_locality", sizeof("tls_my_issuer_locality")-1},
1175
+		PVT_OTHER, pv_comp, 0,
1176
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_ISSUER  | PV_COMP_L },
1177
+	{{"tls_peer_subject_country", sizeof("tls_peer_subject_country")-1},
1178
+		PVT_OTHER, pv_comp, 0,
1179
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_SUBJECT | PV_COMP_C },
1180
+	{{"tls_peer_issuer_country", sizeof("tls_peer_issuer_country")-1},
1181
+		PVT_OTHER, pv_comp, 0,
1182
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_ISSUER  | PV_COMP_C },
1183
+	{{"tls_my_subject_country", sizeof("tls_my_subject_country")-1},
1184
+		PVT_OTHER, pv_comp, 0,
1185
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_C },
1186
+	{{"tls_my_issuer_country", sizeof("tls_my_issuer_country")-1},
1187
+		PVT_OTHER, pv_comp, 0,
1188
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_ISSUER  | PV_COMP_C },
1189
+	{{"tls_peer_subject_state", sizeof("tls_peer_subject_state")-1},
1190
+		PVT_OTHER, pv_comp, 0,
1191
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_SUBJECT | PV_COMP_ST },
1192
+	{{"tls_peer_issuer_state", sizeof("tls_peer_issuer_state")-1},
1193
+		PVT_OTHER, pv_comp, 0,
1194
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_ISSUER  | PV_COMP_ST },
1195
+	{{"tls_my_subject_state", sizeof("tls_my_subject_state")-1},
1196
+		PVT_OTHER, pv_comp, 0,
1197
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_ST },
1198
+	{{"tls_my_issuer_state", sizeof("tls_my_issuer_state")-1},
1199
+		PVT_OTHER, pv_comp, 0,
1200
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_ISSUER  | PV_COMP_ST },
1201
+	{{"tls_peer_subject_organization", sizeof("tls_peer_subject_organization")-1},
1202
+		PVT_OTHER, pv_comp, 0,
1203
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_SUBJECT | PV_COMP_O },
1204
+	{{"tls_peer_issuer_organization", sizeof("tls_peer_issuer_organization")-1},
1205
+		PVT_OTHER, pv_comp, 0,
1206
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_ISSUER  | PV_COMP_O },
1207
+	{{"tls_my_subject_organization", sizeof("tls_my_subject_organization")-1},
1208
+		PVT_OTHER, pv_comp, 0,
1209
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_O },
1210
+	{{"tls_my_issuer_organization", sizeof("tls_my_issuer_organization")-1},
1211
+		PVT_OTHER, pv_comp, 0,
1212
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_ISSUER  | PV_COMP_O },
1213
+	{{"tls_peer_subject_unit", sizeof("tls_peer_subject_unit")-1},
1214
+		PVT_OTHER, pv_comp, 0,
1215
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_SUBJECT | PV_COMP_OU },
1216
+	{{"tls_peer_issuer_unit", sizeof("tls_peer_issuer_unit")-1},
1217
+		PVT_OTHER, pv_comp, 0,
1218
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_CERT_ISSUER  | PV_COMP_OU },
1219
+	{{"tls_my_subject_unit", sizeof("tls_my_subject_unit")-1},
1220
+		PVT_OTHER, pv_comp, 0,
1221
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_OU },
1222
+	{{"tls_my_issuer_unit", sizeof("tls_my_issuer_unit")-1},
1223
+		PVT_OTHER, pv_comp, 0,
1224
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_ISSUER  | PV_COMP_OU },
1225
+	/* subject alternative name parameters for peer and local */	
1226
+	{{"tls_peer_san_email", sizeof("tls_peer_san_email")-1},
1227
+		PVT_OTHER, pv_alt, 0,
1228
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_COMP_E },
1229
+	{{"tls_my_san_email", sizeof("tls_my_san_email")-1},
1230
+		PVT_OTHER, pv_alt, 0,
1231
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_COMP_E },
1232
+	{{"tls_peer_san_hostname", sizeof("tls_peer_san_hostname")-1},
1233
+		PVT_OTHER, pv_alt, 0,
1234
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_COMP_HOST },
1235
+	{{"tls_my_san_hostname", sizeof("tls_my_san_hostname")-1},
1236
+		PVT_OTHER, pv_alt, 0,
1237
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_COMP_HOST },
1238
+	{{"tls_peer_san_uri", sizeof("tls_peer_san_uri")-1},
1239
+		PVT_OTHER, pv_alt, 0,
1240
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_COMP_URI },
1241
+	{{"tls_my_san_uri", sizeof("tls_my_san_uri")-1},
1242
+		PVT_OTHER, pv_alt, 0,
1243
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_COMP_URI },
1244
+	{{"tls_peer_san_ip", sizeof("tls_peer_san_ip")-1},
1245
+		PVT_OTHER, pv_alt, 0,
1246
+		0, 0, pv_init_iname, PV_CERT_PEER  | PV_COMP_IP },
1247
+	{{"tls_my_san_ip", sizeof("tls_my_san_ip")-1},
1248
+		PVT_OTHER, pv_alt, 0,
1249
+		0, 0, pv_init_iname, PV_CERT_LOCAL | PV_COMP_IP },
1250
+	/* peer certificate validation parameters */		
1251
+	{{"tls_peer_verified", sizeof("tls_peer_verified")-1},
1252
+		PVT_OTHER, pv_check_cert, 0,
1253
+		0, 0, pv_init_iname, PV_CERT_VERIFIED },
1254
+	{{"tls_peer_revoked", sizeof("tls_peer_revoked")-1},
1255
+		PVT_OTHER, pv_check_cert, 0,
1256
+		0, 0, pv_init_iname, PV_CERT_REVOKED },
1257
+	{{"tls_peer_expired", sizeof("tls_peer_expired")-1},
1258
+		PVT_OTHER, pv_check_cert, 0,
1259
+		0, 0, pv_init_iname, PV_CERT_EXPIRED },
1260
+	{{"tls_peer_selfsigned", sizeof("tls_peer_selfsigned")-1},
1261
+		PVT_OTHER, pv_check_cert, 0,
1262
+		0, 0, pv_init_iname, PV_CERT_SELFSIGNED },
1263
+	{{"tls_peer_notBefore", sizeof("tls_peer_notBefore")-1},
1264
+		PVT_OTHER, pv_validity, 0,
1265
+		0, 0, pv_init_iname, PV_CERT_NOTBEFORE },
1266
+	{{"tls_peer_notAfter", sizeof("tls_peer_notAfter")-1},
1267
+		PVT_OTHER, pv_validity, 0,
1268
+		0, 0, pv_init_iname, PV_CERT_NOTAFTER },
1269
+	/* peer certificate validation parameters */		
1270
+	{{"tls_peer_server_name", sizeof("tls_peer_server_name")-1},
1271
+		PVT_OTHER, pv_tlsext_sn, 0,
1272
+		0, 0, pv_init_iname, PV_TLSEXT_SNI },
1273
+
1274
+	{ {0, 0}, 0, 0, 0, 0, 0, 0, 0 }
1275
+
1276
+}; 
... ...
@@ -5,7 +5,8 @@
5 5
  *
6 6
  * Copyright (C) 2001-2003 FhG FOKUS
7 7
  * Copyright (C) 2004,2005 Free Software Foundation, Inc.
8
- * COpyright (C) 2005,2006 iptelorg GmbH
8
+ * Copyright (C) 2005,2006 iptelorg GmbH
9
+ * Copyright (C) 2006 enum.at
9 10
  *
10 11
  * This file is part of ser, a free SIP server.
11 12
  *
... ...
@@ -33,7 +34,10 @@
33 34
 #define _TLS_SELECT_H
34 35
 
35 36
 #include "../../select.h"
37
+#include "../../pvar.h"
36 38
 
37 39
 extern select_row_t tls_sel[];
38 40
 
41
+extern pv_export_t tls_pv[];
42
+
39 43
 #endif /* _TLS_SELECT_H */