Browse code

secsipid: make it possible to verify certificate

- follow the specs relate to verification
- allow to set the level of certification via upstream library options

Daniel-Constantin Mierla authored on 12/04/2021 05:54:24
Showing 2 changed files
... ...
@@ -30,6 +30,7 @@
30 30
 #include "../../core/dprint.h"
31 31
 #include "../../core/mod_fix.h"
32 32
 #include "../../core/data_lump.h"
33
+#include "../../core/str_list.h"
33 34
 #include "../../core/lvalue.h"
34 35
 #include "../../core/kemi.h"
35 36
 
... ...
@@ -54,6 +55,11 @@ static int w_secsipid_add_identity(sip_msg_t *msg, char *porigtn, char *pdesttn,
54 55
 			char *pattest, char *porigid, char *px5u, char *pkeypath);
55 56
 static int w_secsipid_get_url(sip_msg_t *msg, char *purl, char *pout);
56 57
 
58
+static int secsipid_libopt_param(modparam_t type, void *val);
59
+
60
+static str_list_t *secsipid_libopt_list = NULL;
61
+static int secsipid_libopt_list_used = 0;
62
+
57 63
 secsipid_papi_t _secsipid_papi = {0};
58 64
 
59 65
 /* clang-format off */
... ...
@@ -75,6 +81,9 @@ static param_export_t params[]={
75 81
 	{"cache_expire",  PARAM_INT,   &secsipid_cache_expire},
76 82
 	{"cache_dir",     PARAM_STR,   &secsipid_cache_dir},
77 83
 	{"modproc",       PARAM_STR,   &secsipid_modproc},
84
+	{"libopt",        PARAM_STR|USE_FUNC_PARAM,
85
+		(void*)secsipid_libopt_param},
86
+
78 87
 	{0, 0, 0}
79 88
 };
80 89
 
... ...
@@ -198,6 +207,13 @@ static int ki_secsipid_check_identity(sip_msg_t *msg, str *keypath)
198 207
 		_secsipid_papi.SecSIPIDSetFileCacheOptions(secsipid_cache_dir.s,
199 208
 				secsipid_cache_expire);
200 209
 	}
210
+	if(secsipid_libopt_list_used==0) {
211
+		str_list_t *sit;
212
+		for(sit=secsipid_libopt_list; sit!=NULL; sit=sit->next) {
213
+			_secsipid_papi.SecSIPIDOptSetV(sit->s.s);
214
+		}
215
+		secsipid_libopt_list_used = 1;
216
+	}
201 217
 	ret = _secsipid_papi.SecSIPIDCheckFull(ibody.s, ibody.len, secsipid_expire,
202 218
 			keypath->s, secsipid_timeout);
203 219
 
... ...
@@ -246,6 +262,14 @@ static int ki_secsipid_check_identity_pubkey(sip_msg_t *msg, str *keyval)
246 262
 		return -1;
247 263
 	}
248 264
 
265
+	if(secsipid_libopt_list_used==0) {
266
+		str_list_t *sit;
267
+		for(sit=secsipid_libopt_list; sit!=NULL; sit=sit->next) {
268
+			_secsipid_papi.SecSIPIDOptSetV(sit->s.s);
269
+		}
270
+		secsipid_libopt_list_used = 1;
271
+	}
272
+
249 273
 	ibody = hf->body;
250 274
 
251 275
 	ret = _secsipid_papi.SecSIPIDCheckFullPubKey(ibody.s, ibody.len,
... ...
@@ -286,6 +310,14 @@ static int ki_secsipid_add_identity(sip_msg_t *msg, str *origtn, str *desttn,
286 310
 	str hdr = STR_NULL;
287 311
 	sr_lump_t *anchor = NULL;
288 312
 
313
+	if(secsipid_libopt_list_used==0) {
314
+		str_list_t *sit;
315
+		for(sit=secsipid_libopt_list; sit!=NULL; sit=sit->next) {
316
+			_secsipid_papi.SecSIPIDOptSetV(sit->s.s);
317
+		}
318
+		secsipid_libopt_list_used = 1;
319
+	}
320
+
289 321
 	ibody.len = _secsipid_papi.SecSIPIDGetIdentity(origtn->s, desttn->s,
290 322
 			attest->s, origid->s, x5u->s, keypath->s, &ibody.s);
291 323
 
... ...
@@ -408,6 +440,13 @@ static sr_kemi_xval_t* ki_secsipid_get_url(sip_msg_t *msg, str *surl)
408 440
 		_secsipid_papi.SecSIPIDSetFileCacheOptions(secsipid_cache_dir.s,
409 441
 				secsipid_cache_expire);
410 442
 	}
443
+	if(secsipid_libopt_list_used==0) {
444
+		str_list_t *sit;
445
+		for(sit=secsipid_libopt_list; sit!=NULL; sit=sit->next) {
446
+			_secsipid_papi.SecSIPIDOptSetV(sit->s.s);
447
+		}
448
+		secsipid_libopt_list_used = 1;
449
+	}
411 450
 	r = _secsipid_papi.SecSIPIDGetURLContent(surl->s, secsipid_timeout,
412 451
 			&_secsipid_get_url_val.s,
413 452
 			&_secsipid_get_url_val.len);
... ...
@@ -464,6 +503,32 @@ static int w_secsipid_get_url(sip_msg_t *msg, char *purl, char *povar)
464 503
 	return 1;
465 504
 }
466 505
 
506
+/**
507
+ *
508
+ */
509
+static int secsipid_libopt_param(modparam_t type, void *val)
510
+{
511
+	str_list_t *sit;
512
+
513
+	if(val==NULL || ((str*)val)->s==NULL || ((str*)val)->len==0) {
514
+		LM_ERR("invalid parameter\n");
515
+		return -1;
516
+	}
517
+
518
+	sit = (str_list_t*)pkg_mallocxz(sizeof(str_list_t));
519
+	if(sit==NULL) {
520
+		PKG_MEM_ERROR;
521
+		return -1;
522
+	}
523
+	sit->s = *((str*)val);
524
+	if(secsipid_libopt_list!=NULL) {
525
+		sit->next = secsipid_libopt_list;
526
+	}
527
+	secsipid_libopt_list = sit;
528
+
529
+	return 0;
530
+}
531
+
467 532
 /**
468 533
  *
469 534
  */
... ...
@@ -45,6 +45,12 @@ typedef struct secsipid_papi {
45 45
 	int (*SecSIPIDGetURLContent)(char* urlVal, int timeoutVal, char** outPtr,
46 46
 			int* outLen);
47 47
 
48
+	int (*SecSIPIDOptSetS)(char* optName, char* optVal);
49
+
50
+	int (*SecSIPIDOptSetN)(char* optName, int optVal);
51
+
52
+	int (*SecSIPIDOptSetV)(char* optNameVal);
53
+
48 54
 } secsipid_papi_t;
49 55
 
50 56
 typedef int (*secsipid_proc_bind_f)(secsipid_papi_t *papi);