-
由 Michael Jerris 提交于
* TLS Subject Checking in tport sofia-sip/tport.h: * tport_delivered_from_subjects() returns type (su_strlst_t const *) * Export tport_subject_search() sofia-sip/tport_tag.h + tport_tag.c: * Remove TPTAG_TLS_VERIFY_PEER() - Depreciated. Use TPTAG_TLS_VERIFY_POLICY instead. - Binary Compatibility is preserved. * Add TPTAG_TLS_VERIFY_POLICY() - tport can verify incoming and/or outgoing connections, using: 1) Certificate Signatures only - or - 2) Certificate Signatures and Certificate Subjects * Add TPTAG_TLS_VERIFY_DEPTH() - Restrict certificate chain verification to a set length. * Add TPTAG_TLS_VERIFY_DATE() - Disable notBefore/notAfter checking (application: embedded devices) * Add TPTAG_TLS_VERIFY_SUBJECTS() - Incoming connections must present client certificates with subjects that match an item in this list. - Intended Use: Proxy Authentication * Replaced TPTAG_TRUSTED() with TPTAG_X509_SUBJECT() - Commented out for future use. - Intended Use: SIP User Identities in Server Certificates. * Add appropriate doxygen documentation. tport.c * Add tport_subject_search() - Subject can be a hostname, IP Address, or a URI. - Valid subject examples include: example.com alice@example.com sip:alice@example.com sips:alice@example.com * tport_by_addrinfo() matches tpn_canon against the subject list of reusable TLS connections. tport_tls.h: * Add tls_init_secondary() * Remove tls_init_slave() & tls_init_client() tport_tls.c: * tls_verify_cb() supports TPTAG_TLS_VERIFY_DATE() * tls_post_connection_check() verifies certificate subjects. * tls_init_secondary() - Replaces tls_init_slave(), tls_init_client(), and tls_clone(). tport_type_tls.c: * Removed erroneous reference to tport_tls_deliver() * Fix a memory leak caused by duplicate calls to tls_clone(). * Populate the (tport_t *)->tp_subjects field with peer certificate data for new secondary connections. git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@11830 d0543943-73ff-0310-b7d9-9358b9ac24b238dabb36
