FS-3071 I've commited the upstream passphrase backport

author Marc Olivier Chouinard <mochouinard@moctel.com>

Sun, 18 Dec 2011 16:04:59 +0000 (11:04 -0500)

committer Marc Olivier Chouinard <mochouinard@moctel.com>

Sun, 18 Dec 2011 16:04:59 +0000 (11:04 -0500)
author Marc Olivier Chouinard <mochouinard@moctel.com>
Sun, 18 Dec 2011 16:04:59 +0000 (11:04 -0500)
committer Marc Olivier Chouinard <mochouinard@moctel.com>
Sun, 18 Dec 2011 16:04:59 +0000 (11:04 -0500)
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/sofia-sip/tport_tag.h b/libs/sofia-sip/libsofia-sip-ua/tport/sofia-sip/tport_tag.h

index 1390cc2f749cd69513412ca2d8d98b8227f926c3..6745cff1afcd41aa39d1d20b64f844822b103e06 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/sofia-sip/tport_tag.h
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/sofia-sip/tport_tag.h
@@ -198,6 +198,12 @@ enum tport_tls_verify_policy {
    TPTLS_VERIFY_SUBJECTS_ALL = 0xF,
  };
  
+TPORT_DLL extern tag_typedef_t tptag_tls_passphrase;
+#define TPTAG_TLS_PASSPHRASE(x)  tptag_tls_passphrase, tag_str_v(x)
+
+TPORT_DLL extern tag_typedef_t tptag_tls_passphrase_ref;
+#define TPTAG_TLS_PASSPHRASE_REF(x)  tptag_tls_passphrase_ref, tag_str_vr(&(x))
+
  TPORT_DLL extern tag_typedef_t tptag_tls_verify_policy;
  #define TPTAG_TLS_VERIFY_POLICY(x) tptag_tls_verify_policy, tag_uint_v((x))
  
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tag.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tag.c

index 5b7f5fd53e95aa1ef8f977507340ab8df773d93b..c10958a41f8d6a593a143e0b4a346b544c15c8bd 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tag.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tag.c
@@ -288,6 +288,16 @@ tag_typedef_t tptag_tls_version = UINTTAG_TYPEDEF(tls_version);
   */
  tag_typedef_t tptag_tls_verify_peer = UINTTAG_TYPEDEF(tls_verify_peer);
  
+/**@def TPTAG_TLS_PASSPHRASE(x)
+ *
+ * Sets the passphrase password to be used by openSSL to encrypt/decrypt
+ * private key files.
+ *
+ * @NEW_1_12_11.
+ */
+tag_typedef_t tptag_tls_passphrase = STRTAG_TYPEDEF(tls_passphrase);
+
+
  /**@def TPTAG_TLS_VERIFY_POLICY(x)
   *
   * The verification of certificates can be controlled:
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c

index 041ed676115d91e3bd3a488c2190874ee5642c01..2fffbde1104ada6455d6d389ef3d8a577d44d0c9 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
@@ -160,6 +160,27 @@ void tls_log_errors(unsigned level, char const *s, unsigned long e)
    }
  }
  
+/*
+ * This callback hands back the password to be used during decryption.
+ *
+ * buf      : the function will write the password into this buffer
+ * size     : the size of "buf"
+ * rwflag   : indicates whether the callback is being used for reading/
+ *            decryption (0) or writing/encryption (1)
+ * userdata : pointer tls_issues_t where the passphrase is stored
+ */
+static int passwd_cb(char *buf, int size, int rwflag, void *userdata)
+{
+       if (rwflag == 0) { // reading/decryption
+               tls_issues_t *tlsi = (tls_issues_t *)userdata;
+
+               strncpy(buf, tlsi->passphrase, size);
+               buf[size - 1] = '\0';
+
+               return strlen(tlsi->passphrase);
+       }
+       return 0;
+}
  
  static
  tls_t *tls_create(int type)
@@ -290,6 +311,12 @@ int tls_init_context(tls_t *tls, tls_issues_t const *ti)
      return -1;
    }
  
+  /* Set callback if we have a passphrase */
+  if (ti->passphrase != NULL) {
+    SSL_CTX_set_default_passwd_cb(tls->ctx, passwd_cb);
+    SSL_CTX_set_default_passwd_cb_userdata(tls->ctx, (void *)ti);
+  }
+
    if (!SSL_CTX_use_certificate_file(tls->ctx,
                                     ti->cert,
                                     SSL_FILETYPE_PEM)) {
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h

index 416143153b70b101690f2dbc5a1ae9d1f060e02c..dbf6517196f0f811c8546d269f189145a682290c 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h
@@ -56,6 +56,7 @@ typedef struct tls_issues_s {
    int   configured;    /* If non-zero, complain about certificate errors */
    char *cert;          /* CERT file name. File format is PEM         */
    char *key;           /* Private key file. PEM format               */
+  char *passphrase;     /* Passphrase for password protected private key */
    char *randFile;       /* Seed file for the PRNG (default: tls_seed.dat) */
    char *CAfile;                /* PEM file of CA's                           */
    char *CApath;                /* PEM file path of CA's                      */
diff --git a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c

index 7afd34c66d16180c306117468971d09579b2832c..24f5d1b0fb01f0f0616b57f336958c96e9b626e4 100644 (file)
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c
@@ -182,6 +182,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
    char const *path = NULL;
    unsigned tls_version = 1;
    unsigned tls_verify = 0;
+  char const *passphrase = NULL;
    unsigned tls_policy = TPTLS_VERIFY_NONE;
    unsigned tls_depth = 0;
    unsigned tls_date = 1;
@@ -198,6 +199,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
           TPTAG_CERTIFICATE_REF(path),
           TPTAG_TLS_VERSION_REF(tls_version),
           TPTAG_TLS_VERIFY_PEER_REF(tls_verify),
+         TPTAG_TLS_PASSPHRASE_REF(passphrase),
           TPTAG_TLS_VERIFY_POLICY_REF(tls_policy),
           TPTAG_TLS_VERIFY_DEPTH_REF(tls_depth),
           TPTAG_TLS_VERIFY_DATE_REF(tls_date),
@@ -218,6 +220,7 @@ static int tport_tls_init_master(tport_primary_t *pri,
      ti.configured = path != tbf;
      ti.randFile = su_sprintf(autohome, "%s/%s", path, "tls_seed.dat");
      ti.key = su_sprintf(autohome, "%s/%s", path, "agent.pem");
+    ti.passphrase = su_strdup(autohome, passphrase);
      ti.cert = ti.key;
      ti.CAfile = su_sprintf(autohome, "%s/%s", path, "cafile.pem");
      ti.version = tls_version;
author	Marc Olivier Chouinard <mochouinard@moctel.com>
	Sun, 18 Dec 2011 16:04:59 +0000 (11:04 -0500)
committer	Marc Olivier Chouinard <mochouinard@moctel.com>
	Sun, 18 Dec 2011 16:04:59 +0000 (11:04 -0500)
libs/sofia-sip/libsofia-sip-ua/tport/sofia-sip/tport_tag.h		patch \| blob \| blame \| history
libs/sofia-sip/libsofia-sip-ua/tport/tport_tag.c		patch \| blob \| blame \| history
libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c		patch \| blob \| blame \| history
libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h		patch \| blob \| blame \| history
libs/sofia-sip/libsofia-sip-ua/tport/tport_type_tls.c		patch \| blob \| blame \| history