[sr-dev] git:master:c2c3c8b5: tls: new config variable $tls(key)

Module: kamailio Branch: master Commit: c2c3c8b5615294989ac81203e65df76b2a08fb02 URL: https://github.com/kamailio/kamailio/commit/c2c3c8b5615294989ac81203e65df76… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2021-11-24T11:41:17+01:00 tls: new config variable $tls(key) - return attributes related to tls communication - first implemented keys: - m_subject_line - return local (my) certificate subject line - p_subject_line - return remote (peer) certificate subject line --- Modified: src/modules/tls/tls_select.c --- Diff: https://github.com/kamailio/kamailio/commit/c2c3c8b5615294989ac81203e65df76… Patch: https://github.com/kamailio/kamailio/commit/c2c3c8b5615294989ac81203e65df76… --- diff --git a/src/modules/tls/tls_select.c b/src/modules/tls/tls_select.c index 89b6a44b67..9a1f6b94b3 100644 --- a/src/modules/tls/tls_select.c +++ b/src/modules/tls/tls_select.c @@ -39,6 +39,7 @@ #include "../../core/tcp_server.h" #include "../../core/tcp_conn.h" #include "../../core/ut.h" +#include "../../core/pvapi.h" #include "../../core/cfg/cfg.h" #include "../../core/dprint.h" #include "../../core/strutils.h" @@ -1256,8 +1257,84 @@ static int pv_tlsext_sn(sip_msg_t* msg, pv_param_t* param, pv_value_t* res) } +int pv_parse_tls_name(pv_spec_p sp, str *in) +{ + if(sp==NULL || in==NULL || in->len<=0) + return -1; + + switch(in->len) { + case 14: + if(strncmp(in->s, "m_subject_line", 14)==0) + sp->pvp.pvn.u.isname.name.n = 1000; + else if(strncmp(in->s, "p_subject_line", 14)==0) + sp->pvp.pvn.u.isname.name.n = 5000; + else goto error; + break; + default: + goto error; + } + sp->pvp.pvn.type = PV_NAME_INTSTR; + sp->pvp.pvn.u.isname.type = 0; + return 0; +error: + LM_ERR("unknown PV tls name %.*s\n", in->len, in->s); + return -1; +} + + +int pv_get_tls(struct sip_msg *msg, pv_param_t *param, + pv_value_t *res) +{ + SSL *ssl = NULL; + tcp_connection_t *c = NULL; + X509 *cert = NULL; + str sv = STR_NULL; + + if(msg==NULL || param==NULL) { + return -1; + } + + c = get_cur_connection(msg); + if (c == NULL) { + LM_DBG("TLS connection not found\n"); + return pv_get_null(msg, param, res); + } + ssl = get_ssl(c); + if (ssl == NULL) { + goto error; + } + cert = (param->pvn.u.isname.name.n < 5000) ? SSL_get_certificate(ssl) + : SSL_get_peer_certificate(ssl); + if (cert == NULL) { + if (param->pvn.u.isname.name.n < 5000) { + LM_ERR("Unable to retrieve my TLS certificate from SSL structure\n"); + } else { + LM_ERR("Unable to retrieve peer TLS certificate from SSL structure\n"); + } + goto error; + } + + switch(param->pvn.u.isname.name.n) + { + case 1000: + case 5000: + sv.s = pv_get_buffer(); + sv.len = pv_get_buffer_size() - 1; + if(X509_NAME_oneline(X509_get_subject_name(cert), sv.s, sv.len)==NULL) { + goto error; + } + return pv_get_strzval(msg, param, res, sv.s); + break; + default: + goto error; + } + +error: + tcpconn_put(c); + return pv_get_null(msg, param, res); +} select_row_t tls_sel[] = { /* Current cipher parameters */ @@ -1544,6 +1621,8 @@ pv_export_t tls_pv[] = { {{"tls_peer_server_name", sizeof("tls_peer_server_name")-1}, PVT_OTHER, pv_tlsext_sn, 0, 0, 0, pv_init_iname, PV_TLSEXT_SNI }, + { {"tls", (sizeof("tls")-1)}, PVT_OTHER, pv_get_tls, + 0, pv_parse_tls_name, 0, 0, 0}, { {0, 0}, 0, 0, 0, 0, 0, 0, 0 }