10 Apr
2014
10 Apr
'14
4:58 a.m.
Daniel-Constantin Mierla writes:
Note that there should be direct pv alternative, as I
could see in the
module, such as $tls_peer_subject_cn -- see tls_pv structure inside
tls_select.c file of the tls module. Not sure if they were documented
somewhere.
those seem to work without modifying tls module source. i tested like
this:
if (proto == TLS) {
xlog("L_INFO", "tls_my_subject_cn =
<$tls_my_subject_cn>\n");
xlog("L_INFO", "tls_peer_subject_cn =
<$tls_peer_subject_cn>\n");
};
and got:
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: REGISTER
<sip:test@test.tutpro.com> by <test(a)test.tutpro.com> from
<192.98.102.30> is authorized
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: tls_my_subject_cn =
<test.tutpro.com>
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: tls [tls_select.c:152]:
get_cert(): Unable to retrieve TLS certificate from SSL structure
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: INFO: tls_peer_subject_cn =
<<null>>
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: tls [tls_select.c:152]:
get_cert(): Unable to retrieve TLS certificate from SSL structure
Apr 10 11:53:16 siika /usr/sbin/sip-proxy[11597]: ERROR: <core> [lvalue.c:416]:
lval_assign(): assignment failed at pos: (878,49-878,49)
i'm not sure yet, if this peer gave its certificate during the
handshake. if there is no peer certificate, ERROR level message seems
like an overkill. in my opinion it would suffice to return empty
value.
-- juha