1 From 41b027b68f59913d166c3c91b8fdd2b40088822f Mon Sep 17 00:00:00 2001
2 From: johan pascal <johan.pascal@belledonne-communications.com>
3 Date: Fri, 3 Mar 2023 11:28:25 +0100
4 Subject: [PATCH] remove TLS client certificate callback
7 src/transports/tls_channel.c | 57 +++++++++++++++---------------------
8 1 file changed, 23 insertions(+), 34 deletions(-)
10 diff --git a/src/transports/tls_channel.c b/src/transports/tls_channel.c
11 index 65811a61..9c64b8af 100644
12 --- a/src/transports/tls_channel.c
13 +++ b/src/transports/tls_channel.c
14 @@ -475,37 +475,6 @@ BELLE_SIP_INSTANCIATE_CUSTOM_VPTR_BEGIN(
16 BELLE_SIP_INSTANCIATE_CUSTOM_VPTR_END
18 -static int belle_sip_client_certificate_request_callback(void *data, bctbx_ssl_context_t *ssl_ctx, const bctbx_list_t *names) {
19 - belle_sip_tls_channel_t *channel = (belle_sip_tls_channel_t *)data;
21 - /* ask certificate */
22 - BELLE_SIP_INVOKE_LISTENERS_ARG1_ARG2( channel->base.base.full_listeners
23 - ,belle_sip_channel_listener_t
25 - ,&channel->base.base
26 - ,(names==NULL)?NULL:(char *)names->data); // forward only the first name of the list, this functionnality is not used for now anyway
28 - /* if we got one, set it in the ssl handshake context */
29 - if (channel->client_cert_chain && channel->client_cert_key) {
33 - bctbx_x509_certificate_get_info_string(tmp,sizeof(tmp)-1,"",channel->client_cert_chain->cert);
34 - belle_sip_message("Channel [%p] found client certificate:\n%s",channel,tmp);
36 - if ((err=bctbx_ssl_set_hs_own_cert(channel->sslctx,channel->client_cert_chain->cert,channel->client_cert_key->key))) {
37 - bctbx_strerror(err,tmp,sizeof(tmp)-1);
38 - belle_sip_error("Channel [%p] cannot set retrieved ssl own certificate [%s]",channel,tmp);
39 - return -1; /* we were not able to set the client certificate, something is going wrong, this will abort the handshake*/
44 - belle_sip_warning("Channel [%p] cannot get client certificate to answer server request", channel);
46 - return 0; /* we couldn't find any certificate, just keep on going, server may decide to abort the handshake */
49 static int tls_handle_postcheck(belle_sip_tls_channel_t* channel){
50 if (channel->crypto_config && channel->crypto_config->postcheck_cb){
51 const bctbx_x509_certificate_t *cert = bctbx_ssl_get_peer_certificate(channel->sslctx);
52 @@ -883,6 +852,29 @@ static int belle_sip_tls_channel_init_bc
53 if (crypto_config->ssl_config == NULL) {
54 bctbx_ssl_config_defaults(obj->sslcfg, BCTBX_SSL_IS_CLIENT, BCTBX_SSL_TRANSPORT_STREAM);
55 bctbx_ssl_config_set_authmode(obj->sslcfg, BCTBX_SSL_VERIFY_REQUIRED);
56 + /* set up client certificate */
57 + /* if we do not have one, request it */
58 + if (!(obj->client_cert_chain && obj->client_cert_key)) {
59 + BELLE_SIP_INVOKE_LISTENERS_ARG1_ARG2(obj->base.base.full_listeners, belle_sip_channel_listener_t,
60 + on_auth_requested, &obj->base.base, NULL);
62 + /* now if we do have one set it in the ssl config */
63 + if (obj->client_cert_chain && obj->client_cert_key) {
64 + char tmp[512] = {0};
66 + bctbx_x509_certificate_get_info_string(tmp, sizeof(tmp) - 1, "", obj->client_cert_chain->cert);
67 + belle_sip_message("Channel [%p] found client certificate:\n%s", obj, tmp);
70 + bctbx_ssl_config_set_own_cert(obj->sslcfg, obj->client_cert_chain->cert, obj->client_cert_key->key);
73 + "Unable to set own certificate in config for SSL context at TLS channel creation ret [-0x%x]",
75 + belle_sip_object_unref(obj);
79 } else { /* an SSL config is provided, use it*/
80 int ret = bctbx_ssl_config_set_crypto_library_config(obj->sslcfg, crypto_config->ssl_config);
82 @@ -900,7 +892,6 @@ static int belle_sip_tls_channel_init_bc
83 bctbx_ssl_config_set_ca_chain(obj->sslcfg, obj->root_ca);
85 bctbx_ssl_config_set_callback_verify(obj->sslcfg, belle_sip_ssl_verify, crypto_config);
86 - bctbx_ssl_config_set_callback_cli_cert(obj->sslcfg, belle_sip_client_certificate_request_callback, obj);
88 bctbx_ssl_context_setup(obj->sslctx, obj->sslcfg);
89 bctbx_ssl_set_hostname(obj->sslctx, super->base.peer_cname ? super->base.peer_cname : super->base.peer_name);