tls_init.c File Reference
Kamailio TLS support :: InitializationModule: Kamailio TLS support. More...
#include <stdio.h>
#include "tls_init.h"
#include "tls_config.h"
#include "../dprint.h"
#include "../mem/shm_mem.h"
#include "../tcp_init.h"
#include "../ut.h"
#include "tls_domain.h"
#include <openssl/ui.h>
#include <openssl/ssl.h>
#include <openssl/opensslv.h>
#include <openssl/err.h>
#include <openssl/comp.h>
#include <netinet/in_systm.h>
#include <netinet/tcp.h>
#include <netinet/ip.h>
#include <unistd.h>
Go to the source code of this file.
Defines | |
| #define | NUM_RETRIES 3 |
| #define | SER_SSL_SESS_ID ((unsigned char*)"Kamailio-tls") |
| #define | SER_SSL_SESS_ID_LEN (sizeof(SER_SSL_SESS_ID)-1) |
| #define | VERIFY_DEPTH_S 3 |
Functions | |
| static int | check_for_krb (void) |
| void | destroy_tls (void) |
| called from main.c when kamailio exits (main process) | |
| static int | init_ssl_ctx_behavior (struct tls_domain *d) |
| Setup default SSL_CTX (and SSL * ) behavior: verification, cipherlist, acceptable versions, ... | |
| static void | init_ssl_methods (void) |
| initialize ssl methods | |
| int | init_tls (void) |
| called once from main.c (main process) | |
| int | init_tls_domains (struct tls_domain *d) |
| initialize tls virtual domains | |
| static int | load_ca (SSL_CTX *ctx, char *filename) |
| Load a caList, to be used to verify the client's certificate. The list is to be stored in a single file, containing all the acceptable root certificates. | |
| static int | load_certificate (SSL_CTX *ctx, char *filename) |
| load a certificate from a file (certificate file can be a chain, starting by the user cert, and ending in the root CA; if not all needed certs are in this file, they are looked up in the caFile or caPATH (see verify function). | |
| static int | load_private_key (SSL_CTX *ctx, char *filename) |
| load a private key from a file | |
| static int | passwd_cb (char *buf, int size, int rwflag, void *filename) |
| int | pre_init_tls (void) |
| called once from main.c (main process) before parsing the configuration | |
| static void | ser_free (void *ptr) |
| static void * | ser_malloc (size_t size) |
| static void * | ser_realloc (void *ptr, size_t size) |
| int | tls_init (struct socket_info *si) |
| int | verify_callback (int pre_verify_ok, X509_STORE_CTX *ctx) |
| This callback is called during each verification process, at each step during the chain of certificates (this function is not the certificate_verification one!). | |
Variables | |
| SSL_METHOD * | ssl_methods [TLS_USE_SSLv23+1] |
Detailed Description
Kamailio TLS support :: InitializationModule: Kamailio TLS support.
Definition in file tls_init.c.
Define Documentation
| #define NUM_RETRIES 3 |
| #define SER_SSL_SESS_ID ((unsigned char*)"Kamailio-tls") |
| #define SER_SSL_SESS_ID_LEN (sizeof(SER_SSL_SESS_ID)-1) |
| #define VERIFY_DEPTH_S 3 |
Definition at line 79 of file tls_init.c.
Referenced by init_ssl_ctx_behavior(), and verify_callback().
Function Documentation
| static int check_for_krb | ( | void | ) | [static] |
Definition at line 530 of file tls_init.c.
References LM_INFO, NULL, and ssl_methods.
Referenced by init_tls().
| void destroy_tls | ( | void | ) |
called from main.c when kamailio exits (main process)
just once before cleanup
Definition at line 754 of file tls_init.c.
References tls_domain::ctx, LM_DBG, tls_domain::next, tls_client_domains, tls_default_client_domain, tls_default_server_domain, tls_free_domains(), and tls_server_domains.
Referenced by cleanup().
| static int init_ssl_ctx_behavior | ( | struct tls_domain * | d | ) | [static] |
Setup default SSL_CTX (and SSL * ) behavior: verification, cipherlist, acceptable versions, ...
Definition at line 415 of file tls_init.c.
References tls_domain::ciphers_list, tls_domain::ctx, LM_DBG, LM_ERR, LM_NOTICE, LM_WARN, tls_domain::require_client_cert, SER_SSL_SESS_ID, SER_SSL_SESS_ID_LEN, TLS_DOMAIN_SRV, tls_domain::type, verify_callback(), tls_domain::verify_cert, and VERIFY_DEPTH_S.
Referenced by init_tls_domains().
| static void init_ssl_methods | ( | void | ) | [static] |
initialize ssl methods
Definition at line 389 of file tls_init.c.
References LM_DBG, ssl_methods, TLS_USE_SSLv2, TLS_USE_SSLv23, TLS_USE_SSLv23_cli, TLS_USE_SSLv23_srv, TLS_USE_SSLv2_cli, TLS_USE_SSLv2_srv, TLS_USE_SSLv3, TLS_USE_SSLv3_cli, TLS_USE_SSLv3_srv, TLS_USE_TLSv1, TLS_USE_TLSv1_cli, and TLS_USE_TLSv1_srv.
Referenced by init_tls().
| int init_tls | ( | void | ) |
called once from main.c (main process)
just once, initialize the tls subsystem
Definition at line 558 of file tls_init.c.
References check_for_krb(), init_ssl_methods(), init_tls_domains(), LM_DBG, LM_ERR, LM_INFO, LM_WARN, ser_free(), ser_malloc(), ser_realloc(), tls_client_domains, tls_default_client_domain, tls_default_server_domain, and tls_server_domains.
Referenced by main().
| int init_tls_domains | ( | struct tls_domain * | d | ) |
initialize tls virtual domains
initialize tls domains
Definition at line 648 of file tls_init.c.
References tls_domain::addr, tls_domain::ca_file, tls_domain::cert_file, tls_domain::ctx, init_ssl_ctx_behavior(), ip_addr2a(), _str::len, LM_DBG, LM_ERR, LM_INFO, LM_NOTICE, load_ca(), load_certificate(), load_private_key(), tls_domain::method, tls_domain::name, tls_domain::next, NULL, tls_domain::pkey_file, tls_domain::port, _str::s, ssl_methods, tls_ca_file, tls_cert_file, TLS_DOMAIN_SRV, TLS_METHOD_UNSPEC, tls_pkey_file, tls_domain::type, and ZSW.
Referenced by init_tls().
| static int load_ca | ( | SSL_CTX * | ctx, | |
| char * | filename | |||
| ) | [static] |
Load a caList, to be used to verify the client's certificate. The list is to be stored in a single file, containing all the acceptable root certificates.
Definition at line 372 of file tls_init.c.
References LM_DBG, and LM_ERR.
Referenced by init_tls_domains().
| static int load_certificate | ( | SSL_CTX * | ctx, | |
| char * | filename | |||
| ) | [static] |
load a certificate from a file (certificate file can be a chain, starting by the user cert, and ending in the root CA; if not all needed certs are in this file, they are looked up in the caFile or caPATH (see verify function).
Definition at line 311 of file tls_init.c.
References LM_DBG, and LM_ERR.
Referenced by init_tls_domains().
| static int load_private_key | ( | SSL_CTX * | ctx, | |
| char * | filename | |||
| ) | [static] |
load a private key from a file
Definition at line 330 of file tls_init.c.
References LM_DBG, LM_ERR, NUM_RETRIES, and passwd_cb().
Referenced by init_tls_domains().
| static int passwd_cb | ( | char * | buf, | |
| int | size, | |||
| int | rwflag, | |||
| void * | filename | |||
| ) | [static] |
| int pre_init_tls | ( | void | ) |
called once from main.c (main process) before parsing the configuration
Definition at line 790 of file tls_init.c.
References tls_domain::addr, ip_addr::af, LM_DBG, LM_ERR, tls_default_client_domain, tls_default_server_domain, TLS_DOMAIN_CLI, TLS_DOMAIN_DEF, TLS_DOMAIN_SRV, and tls_new_domain().
Referenced by main().
| static void ser_free | ( | void * | ptr | ) | [static] |
| static void* ser_malloc | ( | size_t | size | ) | [static] |
| static void* ser_realloc | ( | void * | ptr, | |
| size_t | size | |||
| ) | [static] |
| int tls_init | ( | struct socket_info * | si | ) |
Definition at line 280 of file tls_init.c.
References LM_DBG, LM_ERR, socket_info::proto, PROTO_TLS, socket_info::socket, and tcp_init().
Referenced by main_loop().
| int verify_callback | ( | int | pre_verify_ok, | |
| X509_STORE_CTX * | ctx | |||
| ) |
This callback is called during each verification process, at each step during the chain of certificates (this function is not the certificate_verification one!).
Definition at line 84 of file tls_init.c.
References buf, LM_NOTICE, and VERIFY_DEPTH_S.
Referenced by init_ssl_ctx_behavior().
Variable Documentation
| SSL_METHOD* ssl_methods[TLS_USE_SSLv23+1] |
Definition at line 77 of file tls_init.c.
Referenced by check_for_krb(), init_ssl_methods(), and init_tls_domains().
