tls_select.h

Go to the documentation of this file.
00001 /*
00002  * $Id: tls_select.h 4680 2008-08-12 07:26:43Z klaus_darilion $
00003  *
00004  * Copyright (C) 2006 enum.at
00005  *
00006  * This file is part of Kamailio, a free SIP server.
00007  *
00008  * Kamailio is free software; you can redistribute it and/or modify
00009  * it under the terms of the GNU General Public License as published by
00010  * the Free Software Foundation; either version 2 of the License, or
00011  * (at your option) any later version
00012  *
00013  * Kamailio is distributed in the hope that it will be useful,
00014  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00015  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00016  * GNU General Public License for more details.
00017  *
00018  * You should have received a copy of the GNU General Public License 
00019  * along with this program; if not, write to the Free Software 
00020  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00021  */
00022 
00023 #ifndef _TLS_SELECT_H_
00024 #define _TLS_SELECT_H_
00025 
00026 #include <openssl/ssl.h>
00027 
00028 #include "../../parser/msg_parser.h"
00029 #include "../../pvar.h"
00030 
00031 enum {
00032    CERT_LOCAL      = 1<<0,   /* Select local certificate */
00033    CERT_PEER       = 1<<1,   /* Select peer certificate */
00034    CERT_SUBJECT    = 1<<2,   /* Select subject part of certificate */
00035    CERT_ISSUER     = 1<<3,   /* Select issuer part of certificate */
00036 
00037    CERT_VERIFIED   = 1<<4,   /* Test for verified certificate */
00038    CERT_REVOKED    = 1<<5,   /* Test for revoked certificate */
00039    CERT_EXPIRED    = 1<<6,   /* Expiration certificate test */
00040    CERT_SELFSIGNED = 1<<7,   /* self-signed certificate test */
00041    CERT_NOTBEFORE  = 1<<8,   /* Select validity end from certificate */
00042    CERT_NOTAFTER   = 1<<9,   /* Select validity start from certificate */
00043 
00044    COMP_CN = 1<<10,          /* Common name */
00045    COMP_O  = 1<<11,          /* Organization name */
00046    COMP_OU = 1<<12,          /* Organization unit */
00047    COMP_C  = 1<<13,          /* Country name */
00048    COMP_ST = 1<<14,          /* State */
00049    COMP_L  = 1<<15,          /* Locality/town */
00050 
00051    COMP_HOST = 1<<16,        /* hostname from subject/alternative */
00052    COMP_URI  = 1<<17,        /* URI from subject/alternative */
00053    COMP_E    = 1<<18,        /* Email address */
00054    COMP_IP   = 1<<19,        /* IP from subject/alternative */
00055 
00056    TLSEXT_SNI = 1<<20,       /* Peer's server name (TLS extension) */
00057 };
00058 
00059 
00060 typedef int select_t;
00061 
00062 int tlsops_cipher(struct sip_msg *msg, pv_param_t *param,
00063       pv_value_t *res);
00064 
00065 int tlsops_bits(struct sip_msg *msg, pv_param_t *param,
00066       pv_value_t *res);
00067 
00068 int tlsops_version(struct sip_msg *msg, pv_param_t *param,
00069       pv_value_t *res);
00070 
00071 int tlsops_desc(struct sip_msg *msg, pv_param_t *param,
00072       pv_value_t *res);
00073 
00074 int tlsops_cert_version(struct sip_msg *msg, pv_param_t *param,
00075       pv_value_t *res);
00076 
00077 /*
00078  * Check whether peer certificate exists and verify the result
00079  * of certificate verification
00080  */
00081 int tlsops_check_cert(struct sip_msg *msg, pv_param_t *param,
00082       pv_value_t *res);
00083 
00084 int tlsops_validity(struct sip_msg *msg, pv_param_t *param,
00085       pv_value_t *res);
00086 
00087 int tlsops_sn(struct sip_msg *msg, pv_param_t *param,
00088       pv_value_t *res);
00089 
00090 int tlsops_comp(struct sip_msg *msg, pv_param_t *param,
00091       pv_value_t *res);
00092 
00093 int tlsops_alt(struct sip_msg *msg, pv_param_t *param,
00094       pv_value_t *res);
00095 
00096 int tlsops_tlsext(struct sip_msg *msg, pv_param_t *param,
00097       pv_value_t *res);
00098 
00099 #endif