SIP-router TLS support :: Virtual domain configuration supportModule: SIP-router TLS support. More...

#include <stdlib.h>
#include <openssl/ssl.h>
#include <openssl/opensslv.h>
#include "../../ut.h"
#include "../../mem/shm_mem.h"
#include "../../pt.h"
#include "../../cfg/cfg.h"
#include "tls_server.h"
#include "tls_util.h"
#include "tls_mod.h"
#include "tls_init.h"
#include "tls_domain.h"
#include "tls_cfg.h"

Include dependency graph for tls_domain.c:

Go to the source code of this file.

Typedefs

typedef int(* per_ctx_cbk_f )(SSL_CTX *ctx, long larg, void *parg)
Called for ctx, with 2 args.

Functions

static int domain_exists (tls_domains_cfg_t *cfg, tls_domain_t *d)
Check whether configuration domain exists.
static int fill_missing (tls_domain_t *d, tls_domain_t *parent)
Initialize TLS domain parameters that have not been configured yet.
static int fix_domain (tls_domain_t *d, tls_domain_t *def)
Initialize all domain attributes from default domains if necessary.
int fix_shm_pathname (str *path)
Fix pathnames when loading domain keys or other list.
static int load_ca_list (tls_domain_t *d)
Load CA list from file.
static int load_cert (tls_domain_t *d)
Load certificate from file.
static int load_crl (tls_domain_t *d)
Load CRL from file.
static int load_private_key (tls_domain_t *d)
Load a private key from a file.
static int passwd_cb (char *buf, int size, int rwflag, void *filename)
Password callback, ask for private key password on CLI.
static int set_cipher_list (tls_domain_t *d)
Configure cipher list.
static int set_session_cache (tls_domain_t *d)
Configure TLS session cache parameters.
static int set_ssl_options (tls_domain_t *d)
Configure generic SSL parameters.
static int set_verification (tls_domain_t *d)
Enable/disable TLS certificate verification.
int tls_add_domain (tls_domains_cfg_t *cfg, tls_domain_t *d)
Add a domain to the configuration set.
void tls_destroy_cfg (void)
Destroy all TLS configuration data.
static int tls_domain_foreach_CTX (tls_domain_t *d, per_ctx_cbk_f ctx_cbk, long l1, void *p2)
Execute callback on all the CTX'es on a domain.
char * tls_domain_str (tls_domain_t *d)
Generate TLS domain identifier.
int tls_fix_domains_cfg (tls_domains_cfg_t *cfg, tls_domain_t *srv_defaults, tls_domain_t *cli_defaults)
Initialize attributes of all domains from default domains if necessary.
static int tls_foreach_CTX_in_cfg (tls_domains_cfg_t *cfg, per_ctx_cbk_f ctx_cbk, long l1, void *p2)
Execute callback on all the CTX'es in all the domains in a tls cfg.
static int tls_foreach_CTX_in_cli_domains (tls_domains_cfg_t *cfg, per_ctx_cbk_f ctx_cbk, long l1, void *p2)
Execute callback on all the CTX'es in all the client domains in a tls cfg.
static int tls_foreach_CTX_in_domain_lst (tls_domain_t *d, per_ctx_cbk_f ctx_cbk, long l1, void *p2)
Execute callback on all the CTX'es on in a domain list.
static int tls_foreach_CTX_in_srv_domains (tls_domains_cfg_t *cfg, per_ctx_cbk_f ctx_cbk, long l1, void *p2)
Execute callback on all the CTX'es in all the srv domains in a tls cfg.
void tls_free_cfg (tls_domains_cfg_t *cfg)
Free TLS configuration structure.
void tls_free_domain (tls_domain_t *d)
Free all memory used by TLS configuration domain.
tls_domain_t * tls_lookup_cfg (tls_domains_cfg_t *cfg, int type, struct ip_addr *ip, unsigned short port)
Lookup TLS configuration based on type, ip, and port.
tls_domains_cfg_t * tls_new_cfg (void)
Create new configuration structure.
tls_domain_t * tls_new_domain (int type, struct ip_addr *ip, unsigned short port)
Create a new TLS domain structure.
static int tls_ssl_ctx_mode (SSL_CTX *ctx, long mode, void *clear)
TLS SSL_CTX_set_mode and SSL_CTX_clear_mode wrapper.
static int tls_ssl_ctx_set_freelist (SSL_CTX *ctx, long val, void *unused)
TLS set ctx->free_list_max_len.
static int tls_ssl_ctx_set_max_send_fragment (SSL_CTX *ctx, long val, void *unused)
TLS SSL_CTX_set_max_send_fragment wrapper.
static int tls_ssl_ctx_set_read_ahead (SSL_CTX *ctx, long val, void *unused)
TLS SSL_CTX_set_read_ahead wrapper.

Detailed Description

Definition in file tls_domain.c.

Typedef Documentation

typedef int(* per_ctx_cbk_f)(SSL_CTX *ctx, long larg, void *parg)

Parameters:

	ctx	SSL context
	larg	?
	parg	?

Returns:: return 0 on succes, <0 on critical error

Definition at line 251 of file tls_domain.c.

Function Documentation

static int domain_exists	(	tls_domains_cfg_t *	cfg,
		tls_domain_t *	d
	)			`[static]`

Parameters:

	cfg	configuration set
	d	checked domain

Returns:: 1 if domain exists, 0 if its not exists

Definition at line 1121 of file tls_domain.c.

References tls_domains_cfg::cli_default, tls_domains_cfg::cli_list, tls_domains_cfg::srv_default, tls_domains_cfg::srv_list, TLS_DOMAIN_DEF, and TLS_DOMAIN_SRV.

Referenced by tls_add_domain().

Here is the caller graph for this function:

static int fill_missing	(	tls_domain_t *	d,
		tls_domain_t *	parent
	)			`[static]`

Initialize TLS domain parameters that have not been configured from parent domain (usually one of default domains)

Parameters:

	d	initialized domain
	parent	parent domain

Returns:: 0 on success, -1 on error

Definition at line 184 of file tls_domain.c.

References _str::len, _str::s, and tls_domain_str().

Referenced by fix_domain().

Here is the call graph for this function:

Here is the caller graph for this function:

static int fix_domain	(	tls_domain_t *	d,
		tls_domain_t *	def
	)			`[static]`

Parameters:

	d	initialized TLS domain
	def	default TLS domains

Definition at line 792 of file tls_domain.c.

References fill_missing(), load_ca_list(), load_cert(), load_crl(), set_cipher_list(), set_session_cache(), set_ssl_options(), set_verification(), and tls_domain_str().

Referenced by tls_fix_domains_cfg().

Here is the call graph for this function:

Here is the caller graph for this function:

int fix_shm_pathname ( str * path )

Fix pathnames, to be used when loading the domain key, cert, ca list a.s.o. It will replace path with a fixed shm allocated version. Assumes path->s was shm allocated.

Parameters:

path

path to be fixed. If it starts with '.' or '/' is left alone (forced "relative" or "absolute" path). Otherwise the path is considered to be relative to the main config file directory (e.g. for /etc/ser/ser.cfg => /etc/ser/<path>).

Returns:: 0 on success, -1 on error

Definition at line 377 of file tls_domain.c.

References get_abs_pathname(), _str::len, and _str::s.

Referenced by load_ca_list(), load_cert(), load_crl(), and load_private_key().

Here is the call graph for this function:

Here is the caller graph for this function:

static int load_ca_list ( tls_domain_t * d ) [static]

Parameters:

d

domain

Returns:: 0 if not configured or on success, -1 on error

Definition at line 432 of file tls_domain.c.

References fix_shm_pathname(), _str::len, _str::s, and tls_domain_str().

Referenced by fix_domain().

Here is the call graph for this function:

Here is the caller graph for this function:

static int load_cert ( tls_domain_t * d ) [static]

Parameters:

d

domain

Returns:: 0 if not configured or on success, -1 on error

Definition at line 402 of file tls_domain.c.

References fix_shm_pathname(), _str::len, _str::s, and tls_domain_str().

Referenced by fix_domain().

Here is the call graph for this function:

Here is the caller graph for this function:

static int load_crl ( tls_domain_t * d ) [static]

Parameters:

d

domain

Returns:: 0 if not configured or on success, -1 on error

Definition at line 468 of file tls_domain.c.

References fix_shm_pathname(), _str::len, _str::s, and tls_domain_str().

Referenced by fix_domain().

Here is the call graph for this function:

Here is the caller graph for this function:

static int load_private_key ( tls_domain_t * d ) [static]

Parameters:

d

TLS domain

Returns:: 0 on success, -1 on error

Definition at line 871 of file tls_domain.c.

References fix_shm_pathname(), _str::len, passwd_cb(), _str::s, and tls_domain_str().

Referenced by tls_fix_domains_cfg().

Here is the call graph for this function:

Here is the caller graph for this function:

static int passwd_cb	(	char *	buf,
		int	size,
		int	rwflag,
		void *	filename
	)			`[static]`

Parameters:

	buf	buffer
	size	buffer size
	rwflag	not used
	filename	filename

Returns:: length of password on success, 0 on error

Definition at line 833 of file tls_domain.c.

Referenced by load_private_key().

Here is the caller graph for this function:

static int set_cipher_list ( tls_domain_t * d ) [static]

Parameters:

d

domain

Returns:: 0 on success, -1 on error

Definition at line 508 of file tls_domain.c.

References _str::len, _str::s, and tls_domain_str().

Referenced by fix_domain().

Here is the call graph for this function:

Here is the caller graph for this function:

static int set_session_cache ( tls_domain_t * d ) [static]

Parameters:

d

domain

Returns:: 0

Definition at line 684 of file tls_domain.c.

References _str::len, and _str::s.

Referenced by fix_domain().

Here is the caller graph for this function:

static int set_ssl_options ( tls_domain_t * d ) [static]

Parameters:

d

domain

Returns:: 0

Definition at line 633 of file tls_domain.c.

Referenced by fix_domain().

Here is the caller graph for this function:

static int set_verification ( tls_domain_t * d ) [static]

Parameters:

d

domain

Returns:: 0

Definition at line 553 of file tls_domain.c.

References TLS_DOMAIN_SRV, and tls_domain_str().

Referenced by fix_domain().

Here is the call graph for this function:

Here is the caller graph for this function:

int tls_add_domain	(	tls_domains_cfg_t *	cfg,
		tls_domain_t *	d
	)

Parameters:

	cfg	configuration set
	d	TLS domain

Returns:: 1 if domain already exists, 0 after addition, -1 on error

Definition at line 1149 of file tls_domain.c.

References tls_domains_cfg::cli_default, tls_domains_cfg::cli_list, domain_exists(), tls_domains_cfg::srv_default, tls_domains_cfg::srv_list, TLS_DOMAIN_CLI, TLS_DOMAIN_DEF, and TLS_DOMAIN_SRV.

Here is the call graph for this function:

static int tls_domain_foreach_CTX	(	tls_domain_t *	d,
		per_ctx_cbk_f	ctx_cbk,
		long	l1,
		void *	p2
	)			`[static]`

Parameters:

	d	domain
	ctx_cbk	callback function
	l1	parameter passed to the callback
	p2	parameter passed to the callback

Returns:: 0 on success, <0 on error

Definition at line 262 of file tls_domain.c.

Referenced by tls_foreach_CTX_in_cli_domains(), tls_foreach_CTX_in_domain_lst(), and tls_foreach_CTX_in_srv_domains().

Here is the caller graph for this function:

char* tls_domain_str ( tls_domain_t * d )

Parameters:

d

printed domain

Returns:: printed domain, with zero termination

Definition at line 155 of file tls_domain.c.

References int2str(), TLS_DOMAIN_DEF, and TLS_DOMAIN_SRV.

Referenced by fill_missing(), fix_domain(), load_ca_list(), load_cert(), load_crl(), load_private_key(), set_cipher_list(), set_verification(), tls_complete_init(), and tls_pre_init().

Here is the call graph for this function:

Here is the caller graph for this function:

int tls_fix_domains_cfg	(	tls_domains_cfg_t *	cfg,
		tls_domain_t *	srv_defaults,
		tls_domain_t *	cli_defaults
	)

Initialize attributes of all domains from default domains if necessary, fill in missing parameters.

Parameters:

	cfg	initialized domain
	srv_defaults	server defaults
	cli_defaults	command line interface defaults

Returns:: 0 on success, -1 on error

Definition at line 932 of file tls_domain.c.

References tls_domains_cfg::cli_default, tls_domains_cfg::cli_list, fix_domain(), load_private_key(), tls_domains_cfg::srv_default, tls_domains_cfg::srv_list, TLS_DOMAIN_CLI, TLS_DOMAIN_DEF, TLS_DOMAIN_SRV, tls_foreach_CTX_in_cfg(), tls_new_domain(), tls_ssl_ctx_mode(), tls_ssl_ctx_set_freelist(), tls_ssl_ctx_set_max_send_fragment(), and tls_ssl_ctx_set_read_ahead().

Here is the call graph for this function:

static int tls_foreach_CTX_in_cfg	(	tls_domains_cfg_t *	cfg,
		per_ctx_cbk_f	ctx_cbk,
		long	l1,
		void *	p2
	)			`[static]`

Parameters:

	cfg	tls cfg
	ctx_cbk	callback function
	l1	parameter passed to the callback
	p2	parameter passed to the callback

Returns:: 0 on success, <0 on error

Definition at line 349 of file tls_domain.c.

References tls_foreach_CTX_in_cli_domains(), and tls_foreach_CTX_in_srv_domains().

Referenced by tls_fix_domains_cfg().

Here is the call graph for this function:

Here is the caller graph for this function:

static int tls_foreach_CTX_in_cli_domains	(	tls_domains_cfg_t *	cfg,
		per_ctx_cbk_f	ctx_cbk,
		long	l1,
		void *	p2
	)			`[static]`

Parameters:

	cfg	tls cfg.
	ctx_cbk	callback function
	l1	parameter passed to the callback
	p2	parameter passed to the callback

Returns:: 0 on success, <0 on error.

Definition at line 327 of file tls_domain.c.

References tls_domains_cfg::cli_default, tls_domains_cfg::cli_list, tls_domain_foreach_CTX(), and tls_foreach_CTX_in_domain_lst().

Referenced by tls_foreach_CTX_in_cfg().

Here is the call graph for this function:

Here is the caller graph for this function:

static int tls_foreach_CTX_in_domain_lst	(	tls_domain_t *	d,
		per_ctx_cbk_f	ctx_cbk,
		long	l1,
		void *	p2
	)			`[static]`

Parameters:

	d	domain
	ctx_cbk	callback function
	l1	parameter passed to the callback
	p2	parameter passed to the callback

Returns:: 0 on success, <0 on error

Definition at line 285 of file tls_domain.c.

References tls_domain_foreach_CTX().

Referenced by tls_foreach_CTX_in_cli_domains(), and tls_foreach_CTX_in_srv_domains().

Here is the call graph for this function:

Here is the caller graph for this function:

static int tls_foreach_CTX_in_srv_domains	(	tls_domains_cfg_t *	cfg,
		per_ctx_cbk_f	ctx_cbk,
		long	l1,
		void *	p2
	)			`[static]`

Parameters:

	cfg	tls cfg.
	ctx_cbk	callback function
	l1	parameter passed to the callback
	p2	parameter passed to the callback

Returns:: 0 on success, <0 on error

Definition at line 305 of file tls_domain.c.

References tls_domains_cfg::srv_default, tls_domains_cfg::srv_list, tls_domain_foreach_CTX(), and tls_foreach_CTX_in_domain_lst().

Referenced by tls_foreach_CTX_in_cfg().

Here is the call graph for this function:

Here is the caller graph for this function:

void tls_free_cfg ( tls_domains_cfg_t * cfg )

Parameters:

cfg

freed configuration

Definition at line 105 of file tls_domain.c.

References tls_domains_cfg::cli_default, tls_domains_cfg::cli_list, tls_domains_cfg::srv_default, tls_domains_cfg::srv_list, and tls_free_domain().

Referenced by tls_destroy_cfg().

Here is the call graph for this function:

Here is the caller graph for this function:

void tls_free_domain ( tls_domain_t * d )

Parameters:

d

freed domain

Definition at line 78 of file tls_domain.c.

References _str::s.

Referenced by tls_free_cfg().

Here is the caller graph for this function:

tls_domain_t* tls_lookup_cfg	(	tls_domains_cfg_t *	cfg,
		int	type,
		struct ip_addr *	ip,
		unsigned short	port
	)

Parameters:

	cfg	configuration set
	type	type of configuration
	ip	IP for configuration
	port	port for configuration

Returns:: found configuration or default, if not found

Definition at line 1090 of file tls_domain.c.

References tls_domains_cfg::cli_default, tls_domains_cfg::cli_list, tls_domains_cfg::srv_default, tls_domains_cfg::srv_list, TLS_DOMAIN_DEF, and TLS_DOMAIN_SRV.

Referenced by tls_complete_init().

Here is the caller graph for this function:

tls_domains_cfg_t* tls_new_cfg ( void )

Create new TLS configuration structure.

Create new configuration structure in new allocated shared memory

Returns:: configuration structure or zero on error

Definition at line 1068 of file tls_domain.c.

tls_domain_t* tls_new_domain	(	int	type,
		struct ip_addr *	ip,
		unsigned short	port
	)

Create a new domain structure in new allocated shared memory.

Parameters:

	type	domain Type
	ip	domain IP
	port	domain port

Returns:: new domain

Definition at line 53 of file tls_domain.c.

Referenced by tls_fix_domains_cfg().

Here is the caller graph for this function:

static int tls_ssl_ctx_mode	(	SSL_CTX *	ctx,
		long	mode,
		void *	clear
	)			`[static]`

Parameters:

	ctx	SSL context
	mode	SSL_MODE_*
	clear	if set to !=0 will do a clear, else (==0) a set

Returns:: 0 (always succeeds)

Definition at line 716 of file tls_domain.c.

Referenced by tls_fix_domains_cfg().

Here is the caller graph for this function:

static int tls_ssl_ctx_set_freelist	(	SSL_CTX *	ctx,
		long	val,
		void *	unused
	)			`[static]`

Parameters:

	ctx	TLS context
	val	value (<0 ignored)
	unused	unused

Returns:: 0 (always succeeds)

Definition at line 739 of file tls_domain.c.

Referenced by tls_fix_domains_cfg().

Here is the caller graph for this function:

static int tls_ssl_ctx_set_max_send_fragment	(	SSL_CTX *	ctx,
		long	val,
		void *	unused
	)			`[static]`

Parameters:

	ctx	TLS context
	val	value (<0 ignored). Should be between 512 and 16k
	unused	unused

Returns:: 0 on success, < 0 on failure (invalid value)

Definition at line 760 of file tls_domain.c.

Referenced by tls_fix_domains_cfg().

Here is the caller graph for this function:

static int tls_ssl_ctx_set_read_ahead	(	SSL_CTX *	ctx,
		long	val,
		void *	unused
	)			`[static]`

Parameters:

	ctx	TLS context
	val	value (<0 ignored, 0 or >0)
	unused	unused

Returns:: 0 (always success).

Definition at line 780 of file tls_domain.c.

Referenced by tls_fix_domains_cfg().

Here is the caller graph for this function:

tls_domain.c File Reference

Typedefs

Functions

Detailed Description

Typedef Documentation

Function Documentation