From fc7239b6cc171b9c1dc5d25f9aa1b759651996c3 Mon Sep 17 00:00:00 2001 From: Henning Westerholt Date: Sun, 10 Feb 2019 14:30:45 +0100 Subject: [PATCH] tls: add support for unique identifier PVs and select (GH #1843) - add support for unique identifier PVs and select, related to issue GH #1843 - new PVs: $tls_peer_subject_uid and $tls_my_subject_uid - new selects: uid, uniqueIdentifier and unique_identifier --- src/modules/tls/tls_select.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/modules/tls/tls_select.c b/src/modules/tls/tls_select.c index ba765ff7558..60c53073707 100644 --- a/src/modules/tls/tls_select.c +++ b/src/modules/tls/tls_select.c @@ -68,6 +68,7 @@ enum { COMP_URI, /* URI from subject/alternative */ COMP_E, /* Email address */ COMP_IP, /* IP from subject/alternative */ + COMP_UI, /* Unique identifier */ TLSEXT_SN /* Server name of the peer */ }; @@ -96,8 +97,9 @@ enum { PV_COMP_URI = 1<<17, /* URI from subject/alternative */ PV_COMP_E = 1<<18, /* Email address */ PV_COMP_IP = 1<<19, /* IP from subject/alternative */ + PV_COMP_UI = 1<<20, /* Unique identifier */ - PV_TLSEXT_SNI = 1<<20, /* Peer's server name (TLS extension) */ + PV_TLSEXT_SNI = 1<<21, /* Peer's server name (TLS extension) */ }; @@ -712,6 +714,7 @@ static int get_comp(str* res, int local, int issuer, int nid, sip_msg_t* msg) case NID_countryName: elem = "CountryName"; break; case NID_stateOrProvinceName: elem = "StateOrProvinceName"; break; case NID_localityName: elem = "LocalityName"; break; + case NID_x500UniqueIdentifier: elem = "UniqueIdentifier"; break; default: elem = "Unknown"; break; } DBG("Element %s not found in certificate subject/issuer\n", elem); @@ -759,6 +762,7 @@ static int sel_comp(str* res, select_t* s, sip_msg_t* msg) case COMP_C: nid = NID_countryName; break; case COMP_ST: nid = NID_stateOrProvinceName; break; case COMP_L: nid = NID_localityName; break; + case COMP_UI: nid = NID_x500UniqueIdentifier; break; default: BUG("Bug in sel_comp: %d\n", s->params[s->n - 1].v.i); return -1; @@ -806,6 +810,7 @@ static int pv_comp(sip_msg_t* msg, pv_param_t* param, pv_value_t* res) case PV_COMP_C: nid = NID_countryName; break; case PV_COMP_ST: nid = NID_stateOrProvinceName; break; case PV_COMP_L: nid = NID_localityName; break; + case PV_COMP_UI: nid = NID_x500UniqueIdentifier; break; default: nid = NID_undef; } @@ -1132,6 +1137,10 @@ select_row_t tls_sel[] = { { sel_name, SEL_PARAM_STR, STR_STATIC_INIT("organizational_unit_name"), sel_comp, DIVERSION | COMP_OU}, { sel_name, SEL_PARAM_STR, STR_STATIC_INIT("unit"), sel_comp, DIVERSION | COMP_OU}, + { sel_name, SEL_PARAM_STR, STR_STATIC_INIT("uid"), sel_comp, DIVERSION | COMP_UI}, + { sel_name, SEL_PARAM_STR, STR_STATIC_INIT("uniqueIdentifier"), sel_comp, DIVERSION | COMP_UI}, + { sel_name, SEL_PARAM_STR, STR_STATIC_INIT("unique_identifier"), sel_comp, DIVERSION | COMP_UI}, + { NULL, SEL_PARAM_INT, STR_NULL, NULL, 0} }; @@ -1251,6 +1260,13 @@ pv_export_t tls_pv[] = { {{"tls_my_issuer_unit", sizeof("tls_my_issuer_unit")-1}, PVT_OTHER, pv_comp, 0, 0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_ISSUER | PV_COMP_OU }, + /* unique identifier for peer and local */ + {{"tls_peer_subject_uid", sizeof("tls_peer_subject_uid")-1}, + PVT_OTHER, pv_comp, 0, + 0, 0, pv_init_iname, PV_CERT_PEER | PV_CERT_SUBJECT | PV_COMP_UI }, + {{"tls_my_subject_uid", sizeof("tls_my_subject_uid")-1}, + PVT_OTHER, pv_comp, 0, + 0, 0, pv_init_iname, PV_CERT_LOCAL | PV_CERT_SUBJECT | PV_COMP_UI }, /* subject alternative name parameters for peer and local */ {{"tls_peer_san_email", sizeof("tls_peer_san_email")-1}, PVT_OTHER, pv_alt, 0,