[OpenSIPS-Devel] [OpenSIPS/opensips] 2854af: Added proto function for extra conn matching.

Vlad Pătrașcu noreply at github.com
Mon Jan 18 19:48:08 EST 2021 

  Branch: refs/heads/2.4
  Home:   https://github.com/OpenSIPS/opensips
  Commit: 2854afbf87c16f26f1018ee4566491aa3d3c1522
      https://github.com/OpenSIPS/opensips/commit/2854afbf87c16f26f1018ee4566491aa3d3c1522
  Author: Bogdan-Andrei Iancu <bogdan at opensips.org>
  Date:   2021-01-17 (Sun, 17 Jan 2021)

  Changed paths:
    M modules/proto_bin/proto_bin.c
    M modules/proto_hep/proto_hep.c
    M modules/proto_tls/doc/proto_tls_admin.xml
    M modules/proto_tls/proto_tls.c
    M modules/proto_ws/proto_ws.c
    M modules/proto_wss/doc/proto_wss_admin.xml
    M modules/proto_wss/proto_wss.c
    M modules/tls_mgm/tls_conn_ops.h
    M modules/tls_mgm/tls_select.c
    M net/api_proto_net.h
    M net/net_tcp.c
    M net/net_tcp.h
    M net/proto_tcp/proto_tcp.c

  Log Message:
  -----------
  Added proto function for extra conn matching.

A TCP-based protocol may export an API function for performing extra checks when comes to matching and re-using existing connections.
For now the SSL using modules (TLS & WSS) are using the function to perform SSL cert matching, to avoid re-using connections with wrong SSL certificate.
Fixes #1651

(cherry picked from commit e41465513c01a61b3ed33ad4eb71f91585a391a4)


  Commit: 58f42976e44c3dfeaaab209ae1aec4f430b719d3
      https://github.com/OpenSIPS/opensips/commit/58f42976e44c3dfeaaab209ae1aec4f430b719d3
  Author: Vlad Patrascu <vladp at opensips.org>
  Date:   2021-01-17 (Sun, 17 Jan 2021)

  Changed paths:
    M modules/proto_tls/proto_tls.c
    M modules/proto_wss/proto_wss.c
    M modules/tls_mgm/tls_config_helper.h
    M modules/tls_mgm/tls_conn_ops.h

  Log Message:
  -----------
  tls: fix certificate matching when reusing connections

The SSL_CTX pointers may not be equal for the same SSL pointer (connection)
after the rework that changed the storage of the context to be
per-process. The tls_domain saved in the SSL extra storage will now be
used for matching the certificates instead.

(cherry picked from commit 582170270c3e0e41d539108b640552ae3cb23cfd)


Compare: https://github.com/OpenSIPS/opensips/compare/460163610179...58f42976e44c

More information about the Devel mailing list