Ignore:
Timestamp:
Feb 24, 2010 5:43:34 AM (14 years ago)
Author:
nanang
Message:

Ticket #1032:

  • Initial version of server domain name verification:
    • Updated SSL certificate info, especially identities info
    • Updated verification mechanism as in the specifications in ticket desc.
    • Added server domain name info in pjsip_tx_data.
    • Added alternative API for acquiring transport and creating transport of transport factory to include pjsip_tx_data param.
    • Server identity match criteria:
      • full host name match
      • wild card not accepted
      • if identity is URI, it must be SIP/SIPS URI
  • Initial version of transport state notifications:
    • Added new API to set transport state callback in PJSIP and PJSUA.
    • Defined states: connected/disconnected, accepted/rejected, verification errors.
  • Minors:
    • Updated SSL socket test: dump verification result, test of requiring client cert, and few minors.
    • Updated test cert to include subjectAltName extensions.
    • Added SSL certificate dump function.
    • Updated max number of socket async operations in Symbian sample apps (RSocketServ::Connect()) to 32 (was default 8).
File:
1 edited

Legend:

Unmodified
Added
Removed

  • pjproject/trunk/pjlib/src/pj/ssl_sock_common.c

    r2998 r3106  
    1818 */ 
    1919#include <pj/ssl_sock.h> 
     20#include <pj/assert.h> 
    2021#include <pj/errno.h> 
    2122#include <pj/string.h> 
     
    129130 
    130131 
     132/* Get cipher name string */ 
    131133PJ_DEF(const char*) pj_ssl_cipher_name(pj_ssl_cipher cipher) 
    132134{ 
     
    141143    return NULL; 
    142144} 
     145 
     146 
     147 
     148 
     149PJ_DEF(pj_status_t) pj_ssl_cert_verify_error_st(pj_uint32_t verify_status,  
     150                                                const char *error_strings[], 
     151                                                unsigned *count) 
     152{ 
     153    unsigned i = 0, shift_idx = 0; 
     154    unsigned unknown = 0; 
     155    pj_uint32_t errs; 
     156 
     157    PJ_ASSERT_RETURN(error_strings && count, PJ_EINVAL); 
     158 
     159    if (verify_status == PJ_SSL_CERT_ESUCCESS && *count) { 
     160        error_strings[0] = "OK"; 
     161        *count = 1; 
     162        return PJ_SUCCESS; 
     163    } 
     164 
     165    errs = verify_status; 
     166 
     167    while (errs && i < *count) { 
     168        pj_uint32_t err; 
     169        const char *p = NULL; 
     170 
     171        if ((errs & 1) == 0) { 
     172            shift_idx++; 
     173            errs >>= 1; 
     174            continue; 
     175        } 
     176 
     177        err = (1 << shift_idx); 
     178 
     179        switch (err) { 
     180        case PJ_SSL_CERT_EISSUER_NOT_FOUND: 
     181            p = "The issuer certificate cannot be found"; 
     182            break; 
     183        case PJ_SSL_CERT_EUNTRUSTED: 
     184            p = "The certificate is untrusted"; 
     185            break; 
     186        case PJ_SSL_CERT_EVALIDITY_PERIOD: 
     187            p = "The certificate has expired or not yet valid"; 
     188            break; 
     189        case PJ_SSL_CERT_EINVALID_FORMAT: 
     190            p = "One or more fields of the certificate cannot be decoded " 
     191                "due to invalid format"; 
     192            break; 
     193        case PJ_SSL_CERT_EISSUER_MISMATCH: 
     194            p = "The issuer info in the certificate does not match to the " 
     195                "(candidate) issuer certificate"; 
     196            break; 
     197        case PJ_SSL_CERT_ECRL_FAILURE: 
     198            p = "The CRL certificate cannot be found or cannot be read " 
     199                "properly"; 
     200            break; 
     201        case PJ_SSL_CERT_EREVOKED: 
     202            p = "The certificate has been revoked"; 
     203            break; 
     204        case PJ_SSL_CERT_EINVALID_PURPOSE: 
     205            p = "The certificate or CA certificate cannot be used for the " 
     206                "specified purpose"; 
     207            break; 
     208        case PJ_SSL_CERT_ECHAIN_TOO_LONG: 
     209            p = "The certificate chain length is too long"; 
     210            break; 
     211        case PJ_SSL_CERT_EIDENTITY_NOT_MATCH: 
     212            p = "The server identity does not match to any identities " 
     213                "specified in the certificate"; 
     214            break; 
     215        case PJ_SSL_CERT_EUNKNOWN: 
     216        default: 
     217            unknown++; 
     218            break; 
     219        } 
     220         
     221        /* Set error string */ 
     222        if (p) 
     223            error_strings[i++] = p; 
     224 
     225        /* Next */ 
     226        shift_idx++; 
     227        errs >>= 1; 
     228    } 
     229 
     230    /* Unknown error */ 
     231    if (unknown && i < *count) 
     232        error_strings[i++] = "Unknown verification error"; 
     233 
     234    *count = i; 
     235 
     236    return PJ_SUCCESS; 
     237} 
Note: See TracChangeset for help on using the changeset viewer.