mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-02 11:06:31 +00:00
6770dc31b7
The verification process will now load a full certificate chain retrieved
via the X5U URL instead of loading only the end user cert.
* Renamed crypto_load_cert_from_file() and crypto_load_cert_from_memory()
to crypto_load_cert_chain_from_file() and crypto_load_cert_chain_from_memory()
respectively.
* The two load functions now continue to load certs from the file or memory
PEMs and store them in a separate stack of untrusted certs specific to the
current verification context.
* crypto_is_cert_trusted() now uses the stack of untrusted certs that were
extracted from the PEM in addition to any untrusted certs that were passed
in from the configuration (and any CA certs passed in from the config of
course).
Resolves: #1272
UserNote: The STIR/SHAKEN verification process will now load a full
certificate chain retrieved via the X5U URL instead of loading only
the end user cert.
(cherry picked from commit ec2591c60b)
77 lines
1.8 KiB
C
77 lines
1.8 KiB
C
/*
|
|
* Asterisk -- An open source telephony toolkit.
|
|
*
|
|
* Copyright (C) 2023, Sangoma Technologies Corporation
|
|
*
|
|
* George Joseph <gjoseph@sangoma.com>
|
|
*
|
|
* See http://www.asterisk.org for more information about
|
|
* the Asterisk project. Please do not directly contact
|
|
* any of the maintainers of this project for assistance;
|
|
* the project provides a web site, mailing lists and IRC
|
|
* channels for your use.
|
|
*
|
|
* This program is free software, distributed under the terms of
|
|
* the GNU General Public License Version 2. See the LICENSE file
|
|
* at the top of the source tree.
|
|
*/
|
|
|
|
#ifndef VERIFICATION_H_
|
|
#define VERIFICATION_H_
|
|
|
|
#include "common_config.h"
|
|
|
|
struct ast_stir_shaken_vs_ctx {
|
|
AST_DECLARE_STRING_FIELDS(
|
|
AST_STRING_FIELD(tag);
|
|
AST_STRING_FIELD(caller_id);
|
|
AST_STRING_FIELD(orig_tn);
|
|
AST_STRING_FIELD(identity_hdr);
|
|
AST_STRING_FIELD(date_hdr);
|
|
AST_STRING_FIELD(filename);
|
|
AST_STRING_FIELD(public_url);
|
|
AST_STRING_FIELD(hash);
|
|
AST_STRING_FIELD(hash_family);
|
|
AST_STRING_FIELD(url_family);
|
|
AST_STRING_FIELD(attestation);
|
|
AST_STRING_FIELD(cert_spc);
|
|
AST_STRING_FIELD(cert_cn);
|
|
);
|
|
struct profile_cfg *eprofile;
|
|
struct ast_channel *chan;
|
|
time_t date_hdr_time;
|
|
time_t validity_check_time;
|
|
long raw_key_len;
|
|
unsigned char *raw_key;
|
|
char expiration[32];
|
|
X509 *xcert;
|
|
STACK_OF(X509) *cert_chain;
|
|
enum ast_stir_shaken_vs_response_code failure_reason;
|
|
};
|
|
|
|
/*!
|
|
* \brief Load the stir/shaken verification service
|
|
*
|
|
* \retval 0 on success
|
|
* \retval -1 on error
|
|
*/
|
|
int vs_load(void);
|
|
|
|
/*!
|
|
* \brief Reload the stir/shaken verification service
|
|
*
|
|
* \retval 0 on success
|
|
* \retval -1 on error
|
|
*/
|
|
int vs_reload(void);
|
|
|
|
/*!
|
|
* \brief Unload the stir/shaken verification service
|
|
*
|
|
* \retval 0 on success
|
|
* \retval -1 on error
|
|
*/
|
|
int vs_unload(void);
|
|
|
|
#endif /* VERIFICATION_H_ */
|