mirror of
				https://github.com/asterisk/asterisk.git
				synced 2025-10-26 14:27:14 +00:00 
			
		
		
		
	The verification process will now load a full certificate chain retrieved via the X5U URL instead of loading only the end user cert. * Renamed crypto_load_cert_from_file() and crypto_load_cert_from_memory() to crypto_load_cert_chain_from_file() and crypto_load_cert_chain_from_memory() respectively. * The two load functions now continue to load certs from the file or memory PEMs and store them in a separate stack of untrusted certs specific to the current verification context. * crypto_is_cert_trusted() now uses the stack of untrusted certs that were extracted from the PEM in addition to any untrusted certs that were passed in from the configuration (and any CA certs passed in from the config of course). Resolves: #1272 UserNote: The STIR/SHAKEN verification process will now load a full certificate chain retrieved via the X5U URL instead of loading only the end user cert.
		
			
				
	
	
		
			77 lines
		
	
	
		
			1.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			77 lines
		
	
	
		
			1.8 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * Asterisk -- An open source telephony toolkit.
 | |
|  *
 | |
|  * Copyright (C) 2023, Sangoma Technologies Corporation
 | |
|  *
 | |
|  * George Joseph <gjoseph@sangoma.com>
 | |
|  *
 | |
|  * See http://www.asterisk.org for more information about
 | |
|  * the Asterisk project. Please do not directly contact
 | |
|  * any of the maintainers of this project for assistance;
 | |
|  * the project provides a web site, mailing lists and IRC
 | |
|  * channels for your use.
 | |
|  *
 | |
|  * This program is free software, distributed under the terms of
 | |
|  * the GNU General Public License Version 2. See the LICENSE file
 | |
|  * at the top of the source tree.
 | |
|  */
 | |
| 
 | |
| #ifndef VERIFICATION_H_
 | |
| #define VERIFICATION_H_
 | |
| 
 | |
| #include "common_config.h"
 | |
| 
 | |
| struct ast_stir_shaken_vs_ctx {
 | |
| 	AST_DECLARE_STRING_FIELDS(
 | |
| 		AST_STRING_FIELD(tag);
 | |
| 		AST_STRING_FIELD(caller_id);
 | |
| 		AST_STRING_FIELD(orig_tn);
 | |
| 		AST_STRING_FIELD(identity_hdr);
 | |
| 		AST_STRING_FIELD(date_hdr);
 | |
| 		AST_STRING_FIELD(filename);
 | |
| 		AST_STRING_FIELD(public_url);
 | |
| 		AST_STRING_FIELD(hash);
 | |
| 		AST_STRING_FIELD(hash_family);
 | |
| 		AST_STRING_FIELD(url_family);
 | |
| 		AST_STRING_FIELD(attestation);
 | |
| 		AST_STRING_FIELD(cert_spc);
 | |
| 		AST_STRING_FIELD(cert_cn);
 | |
| 	);
 | |
| 	struct profile_cfg *eprofile;
 | |
| 	struct ast_channel *chan;
 | |
| 	time_t date_hdr_time;
 | |
| 	time_t validity_check_time;
 | |
| 	long raw_key_len;
 | |
| 	unsigned char *raw_key;
 | |
| 	char expiration[32];
 | |
| 	X509 *xcert;
 | |
| 	STACK_OF(X509) *cert_chain;
 | |
| 	enum ast_stir_shaken_vs_response_code failure_reason;
 | |
| };
 | |
| 
 | |
| /*!
 | |
|  * \brief Load the stir/shaken verification service
 | |
|  *
 | |
|  * \retval 0 on success
 | |
|  * \retval -1 on error
 | |
|  */
 | |
| int vs_load(void);
 | |
| 
 | |
| /*!
 | |
|  * \brief Reload the stir/shaken verification service
 | |
|  *
 | |
|  * \retval 0 on success
 | |
|  * \retval -1 on error
 | |
|  */
 | |
| int vs_reload(void);
 | |
| 
 | |
| /*!
 | |
|  * \brief Unload the stir/shaken verification service
 | |
|  *
 | |
|  * \retval 0 on success
 | |
|  * \retval -1 on error
 | |
|  */
 | |
| int vs_unload(void);
 | |
| 
 | |
| #endif /* VERIFICATION_H_ */
 |