mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-20 17:27:00 +01:00
* src/ejabberd_config.erl: Support for per host certificates
* src/ejabberd_c2s.erl: Likewise * src/ejabberd_s2s_out.erl: Likewise * src/ejabberd.cfg.example: Updated * src/ejabberd_s2s_in.erl: Fixed id-on-xmppAddr processing SVN Revision: 432
This commit is contained in:
Alexey Shchepin
parent
eb1b33c5a4
commit
719cd49e59
@ -1,3 +1,12 @@
|
|||||||
|
2005-11-05 Alexey Shchepin <alexey@sevcom.net>
|
||||||
|
|
||||||
|
* src/ejabberd_config.erl: Support for per host certificates
|
||||||
|
* src/ejabberd_c2s.erl: Likewise
|
||||||
|
* src/ejabberd_s2s_out.erl: Likewise
|
||||||
|
* src/ejabberd.cfg.example: Updated
|
||||||
|
|
||||||
|
* src/ejabberd_s2s_in.erl: Fixed id-on-xmppAddr processing
|
||||||
|
|
||||||
2005-11-03 Alexey Shchepin <alexey@sevcom.net>
|
2005-11-03 Alexey Shchepin <alexey@sevcom.net>
|
||||||
|
|
||||||
* src/mod_disco.erl: Fixed extra_domains option processing
|
* src/mod_disco.erl: Fixed extra_domains option processing
|
||||||
|
|||||||
@ -119,6 +119,8 @@
|
|||||||
% Use STARTTLS+Dialback for S2S connections
|
% Use STARTTLS+Dialback for S2S connections
|
||||||
{s2s_use_starttls, true}.
|
{s2s_use_starttls, true}.
|
||||||
{s2s_certfile, "./ssl.pem"}.
|
{s2s_certfile, "./ssl.pem"}.
|
||||||
|
%{domain_certfile, "example.org", "./example_org.pem"}.
|
||||||
|
%{domain_certfile, "example.com", "./example_com.pem"}.
|
||||||
|
|
||||||
% If SRV lookup fails, then port 5269 is used to communicate with remote server
|
% If SRV lookup fails, then port 5269 is used to communicate with remote server
|
||||||
{outgoing_s2s_port, 5269}.
|
{outgoing_s2s_port, 5269}.
|
||||||
|
|||||||
@ -473,7 +473,16 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
|
|||||||
TLSEnabled == false,
|
TLSEnabled == false,
|
||||||
SockMod == gen_tcp ->
|
SockMod == gen_tcp ->
|
||||||
Socket = StateData#state.socket,
|
Socket = StateData#state.socket,
|
||||||
TLSOpts = StateData#state.tls_options,
|
TLSOpts = case ejabberd_config:get_local_option(
|
||||||
|
{domain_certfile, StateData#state.server}) of
|
||||||
|
undefined ->
|
||||||
|
StateData#state.tls_options;
|
||||||
|
CertFile ->
|
||||||
|
[{certfile, CertFile} |
|
||||||
|
lists:keydelete(
|
||||||
|
certfile, 1, StateData#state.tls_options)]
|
||||||
|
end,
|
||||||
|
io:format("O: ~p~n", [TLSOpts]),
|
||||||
{ok, TLSSocket} = tls:tcp_to_tls(Socket, TLSOpts),
|
{ok, TLSSocket} = tls:tcp_to_tls(Socket, TLSOpts),
|
||||||
ejabberd_receiver:starttls(StateData#state.receiver, TLSSocket),
|
ejabberd_receiver:starttls(StateData#state.receiver, TLSSocket),
|
||||||
send_element(StateData,
|
send_element(StateData,
|
||||||
|
|||||||
@ -110,8 +110,10 @@ process_term(Term, State) ->
|
|||||||
add_option(outgoing_s2s_port, Port, State);
|
add_option(outgoing_s2s_port, Port, State);
|
||||||
{s2s_use_starttls, Port} ->
|
{s2s_use_starttls, Port} ->
|
||||||
add_option(s2s_use_starttls, Port, State);
|
add_option(s2s_use_starttls, Port, State);
|
||||||
{s2s_certfile, Port} ->
|
{s2s_certfile, CertFile} ->
|
||||||
add_option(s2s_certfile, Port, State);
|
add_option(s2s_certfile, CertFile, State);
|
||||||
|
{domain_certfile, Domain, CertFile} ->
|
||||||
|
add_option({domain_certfile, Domain}, CertFile, State);
|
||||||
{Opt, Val} ->
|
{Opt, Val} ->
|
||||||
lists:foldl(fun(Host, S) -> process_host_term(Term, Host, S) end,
|
lists:foldl(fun(Host, S) -> process_host_term(Term, Host, S) end,
|
||||||
State, State#state.hosts)
|
State, State#state.hosts)
|
||||||
|
|||||||
@ -31,6 +31,7 @@
|
|||||||
-include("jlib.hrl").
|
-include("jlib.hrl").
|
||||||
%-include_lib("ssl/pkix/SSL-PKIX.hrl").
|
%-include_lib("ssl/pkix/SSL-PKIX.hrl").
|
||||||
-include_lib("ssl/pkix/PKIX1Explicit88.hrl").
|
-include_lib("ssl/pkix/PKIX1Explicit88.hrl").
|
||||||
|
-include_lib("ssl/pkix/PKIX1Implicit88.hrl").
|
||||||
-include("tls/XmppAddr.hrl").
|
-include("tls/XmppAddr.hrl").
|
||||||
|
|
||||||
-define(DICT, dict).
|
-define(DICT, dict).
|
||||||
@ -542,6 +543,8 @@ is_key_packet(_) ->
|
|||||||
get_cert_domains(Cert) ->
|
get_cert_domains(Cert) ->
|
||||||
{rdnSequence, Subject} =
|
{rdnSequence, Subject} =
|
||||||
(Cert#'Certificate'.tbsCertificate)#'TBSCertificate'.subject,
|
(Cert#'Certificate'.tbsCertificate)#'TBSCertificate'.subject,
|
||||||
|
Extensions =
|
||||||
|
(Cert#'Certificate'.tbsCertificate)#'TBSCertificate'.extensions,
|
||||||
lists:flatmap(
|
lists:flatmap(
|
||||||
fun(#'AttributeTypeAndValue'{type = ?'id-at-commonName',
|
fun(#'AttributeTypeAndValue'{type = ?'id-at-commonName',
|
||||||
value = Val}) ->
|
value = Val}) ->
|
||||||
@ -555,11 +558,13 @@ get_cert_domains(Cert) ->
|
|||||||
end,
|
end,
|
||||||
if
|
if
|
||||||
D /= error ->
|
D /= error ->
|
||||||
case jlib:nameprep(D) of
|
case jlib:string_to_jid(D) of
|
||||||
error ->
|
#jid{luser = "",
|
||||||
[];
|
lserver = LD,
|
||||||
LD ->
|
lresource = ""} ->
|
||||||
[LD]
|
[LD];
|
||||||
|
_ ->
|
||||||
|
[]
|
||||||
end;
|
end;
|
||||||
true ->
|
true ->
|
||||||
[]
|
[]
|
||||||
@ -567,23 +572,48 @@ get_cert_domains(Cert) ->
|
|||||||
_ ->
|
_ ->
|
||||||
[]
|
[]
|
||||||
end;
|
end;
|
||||||
(#'AttributeTypeAndValue'{type = ?'id-on-xmppAddr',
|
|
||||||
value = Val}) ->
|
|
||||||
case 'XmppAddr':decode(
|
|
||||||
'XmppAddr', Val) of
|
|
||||||
{ok, D} when is_binary(D) ->
|
|
||||||
case jlib:nameprep(binary_to_list(D)) of
|
|
||||||
error ->
|
|
||||||
[];
|
|
||||||
LD ->
|
|
||||||
[LD]
|
|
||||||
end;
|
|
||||||
_ ->
|
|
||||||
[]
|
|
||||||
end;
|
|
||||||
(_) ->
|
(_) ->
|
||||||
[]
|
[]
|
||||||
end, lists:flatten(Subject)).
|
end, lists:flatten(Subject)) ++
|
||||||
|
lists:flatmap(
|
||||||
|
fun(#'Extension'{extnID = ?'id-ce-subjectAltName',
|
||||||
|
extnValue = Val}) ->
|
||||||
|
BVal = if
|
||||||
|
is_list(Val) -> list_to_binary(Val);
|
||||||
|
is_binary(Val) -> Val;
|
||||||
|
true -> Val
|
||||||
|
end,
|
||||||
|
case 'PKIX1Implicit88':decode('SubjectAltName', BVal) of
|
||||||
|
{ok, SANs} ->
|
||||||
|
lists:flatmap(
|
||||||
|
fun({otherName,
|
||||||
|
#'AnotherName'{'type-id' = ?'id-on-xmppAddr',
|
||||||
|
value = XmppAddr
|
||||||
|
}}) ->
|
||||||
|
case 'XmppAddr':decode(
|
||||||
|
'XmppAddr', XmppAddr) of
|
||||||
|
{ok, D} when is_binary(D) ->
|
||||||
|
case jlib:string_to_jid(
|
||||||
|
binary_to_list(D)) of
|
||||||
|
#jid{luser = "",
|
||||||
|
lserver = LD,
|
||||||
|
lresource = ""} ->
|
||||||
|
[LD];
|
||||||
|
_ ->
|
||||||
|
[]
|
||||||
|
end;
|
||||||
|
_ ->
|
||||||
|
[]
|
||||||
|
end;
|
||||||
|
(_) ->
|
||||||
|
[]
|
||||||
|
end, SANs);
|
||||||
|
_ ->
|
||||||
|
[]
|
||||||
|
end;
|
||||||
|
(_) ->
|
||||||
|
[]
|
||||||
|
end, Extensions).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -438,7 +438,17 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) ->
|
|||||||
?INFO_MSG("starttls: ~p", [{StateData#state.myname,
|
?INFO_MSG("starttls: ~p", [{StateData#state.myname,
|
||||||
StateData#state.server}]),
|
StateData#state.server}]),
|
||||||
Socket = StateData#state.socket,
|
Socket = StateData#state.socket,
|
||||||
TLSOpts = StateData#state.tls_options,
|
TLSOpts = case ejabberd_config:get_local_option(
|
||||||
|
{domain_certfile,
|
||||||
|
StateData#state.server}) of
|
||||||
|
undefined ->
|
||||||
|
StateData#state.tls_options;
|
||||||
|
CertFile ->
|
||||||
|
[{certfile, CertFile} |
|
||||||
|
lists:keydelete(
|
||||||
|
certfile, 1,
|
||||||
|
StateData#state.tls_options)]
|
||||||
|
end,
|
||||||
{ok, TLSSocket} = tls:tcp_to_tls(Socket, TLSOpts),
|
{ok, TLSSocket} = tls:tcp_to_tls(Socket, TLSOpts),
|
||||||
ejabberd_receiver:starttls(
|
ejabberd_receiver:starttls(
|
||||||
StateData#state.receiver, TLSSocket),
|
StateData#state.receiver, TLSSocket),
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user