[packages/belle-sip] - updated to 5.2.51 (GPL v3+ now) - added mbledtlsv3 patch (adjust for bctoolbox built for mbedtls 3

qboosh qboosh at pld-linux.org
Sun Apr 16 15:16:04 CEST 2023 

commit cb2eb0661e3543503d42d77731e6c651da64feff
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Sun Apr 16 15:18:37 2023 +0200

    - updated to 5.2.51 (GPL v3+ now)
    - added mbledtlsv3 patch (adjust for bctoolbox built for mbedtls 3)

 belle-sip-mbedtlsv3.patch | 89 +++++++++++++++++++++++++++++++++++++++++++++++
 belle-sip.spec            | 12 ++++---
 2 files changed, 97 insertions(+), 4 deletions(-)
---
diff --git a/belle-sip.spec b/belle-sip.spec
index feb800a..e6a2be7 100644
--- a/belle-sip.spec
+++ b/belle-sip.spec
@@ -8,17 +8,19 @@
 Summary:	SIP (RFC3261) object-oriented implementation in C
 Summary(pl.UTF-8):	Implementacja SIP (RFC3261) w C
 Name:		belle-sip
-Version:	4.5.20
-Release:	2
-License:	GPL v2+
+Version:	5.2.51
+Release:	1
+License:	GPL v3+
 Group:		Libraries
 #Source0Download: https://gitlab.linphone.org/BC/public/belle-sip/-/tags
 Source0:	https://gitlab.linphone.org/BC/public/belle-sip/-/archive/%{version}/%{name}-%{version}.tar.bz2
-# Source0-md5:	57b680975c7c78955bc06b5331f651bf
+# Source0-md5:	b4bcdbcb0e641cef2e1e5ecec889c9b5
 Patch0:		antlr_jar.patch
 Patch1:		%{name}-pc.patch
+Patch2:		%{name}-mbedtlsv3.patch
 URL:		http://www.linphone.org/technical-corner/belle-sip
 %{?with_tests:BuildRequires:	CUnit >= 2.0}
+%{?with_dnssd:BuildRequires:	avahi-compat-libdns_sd-devel}
 BuildRequires:	bctoolbox-devel >= 0.5.0
 BuildRequires:	cmake >= 3.1
 BuildRequires:	java-antlr3 >= 3.2
@@ -71,6 +73,7 @@ Statyczna biblioteka %{name}.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 install -d builddir
@@ -103,6 +106,7 @@ rm -rf $RPM_BUILD_ROOT
 %defattr(644,root,root,755)
 %doc AUTHORS.md CHANGELOG.md README.md
 %attr(755,root,root) %{_libdir}/libbellesip.so.1
+%{_datadir}/belr/grammars/sdp_grammar
 
 %files devel
 %defattr(644,root,root,755)
diff --git a/belle-sip-mbedtlsv3.patch b/belle-sip-mbedtlsv3.patch
new file mode 100644
index 0000000..2ff52df
--- /dev/null
+++ b/belle-sip-mbedtlsv3.patch
@@ -0,0 +1,89 @@
+From 41b027b68f59913d166c3c91b8fdd2b40088822f Mon Sep 17 00:00:00 2001
+From: johan pascal <johan.pascal at belledonne-communications.com>
+Date: Fri, 3 Mar 2023 11:28:25 +0100
+Subject: [PATCH] remove TLS client certificate callback
+
+---
+ src/transports/tls_channel.c | 57 +++++++++++++++---------------------
+ 1 file changed, 23 insertions(+), 34 deletions(-)
+
+diff --git a/src/transports/tls_channel.c b/src/transports/tls_channel.c
+index 65811a61..9c64b8af 100644
+--- a/src/transports/tls_channel.c
++++ b/src/transports/tls_channel.c
+@@ -475,37 +475,6 @@ BELLE_SIP_INSTANCIATE_CUSTOM_VPTR_BEGIN(
+ 	}
+ BELLE_SIP_INSTANCIATE_CUSTOM_VPTR_END
+ 
+-static int belle_sip_client_certificate_request_callback(void *data, bctbx_ssl_context_t *ssl_ctx, const bctbx_list_t *names) {
+-	belle_sip_tls_channel_t *channel = (belle_sip_tls_channel_t *)data;
+-
+-	/* ask certificate */
+-	BELLE_SIP_INVOKE_LISTENERS_ARG1_ARG2(	channel->base.base.full_listeners
+-			,belle_sip_channel_listener_t
+-			,on_auth_requested
+-			,&channel->base.base
+-			,(names==NULL)?NULL:(char *)names->data); // forward only the first name of the list, this functionnality is not used for now anyway
+-
+-	/* if we got one, set it in the ssl handshake context */
+-	if (channel->client_cert_chain && channel->client_cert_key) {
+-		int err;
+-		char tmp[512]={0};
+-
+-		bctbx_x509_certificate_get_info_string(tmp,sizeof(tmp)-1,"",channel->client_cert_chain->cert);
+-		belle_sip_message("Channel [%p]  found client  certificate:\n%s",channel,tmp);
+-
+-		if ((err=bctbx_ssl_set_hs_own_cert(channel->sslctx,channel->client_cert_chain->cert,channel->client_cert_key->key))) {
+-			bctbx_strerror(err,tmp,sizeof(tmp)-1);
+-			belle_sip_error("Channel [%p] cannot set retrieved ssl own certificate [%s]",channel,tmp);
+-			return -1; /* we were not able to set the client certificate, something is going wrong, this will abort the handshake*/
+-		}
+-		return 0;
+-	}
+-
+-	belle_sip_warning("Channel [%p] cannot get client certificate to answer server request", channel);
+-
+-	return 0; /* we couldn't find any certificate, just keep on going, server may decide to abort the handshake */
+-}
+-
+ static int tls_handle_postcheck(belle_sip_tls_channel_t* channel){
+ 	if (channel->crypto_config && channel->crypto_config->postcheck_cb){
+ 		const bctbx_x509_certificate_t *cert = bctbx_ssl_get_peer_certificate(channel->sslctx);
+@@ -883,6 +852,29 @@ static int belle_sip_tls_channel_init_bc
+ 	if (crypto_config->ssl_config == NULL) {
+ 		bctbx_ssl_config_defaults(obj->sslcfg, BCTBX_SSL_IS_CLIENT, BCTBX_SSL_TRANSPORT_STREAM);
+ 		bctbx_ssl_config_set_authmode(obj->sslcfg, BCTBX_SSL_VERIFY_REQUIRED);
++		/* set up client certificate */
++		/* if we do not have one, request it */
++		if (!(obj->client_cert_chain && obj->client_cert_key)) {
++			BELLE_SIP_INVOKE_LISTENERS_ARG1_ARG2(obj->base.base.full_listeners, belle_sip_channel_listener_t,
++			                                     on_auth_requested, &obj->base.base, NULL);
++		}
++		/* now if we do have one set it in the ssl config */
++		if (obj->client_cert_chain && obj->client_cert_key) {
++			char tmp[512] = {0};
++
++			bctbx_x509_certificate_get_info_string(tmp, sizeof(tmp) - 1, "", obj->client_cert_chain->cert);
++			belle_sip_message("Channel [%p]  found client  certificate:\n%s", obj, tmp);
++
++			int ret =
++			    bctbx_ssl_config_set_own_cert(obj->sslcfg, obj->client_cert_chain->cert, obj->client_cert_key->key);
++			if (ret < 0) {
++				belle_sip_error(
++				    "Unable to set own certificate in config for SSL context at TLS channel creation ret [-0x%x]",
++				    -ret);
++				belle_sip_object_unref(obj);
++				return -1;
++			}
++		}
+ 	} else { /* an SSL config is provided, use it*/
+ 		int ret = bctbx_ssl_config_set_crypto_library_config(obj->sslcfg, crypto_config->ssl_config);
+ 		if (ret<0) {
+@@ -900,7 +892,6 @@ static int belle_sip_tls_channel_init_bc
+ 		bctbx_ssl_config_set_ca_chain(obj->sslcfg, obj->root_ca);
+ 	}
+ 	bctbx_ssl_config_set_callback_verify(obj->sslcfg, belle_sip_ssl_verify, crypto_config);
+-	bctbx_ssl_config_set_callback_cli_cert(obj->sslcfg, belle_sip_client_certificate_request_callback, obj);
+ 
+ 	bctbx_ssl_context_setup(obj->sslctx, obj->sslcfg);
+ 	bctbx_ssl_set_hostname(obj->sslctx, super->base.peer_cname ? super->base.peer_cname : super->base.peer_name);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/belle-sip.git/commitdiff/cb2eb0661e3543503d42d77731e6c651da64feff

More information about the pld-cvs-commit mailing list