[packages/belle-sip] - updated to 5.2.51 (GPL v3+ now) - added mbledtlsv3 patch (adjust for bctoolbox built for mbedtls 3
qboosh
qboosh at pld-linux.org
Sun Apr 16 15:16:04 CEST 2023
commit cb2eb0661e3543503d42d77731e6c651da64feff
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Sun Apr 16 15:18:37 2023 +0200
- updated to 5.2.51 (GPL v3+ now)
- added mbledtlsv3 patch (adjust for bctoolbox built for mbedtls 3)
belle-sip-mbedtlsv3.patch | 89 +++++++++++++++++++++++++++++++++++++++++++++++
belle-sip.spec | 12 ++++---
2 files changed, 97 insertions(+), 4 deletions(-)
---
diff --git a/belle-sip.spec b/belle-sip.spec
index feb800a..e6a2be7 100644
--- a/belle-sip.spec
+++ b/belle-sip.spec
@@ -8,17 +8,19 @@
Summary: SIP (RFC3261) object-oriented implementation in C
Summary(pl.UTF-8): Implementacja SIP (RFC3261) w C
Name: belle-sip
-Version: 4.5.20
-Release: 2
-License: GPL v2+
+Version: 5.2.51
+Release: 1
+License: GPL v3+
Group: Libraries
#Source0Download: https://gitlab.linphone.org/BC/public/belle-sip/-/tags
Source0: https://gitlab.linphone.org/BC/public/belle-sip/-/archive/%{version}/%{name}-%{version}.tar.bz2
-# Source0-md5: 57b680975c7c78955bc06b5331f651bf
+# Source0-md5: b4bcdbcb0e641cef2e1e5ecec889c9b5
Patch0: antlr_jar.patch
Patch1: %{name}-pc.patch
+Patch2: %{name}-mbedtlsv3.patch
URL: http://www.linphone.org/technical-corner/belle-sip
%{?with_tests:BuildRequires: CUnit >= 2.0}
+%{?with_dnssd:BuildRequires: avahi-compat-libdns_sd-devel}
BuildRequires: bctoolbox-devel >= 0.5.0
BuildRequires: cmake >= 3.1
BuildRequires: java-antlr3 >= 3.2
@@ -71,6 +73,7 @@ Statyczna biblioteka %{name}.
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
install -d builddir
@@ -103,6 +106,7 @@ rm -rf $RPM_BUILD_ROOT
%defattr(644,root,root,755)
%doc AUTHORS.md CHANGELOG.md README.md
%attr(755,root,root) %{_libdir}/libbellesip.so.1
+%{_datadir}/belr/grammars/sdp_grammar
%files devel
%defattr(644,root,root,755)
diff --git a/belle-sip-mbedtlsv3.patch b/belle-sip-mbedtlsv3.patch
new file mode 100644
index 0000000..2ff52df
--- /dev/null
+++ b/belle-sip-mbedtlsv3.patch
@@ -0,0 +1,89 @@
+From 41b027b68f59913d166c3c91b8fdd2b40088822f Mon Sep 17 00:00:00 2001
+From: johan pascal <johan.pascal at belledonne-communications.com>
+Date: Fri, 3 Mar 2023 11:28:25 +0100
+Subject: [PATCH] remove TLS client certificate callback
+
+---
+ src/transports/tls_channel.c | 57 +++++++++++++++---------------------
+ 1 file changed, 23 insertions(+), 34 deletions(-)
+
+diff --git a/src/transports/tls_channel.c b/src/transports/tls_channel.c
+index 65811a61..9c64b8af 100644
+--- a/src/transports/tls_channel.c
++++ b/src/transports/tls_channel.c
+@@ -475,37 +475,6 @@ BELLE_SIP_INSTANCIATE_CUSTOM_VPTR_BEGIN(
+ }
+ BELLE_SIP_INSTANCIATE_CUSTOM_VPTR_END
+
+-static int belle_sip_client_certificate_request_callback(void *data, bctbx_ssl_context_t *ssl_ctx, const bctbx_list_t *names) {
+- belle_sip_tls_channel_t *channel = (belle_sip_tls_channel_t *)data;
+-
+- /* ask certificate */
+- BELLE_SIP_INVOKE_LISTENERS_ARG1_ARG2( channel->base.base.full_listeners
+- ,belle_sip_channel_listener_t
+- ,on_auth_requested
+- ,&channel->base.base
+- ,(names==NULL)?NULL:(char *)names->data); // forward only the first name of the list, this functionnality is not used for now anyway
+-
+- /* if we got one, set it in the ssl handshake context */
+- if (channel->client_cert_chain && channel->client_cert_key) {
+- int err;
+- char tmp[512]={0};
+-
+- bctbx_x509_certificate_get_info_string(tmp,sizeof(tmp)-1,"",channel->client_cert_chain->cert);
+- belle_sip_message("Channel [%p] found client certificate:\n%s",channel,tmp);
+-
+- if ((err=bctbx_ssl_set_hs_own_cert(channel->sslctx,channel->client_cert_chain->cert,channel->client_cert_key->key))) {
+- bctbx_strerror(err,tmp,sizeof(tmp)-1);
+- belle_sip_error("Channel [%p] cannot set retrieved ssl own certificate [%s]",channel,tmp);
+- return -1; /* we were not able to set the client certificate, something is going wrong, this will abort the handshake*/
+- }
+- return 0;
+- }
+-
+- belle_sip_warning("Channel [%p] cannot get client certificate to answer server request", channel);
+-
+- return 0; /* we couldn't find any certificate, just keep on going, server may decide to abort the handshake */
+-}
+-
+ static int tls_handle_postcheck(belle_sip_tls_channel_t* channel){
+ if (channel->crypto_config && channel->crypto_config->postcheck_cb){
+ const bctbx_x509_certificate_t *cert = bctbx_ssl_get_peer_certificate(channel->sslctx);
+@@ -883,6 +852,29 @@ static int belle_sip_tls_channel_init_bc
+ if (crypto_config->ssl_config == NULL) {
+ bctbx_ssl_config_defaults(obj->sslcfg, BCTBX_SSL_IS_CLIENT, BCTBX_SSL_TRANSPORT_STREAM);
+ bctbx_ssl_config_set_authmode(obj->sslcfg, BCTBX_SSL_VERIFY_REQUIRED);
++ /* set up client certificate */
++ /* if we do not have one, request it */
++ if (!(obj->client_cert_chain && obj->client_cert_key)) {
++ BELLE_SIP_INVOKE_LISTENERS_ARG1_ARG2(obj->base.base.full_listeners, belle_sip_channel_listener_t,
++ on_auth_requested, &obj->base.base, NULL);
++ }
++ /* now if we do have one set it in the ssl config */
++ if (obj->client_cert_chain && obj->client_cert_key) {
++ char tmp[512] = {0};
++
++ bctbx_x509_certificate_get_info_string(tmp, sizeof(tmp) - 1, "", obj->client_cert_chain->cert);
++ belle_sip_message("Channel [%p] found client certificate:\n%s", obj, tmp);
++
++ int ret =
++ bctbx_ssl_config_set_own_cert(obj->sslcfg, obj->client_cert_chain->cert, obj->client_cert_key->key);
++ if (ret < 0) {
++ belle_sip_error(
++ "Unable to set own certificate in config for SSL context at TLS channel creation ret [-0x%x]",
++ -ret);
++ belle_sip_object_unref(obj);
++ return -1;
++ }
++ }
+ } else { /* an SSL config is provided, use it*/
+ int ret = bctbx_ssl_config_set_crypto_library_config(obj->sslcfg, crypto_config->ssl_config);
+ if (ret<0) {
+@@ -900,7 +892,6 @@ static int belle_sip_tls_channel_init_bc
+ bctbx_ssl_config_set_ca_chain(obj->sslcfg, obj->root_ca);
+ }
+ bctbx_ssl_config_set_callback_verify(obj->sslcfg, belle_sip_ssl_verify, crypto_config);
+- bctbx_ssl_config_set_callback_cli_cert(obj->sslcfg, belle_sip_client_certificate_request_callback, obj);
+
+ bctbx_ssl_context_setup(obj->sslctx, obj->sslcfg);
+ bctbx_ssl_set_hostname(obj->sslctx, super->base.peer_cname ? super->base.peer_cname : super->base.peer_name);
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/belle-sip.git/commitdiff/cb2eb0661e3543503d42d77731e6c651da64feff
More information about the pld-cvs-commit
mailing list