add secure websocket tls context (#113)

* sip: add secure websocket tls context * add 2nd newline * http/client: add http_client_get_tls
baresip · Jun 17, 2021 · ca5cad8 · ca5cad8
1 parent 6b47c8f
commit ca5cad8
Show file tree

Hide file tree

Showing 4 changed files with 64 additions and 2 deletions.
diff --git a/include/re_http.h b/include/re_http.h
@@ -4,6 +4,8 @@
  * Copyright (C) 2010 Creytiv.com
  */
 
+/* forward declarations */
+struct tls;
 
 /** HTTP Header ID (perfect hash value) */
 enum http_hdrid {
@@ -144,6 +146,8 @@ typedef void (http_conn_h)(struct tcp_conn *tc, struct tls_conn *sc,
 			   void *arg);
 
 int http_client_alloc(struct http_cli **clip, struct dnsc *dnsc);
+int http_client_set_tls(struct http_cli *cli, struct tls *tls);
+int http_client_get_tls(struct http_cli *cli, struct tls **tls);
 int http_client_set_config(struct http_cli *cli, struct http_conf *conf);
 int http_request(struct http_req **reqp, struct http_cli *cli, const char *met,
 		 const char *uri, http_resp_h *resph, http_data_h *datah,

diff --git a/include/re_sip.h b/include/re_sip.h
@@ -4,6 +4,8 @@
  * Copyright (C) 2010 Creytiv.com
  */
 
+/* forward declarations */
+struct tls;
 
 enum {
 	SIP_PORT     = 5060,
@@ -269,7 +271,7 @@ int  sip_transp_add(struct sip *sip, enum sip_transp tp,
 		    const struct sa *laddr, ...);
 int  sip_transp_add_websock(struct sip *sip, enum sip_transp tp,
 			    const struct sa *laddr,
-			    bool server, const char *cert);
+			    bool server, const char *cert, struct tls *tls);
 int  sip_transp_add_ccert(struct sip *sip, const struct uri *uri,
 			  const char *ccertfile);
 void sip_transp_flush(struct sip *sip);

diff --git a/src/http/client.c b/src/http/client.c
@@ -881,6 +881,44 @@ int http_client_alloc(struct http_cli **clip, struct dnsc *dnsc)
 
 
 #ifdef USE_TLS
+/**
+ * Replace HTTP Client TLS Context
+ *
+ * @param cli     HTTP Client
+ * @param tls     TLS Context
+ *
+ * @return 0 if success, otherwise errorcode
+ */
+int http_client_set_tls(struct http_cli *cli, struct tls *tls)
+{
+	if (!cli || !tls)
+		return EINVAL;
+
+	mem_deref(cli->tls);
+	cli->tls = mem_ref(tls);
+
+	return 0;
+}
+
+/**
+ * Get HTTP Client TLS Context
+ *
+ * @param cli     HTTP Client
+ * @param tls     TLS Context
+ *
+ * @return 0 if success, otherwise errorcode
+ */
+int http_client_get_tls(struct http_cli *cli, struct tls **tls)
+{
+	if (!cli || !tls)
+		return EINVAL;
+
+	*tls = cli->tls;
+
+	return 0;
+}
+
+
 /**
  * Add trusted CA certificates
  *

diff --git a/src/sip/transp.c b/src/sip/transp.c
@@ -965,6 +965,9 @@ static int ws_conn_send(struct sip_connqent **qentp, struct sip *sip,
 				   " http client (%m)\n", err);
 			goto out;
 		}
+
+		if (transp->tls)
+			http_client_set_tls(transp->http_cli, transp->tls);
 	}
 
 	re_printf("websock: connecting to '%s'\n", ws_uri);
@@ -1158,9 +1161,21 @@ int sip_transp_add(struct sip *sip, enum sip_transp tp,
 }
 
 
+/**
+ * Add a SIP websocket transport
+ *
+ * @param sip    SIP stack instance
+ * @param tp     SIP Transport
+ * @param laddr  Local network address
+ * @param server True if server, otherwise false
+ * @param cert   Server Certificate
+ * @param tls    Optional TLS context
+ *
+ * @return 0 if success, otherwise errorcode
+ */
 int sip_transp_add_websock(struct sip *sip, enum sip_transp tp,
 			   const struct sa *laddr,
-			   bool server, const char *cert)
+			   bool server, const char *cert, struct tls *tls)
 {
 	struct sip_transport *transp;
 	bool secure = tp == SIP_TRANSP_WSS;
@@ -1177,6 +1192,9 @@ int sip_transp_add_websock(struct sip *sip, enum sip_transp tp,
 	transp->sip = sip;
 	transp->tp  = tp;
 
+	if (tls)
+		transp->tls = mem_ref(tls);
+
 	if (server) {
 
 		if (secure) {