diff --git a/pjlib/build/cacert.der b/pjlib/build/cacert.der index ec2f1e7a2..255f0a103 100644 Binary files a/pjlib/build/cacert.der and b/pjlib/build/cacert.der differ diff --git a/pjlib/build/cacert.pem b/pjlib/build/cacert.pem index cfce09205..cf83a0134 100644 --- a/pjlib/build/cacert.pem +++ b/pjlib/build/cacert.pem @@ -1,14 +1,30 @@ -----BEGIN CERTIFICATE----- -MIICNDCCAZ2gAwIBAgIJAIa9mZggMk2WMA0GCSqGSIb3DQEBBAUAMDMxEjAQBgNV -BAMTCXBqc2lwLmxhYjEdMBsGCSqGSIb3DQEJARYOdGVzdEBwanNpcC5sYWIwHhcN -MTAwMjEwMDkwNTQ0WhcNMjAwMjA4MDkwNTQ0WjAzMRIwEAYDVQQDEwlwanNpcC5s -YWIxHTAbBgkqhkiG9w0BCQEWDnRlc3RAcGpzaXAubGFiMIGfMA0GCSqGSIb3DQEB -AQUAA4GNADCBiQKBgQDI9T0Pf+1gKOTOAGEpZ481Q6xfm5vz6n1+6udxzQtfPKlQ -rPD5x5im2u3tmy6ABxZeY5tCdeikBPiGlc5bRIRng6KM8kidkg3gEhwhRUxHCMWb -mBpkz7rFERf/pWAOCqYCiy1RT8QrK+XOFoFdJhdF85UPDEUw+pHEsYetTDs9RQID -AQABo1AwTjBMBgNVHREERTBDgglwanNpcC5sYWKCDXNpcC5wanNpcC5sYWKBDnRl -c3RAcGpzaXAubGFihhFzaXA6c2lwLnBqc2lwLmxhYocEfwAAATANBgkqhkiG9w0B -AQQFAAOBgQCLPl/WF1QvjT36kVLH0nxfHwDOJuAzlh6nv9rYBviOLw9FTEMgW6hA -oG55YSdVjTnMynTMOH/kVp4Vxlk46A8neE+/LI8RPh6lJh52vb+iPAtBpsQoq06T -+u4DfJcN8Y/jy+QAn78jryKjwKuZWfuWny9gxsLWMUbH5Bc6v6wfQQ== +MIIFNDCCAxygAwIBAgIUeMZNwp8GnetvaGka8ktFmsvLwbcwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJcGpzaXAubGFiMB4XDTIwMTIxMTEwMTI1M1oXDTMwMTIw +OTEwMTI1M1owFDESMBAGA1UEAwwJcGpzaXAubGFiMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEAp2uZV8GB+s3A2UvBlGbHk5GdONHFXPT1PxZCTP+fsP3j +A7SxwmCu7rq/oSGygHgkcX+bh7tGRtZDbS5DMzmhfRTUcHegTLFltf+L7JlT/M3O +wbdssOI+YLlnGAY98qchMs8S9Ij5oaXvGh68PC21epyJHYoaWRqf33Qvndx3Wclo +hgINHULPnDzT62HlkIeVgdGvgbitAaVwjUqIY2zQYVaKMxqurjeexeiPJpbwVvCy +6MQ33lw16monU+jbnHHpnHsbEL7RMNDg+950figM8EFLyFMkUtK4ZZyOEWJhrbtS +v/N692+EG2j2seC/QHkhDqlFYVKRDIYLelwIuR1lPWV5IXPPFX+yHgUcvSJQpsbp +B/0SG0IbxQIol615MEpBGbeL1T4I6KXilTTdnD8ROIVx3rkvu+9SCD26L1eRfLl9 +N2N7wXScjInCRxMdvbb9Dja5hSjv2VSXJPmtK9b+8BL698XSkK4BfU6G0fYohDFg +UJVFqDttOc4EhcwvNm5hNgiIgFzEoZ8y0BGtYwmi4B2BVtMud5LJZo/txLWkd/L+ +hdkO9FqPCDvFEIVtmD4xpczNpy4BhSczG7xUuul03qj0aZW94AdrO00fBMOTT8wF +gyvtPkMP0CRnbyUpaGiv3NdO2AndIdHCE0oi67J5RajD1RGwPMErvfxXBYnek0UC +AwEAAaN+MHwwHQYDVR0OBBYEFF6rnJ5vs8hTda7vbDQYWmekykW3MB8GA1UdIwQY +MBaAFF6rnJ5vs8hTda7vbDQYWmekykW3MA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0R +BCIwIIINc2lwLnBqc2lwLmxhYoIJcGpzaXAubGFihwR/AAABMA0GCSqGSIb3DQEB +CwUAA4ICAQCXrMnVDhCAIZBduL8yeXOxKwnxDC9OB1GcOESbD3Rxorm2AI/jdbob +xBG5yhU587NZDpkjZcwjyjAxQOwvuX8b/EXWKqSS1lf/nvLXm5bGwIORpbhpVtac +UI6lmRPAyAEu59HLUuidqjkerGOeKYN91KSAFuWl78zBEXd58a6RfZ4ALpKO9X+a +od1jGYLdRaWq8/pwZub/VOcgk/gCifpK/cgST/mg4pUBoPo1w2kR5kccxDMK+6jy +3xbm18UItoxomLzUfyKNwQ1XTsZor3f9f0vX/hpPjpvcqzgSh0Ei6XiRFRClSaUv +DrHqny6jOMzt92Nyu804ALpN9gRi5y2ayDYuR4RTZ8dSuEqUbhllfvHgRo1x6MmA +i5uxVJca4nJwINWpZGkGk4RAeDVbdgHZoSsK3a1sWTqvvt/Dz5Srl6ilvG1ZiHZX +Tbihc54gpNx5BzLndbaCMJ74MIOCcAvn5pos2CgPaOPUQPcAFG/0+IqIM2kzmr1Z +LkdSVEOQ96BT4KEHKIEgTSNrv4/hA6XpmN0e/w07cNY3o5besXBfR85VV+nuceKw +cg9WqbaooDjTLdb7c+lhifHFtZRuKr2YHW7UMEeJO36MLDtj52m5RRMB2T4+wL+V +YaCSfdNI6I1/ZCY9FlwG+5qdmvJio6ueZDCX5CxcsZb4YraIis460A== -----END CERTIFICATE----- diff --git a/pjlib/build/privkey.p12 b/pjlib/build/privkey.p12 index 239d894d0..f4a5b47ff 100644 Binary files a/pjlib/build/privkey.p12 and b/pjlib/build/privkey.p12 differ diff --git a/pjlib/build/privkey.pem b/pjlib/build/privkey.pem index 44c4b4e65..34650fe94 100644 --- a/pjlib/build/privkey.pem +++ b/pjlib/build/privkey.pem @@ -1,15 +1,54 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDI9T0Pf+1gKOTOAGEpZ481Q6xfm5vz6n1+6udxzQtfPKlQrPD5 -x5im2u3tmy6ABxZeY5tCdeikBPiGlc5bRIRng6KM8kidkg3gEhwhRUxHCMWbmBpk -z7rFERf/pWAOCqYCiy1RT8QrK+XOFoFdJhdF85UPDEUw+pHEsYetTDs9RQIDAQAB -AoGAGV+1xQY/H7wqH8S2f/begzg3RJ8uUt8R13urm5frTqwnKNOdXbyRDshn8G9+ -sJW0gliLWxnuNP+Xrc6ujqGZIguK/yAxJ3LprAN2Ay1lW2ONyZNMquBeIY5Txhyy -SnU7U+NQYgA3+w9T7O7YQ575TTDm2gri558jIx8t55Wo9sUCQQDtjfGZ3sYXwpxR -MvtdtfwDxSKhf6glT6dn7/37KITBZXFy6Eb/tHrEEUuwR46g30vTd2JElCB+QExu -4sZDt813AkEA2I/WXdGVRXtHzVivf3AnqWyXfrfAAXlBmEkgPyIPwE1+mxeNxkU7 -TRn0MOqAfbQW4+GRIYCKSBLodRnRq2iKIwJBAJLYa8DyNQH7CyYmnbwQAvlRo1ax -0v89ff6CHD5ljar/SmH9s+XdawZIqsENet13KyhNZDGAX5WrqZPiGy1BMYECQQC1 -FREawfUfdEZF3rJgzVdcxACpZNyYXtwKipr8L28cTbBf3wIdmCZOAjW98VgfxEaf -pi3E5ca7HZRi1oQL4A4hAkEA5koHCQYl+5PDjbLtxl0VyVCpmT9BrcZ99MS+ZEaW -2+HpKIhXrEFxePQaWbCaW7gjKmKUwC0qqu0moedqJC3mzg== ------END RSA PRIVATE KEY----- +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQILwghSQuUF7MCAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECHKyWOypiKo0BIIJSCS86LhyHmGK +oXggCF/oKjtnvSU6r29qAw2SU9DaW8/vQP32JdTZE1EEPxRDe4NziSpPeXIJ6Vf9 +MlGHC5RG56Zr/riBdk0nT6opx/2JIpSFzpqZwTuxeFLAAJEoM1DwAjmiU9FDDzPv +cHUoNBoFrsIRImcuOnsy8i5+uYT3QdIBUAA5w5mXwOdTlJ/F7h83SocgOKTc9xYW +02A1DecA4OKcrfz6LBC5yFdoPsBXvFrSz78LTFzirbdq2RuI1Ae3oD7hn/8b/Yzc +NwHZo4m8XMuu1XSQ0z36gmrwlYI0NQiPAL/nknpRCnQgjR8AJsk9n72VU+TfWTtR +H1wshrBu0RYLX4YQA1uwz44BYgN2YLtQsjrgPdGm7pUhTfVcxc/zL/8bWpOOs04T +2/oT2Ft/gmvvsHo08QhqzOcnkVxl7qnwuw1UI8TMLwZ1Rppsc1Malakj7s5GDLik +ayol1RDT2NK+1Oxj1liQOJgx9ojL1Pxu0oBXLfT5P4rCUuShIx7jr6Kxlixg2A8B +g+MHzcKtFSFHut9Ag5s5Car5JNFWc91zvqNVQXYLq49AqDV/Nl1Q5ulkZZvg1rl5 +PGWNkfRiok++OL8FdFKpmCCRhaUDg3M87iE293CDY/gwKlDXNv8QJZ2OTaDr2f4X +ASpuZjJHsGhKJzUXMFK4eQT0JYpFzYvLNe84CPuml6IsfRaSuRIZnOnv724Dp6wd +xdjtAtm0p6L/RRTTapt/TxEvB6aiy4J47ghbMCZvqI1QfCkw+otzbvg4LxcR/Rn8 +OQUhUVcmS+1NOCZPtA1S2vlZVCb97SfpveTSaQp6f1Tka8YBCyhd0OlbA/XnVEDb +tMGGl4oXhj9P2x57y47eur/2eTXDnGxorMJA4zooLljEucbk5t8r8U2tacUJDsyQ +K1tcOhY8bnrJudjTGYeewlI0W3pSAiUlBk8CtCNSsfJQr7MBoWcjasp/i6DQDBU1 +/wy7zCo1+2xIhWWw9KCQK5NBpGTvq0tUgkfre0ft+MNlqgWp1L58sNi9xqcb03cv +F8rOPO24VM7LiJfm6vvSiQJW0+YKFHlQdA0wCyTiRO8Xx98w7Lc04+XunaS2o/25 +1uZ0iK2oYtMlLxALG1FPmAnMAXn/AeAdcYuy2OaztYltnMzeOP4myyh25iRRaSlI +fuvQkZcn8FnoQYmVxlmWSlbQcJqIxbLlbCRIXCeqxz1jCEVurO9u1lSl5QsmN/Bm +KYW7wEcQXTxQsu4n7Rh+9ddAEBETf3NuA3XcSNR8EjdMBWz7lyAnzM54A5SEA7rL +J2YYkr3L05wJL0tWQjXx+bewe5mnDS8sYnQgE+xRvdasDuGYHXA35z7ORM5KatdG +LTLxbdXjgjVunTrXvyULKyrAAO6knjFHS1SKKm4Qp9i0eyhB65P6Ow3d2A0xSooO +z+eSiUEiTq1BeqJTLbds5blV/ivPkXIQOMwl2ziE2y4QR3qGlzgzO3uLdFcIWztQ +Gl+D2sOMPZLJ+z9HgqRsqtXbK+Ne73zW7k52xwC6aqMZ0zuZWcIjpB7GEKuHCauO +iJu8W7GkSHcfr39cvyVqXRHzYJs6MhVJSAMxaaoy6EL+5rqDD2bSbDjtsYXI4uvA +mmXOnnBY86A+mDn9AgJpTvY6tnVyD/XnfCBOiV+jKKEXEgXNqoNm9CIzpcK+myl2 +5FpMYcV771ckYFrhe/4ckhs/0vCpiFXviqZwhQZz8CczoJvLIhitCW0/UkUhVM+x +Y0lu10ju+w7WJsc9FyjdMl5AdCUIiXS10gOEgvW+iY1dIa/Z6jLFtmiPmgbleD+Q +lqYDZnbMuVz6xUPVkeuJ9s+J2iFQhfLEg5ftKIX71WvXwA1R7CdEasQ5f78CiZiB +E7hGIe5RcV5XA07lOQrrpJwR0kPsSHOrng/Sy+sYfbs6VkMUDR1gtGG1jXIeL4i3 +1QVTlHhJd5QiDQGCxkCU90ujDy1Syj2YSvMrpP7QJOLezyWHjoHdHEuRbsTlDuyo +bLx/9AvU8wPdBP1/w2MTWtCCMhIcwA/HJyj7YchLfq4jRuSxBRpJXf1A2pR1zv4+ +0/a1szx/9bWFtgD3ouUxmOHQlXOaqbejUbrHq3JFyisHrew7wjqWXF01JeLQkTXC +chwMSAKQBp69GpCOANyxjNQNFD6thV/AOoXGHWqwu37WfcKmAGmo39npNRGjd+m3 +nl4rHgXZ1lMtBuOeNLQP48+4HyecwnxRZ2fRQ+fH324vq0/qH4SVIddqcHCIIlsv +9paiYbXu0igbXjMHsLO+mmER+a1zzyUV/2IlLFbnEfg1BGT+jeGJ872Msgn+r4I7 +WZdjvrhuc21EVqp3LMzciE19+baFPvbRA6pnGfctS2LGwVLEUhMnrUnr6rEvUdez +auZGeAwkFpqO/HbchTiBsrppD3EhDlqFt7fh/cdJWjoSr4DBsNSbRJJ+txb0S2zr +yTuSHP74DCxFduoq7gwzZAbzqGAnW2/AWVmb5K5zvKYrrogQiNVsMOF4mr1cAsqI +jHsXLHIxpMOxN4xI5bgGWZR8RaPO8WxM0fjRm+gPqAxVZoW6mI+zD9pzAm4MTgR/ +JWi1eWQ+gQhRTa3FnZL/2egfafGAJpgGsSKTtN9s+/xWBC3CRzWA20djKxl0WO+7 +2awxrl6mPBsne+fh3QMGqriLtqSfSyp3TicLWp/jjxPAkZd14PxaRC8jUN4pCYIv +mIMLvHhvMU2TxFRr8kKjNXHgueotU5f+HrJf36ZHBPt8+Ma/q41F9BfC0gB3aGtt ++AU2x5sfFPp4qJ86Pyv1PCMpdF8DTLfJQ18a6C9IPIzV+rQIjRJWtLqNr5EYUi9A +BL3ZBn6UXp9R9eVKyp0Y4HuzYQdANqyfIK6XpAoPoM81SmAe2ZzpFghUFHVvi8Sr +Nsb34VBe7kZAnI0KOV752UEROJ1w2OgpBDHqmp4+J69K/zInNaRcmesy/4dCRbah +5c2AQC9pqONaKV8NOstf5/GNCGB8RWaEBZsJqWfkLVD8kTQN9pfN0piKU0YbsjuO ++qIHczZcJkgh2wcXiNGVErPBvkMhMg5MZSLn9DuitefeVtPF38Er2/l09bflCNVc +6/95JjcPr4zf2WgDgXWA+uyTTCx+BIaCdZR5Oa3BkToC6nxD/61uGmiSrkNkcNXn +M6S9qY7zKbxb/Hi8IdUYwA== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c index 628ecd088..35ece7d9a 100644 --- a/pjlib/src/pj/ssl_sock_ossl.c +++ b/pjlib/src/pj/ssl_sock_ossl.c @@ -1039,6 +1039,13 @@ static pj_status_t ssl_create(pj_ssl_sock_t *ssock) } SSL_CTX_free(ctx); return status; + } else { + PJ_LOG(4,(ssock->pool->obj_name, + "CA certificates loaded from '%s%s%s'", + cert->CA_file.ptr, + ((cert->CA_file.slen && cert->CA_path.slen)? + " + ":""), + cert->CA_path.ptr)); } } @@ -1062,6 +1069,10 @@ static pj_status_t ssl_create(pj_ssl_sock_t *ssock) cert->cert_file.ptr)); SSL_CTX_free(ctx); return status; + } else { + PJ_LOG(4,(ssock->pool->obj_name, + "Certificate chain loaded from '%s'", + cert->cert_file.ptr)); } } @@ -1079,6 +1090,10 @@ static pj_status_t ssl_create(pj_ssl_sock_t *ssock) cert->privkey_file.ptr)); SSL_CTX_free(ctx); return status; + } else { + PJ_LOG(4,(ssock->pool->obj_name, + "Private key loaded from '%s'", + cert->privkey_file.ptr)); } #if !defined(OPENSSL_NO_DH) @@ -1124,6 +1139,9 @@ static pj_status_t ssl_create(pj_ssl_sock_t *ssock) BIO_free(cbio); SSL_CTX_free(ctx); return status; + } else { + PJ_LOG(4,(ssock->pool->obj_name, + "Certificate chain loaded from buffer")); } X509_free(xcert); } @@ -1141,13 +1159,29 @@ static pj_status_t ssl_create(pj_ssl_sock_t *ssock) NULL, NULL); if (inf != NULL) { - int i = 0; + int i = 0, cnt = 0; for (; i < sk_X509_INFO_num(inf); i++) { X509_INFO *itmp = sk_X509_INFO_value(inf, i); - if (itmp->x509) { - X509_STORE_add_cert(cts, itmp->x509); + if (!itmp->x509) + continue; + + rc = X509_STORE_add_cert(cts, itmp->x509); + if (rc == 1) { + ++cnt; + } else { +#if PJ_LOG_MAX_LEVEL >= 4 + char buf[256]; + PJ_LOG(4,(ssock->pool->obj_name, + "Error adding CA cert: %s", + X509_NAME_oneline( + X509_get_subject_name(itmp->x509), + buf, sizeof(buf)))); +#endif } } + PJ_LOG(4,(ssock->pool->obj_name, + "CA certificates loaded from buffer (cnt=%d)", + cnt)); } sk_X509_INFO_pop_free(inf, X509_INFO_free); BIO_free(cbio); @@ -1161,7 +1195,8 @@ static pj_status_t ssl_create(pj_ssl_sock_t *ssock) kbio = BIO_new_mem_buf((void*)cert->privkey_buf.ptr, cert->privkey_buf.slen); if (kbio != NULL) { - pkey = PEM_read_bio_PrivateKey(kbio, NULL, 0, NULL); + pkey = PEM_read_bio_PrivateKey(kbio, NULL, &password_cb, + cert); if (pkey) { rc = SSL_CTX_use_PrivateKey(ctx, pkey); if (rc != 1) { @@ -1172,9 +1207,16 @@ static pj_status_t ssl_create(pj_ssl_sock_t *ssock) BIO_free(kbio); SSL_CTX_free(ctx); return status; + } else { + PJ_LOG(4,(ssock->pool->obj_name, + "Private key loaded from buffer")); } EVP_PKEY_free(pkey); + } else { + PJ_LOG(1,(ssock->pool->obj_name, + "Error reading private key from buffer")); } + if (ssock->is_server) { dh = PEM_read_bio_DHparams(kbio, NULL, NULL, NULL); if (dh != NULL) { @@ -1319,8 +1361,16 @@ static pj_status_t ssl_create(pj_ssl_sock_t *ssock) BIO_free(new_bio); } - if (ca_dn != NULL) - SSL_CTX_set_client_CA_list(ctx, ca_dn); + if (ca_dn != NULL) { + SSL_CTX_set_client_CA_list(ctx, ca_dn); + PJ_LOG(4,(ssock->pool->obj_name, + "CA certificates loaded from %s", + (cert->CA_file.slen?cert->CA_file.ptr:"buffer"))); + } else { + PJ_LOG(1,(ssock->pool->obj_name, + "Error reading CA certificates from %s", + (cert->CA_file.slen?cert->CA_file.ptr:"buffer"))); + } } /* Early sensitive data cleanup after OpenSSL context setup. However, diff --git a/pjlib/src/pjlib-test/ssl_sock.c b/pjlib/src/pjlib-test/ssl_sock.c index 97d02bfcd..1505d8d16 100644 --- a/pjlib/src/pjlib-test/ssl_sock.c +++ b/pjlib/src/pjlib-test/ssl_sock.c @@ -31,7 +31,7 @@ #endif #define CERT_FILE CERT_DIR "cacert.pem" #define CERT_PRIVKEY_FILE CERT_DIR "privkey.pem" -#define CERT_PRIVKEY_PASS "" +#define CERT_PRIVKEY_PASS "privkeypass" #define TEST_LOAD_FROM_FILES 1 diff --git a/pjnath/src/pjnath-test/server.c b/pjnath/src/pjnath-test/server.c index 5ac1566ec..37f80f893 100644 --- a/pjnath/src/pjnath-test/server.c +++ b/pjnath/src/pjnath-test/server.c @@ -27,7 +27,7 @@ #define CERT_CA_FILE CERT_DIR "cacert.pem" #define CERT_FILE CERT_DIR "cacert.pem" #define CERT_PRIVKEY_FILE CERT_DIR "privkey.pem" -#define CERT_PRIVKEY_PASS "" +#define CERT_PRIVKEY_PASS "privkeypass" #define RETURN_ERROR(rc) {app_perror("", rc);return rc;}