Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package re for openSUSE:Factory checked in at 2026-05-15 23:54:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/re (Old) and /work/SRC/openSUSE:Factory/.re.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "re" Fri May 15 23:54:19 2026 rev:20 rq:1353287 version:4.8.0 Changes: -------- --- /work/SRC/openSUSE:Factory/re/re.changes 2026-04-07 16:50:45.109115342 +0200 +++ /work/SRC/openSUSE:Factory/.re.new.1966/re.changes 2026-05-15 23:54:36.551823402 +0200 @@ -1,0 +2,13 @@ +Thu May 14 10:24:54 UTC 2026 - Martin Hauke <[email protected]> + +- Updte to version 4.8.0 + * test,sipreg: enable outbound testing. + * hash: safety check for string. + * tls: upgrade usage of legacy functions. + * tls: use SSL_set1_dnsname() for OpenSSL 4.0.0 and later. + * tls/openssl/sni: fix OpenSSL 4 deprecation and refactor. + * http: Send HTTP request with explicit server address. + * tls/openssl: fix OpenSSL 4.0.0 consts. + * mem: update mem_debug_tail() doxygen comment. + +------------------------------------------------------------------- Old: ---- re-4.7.0.tar.gz New: ---- re-4.8.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ re.spec ++++++ --- /var/tmp/diff_new_pack.Ms5dCH/_old 2026-05-15 23:54:37.175849089 +0200 +++ /var/tmp/diff_new_pack.Ms5dCH/_new 2026-05-15 23:54:37.179849253 +0200 @@ -20,7 +20,7 @@ %global sover 42 %global libname lib%{name}%{sover} Name: re -Version: 4.7.0 +Version: 4.8.0 Release: 0 Summary: Library for real-time communications with async I/O support License: BSD-3-Clause ++++++ re-4.7.0.tar.gz -> re-4.8.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/.github/workflows/cmake_win.yml new/re-4.8.0/.github/workflows/cmake_win.yml --- old/re-4.7.0/.github/workflows/cmake_win.yml 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/.github/workflows/cmake_win.yml 2026-05-12 10:12:34.000000000 +0200 @@ -68,7 +68,7 @@ - name: Install OpenSSL if: ${{ matrix.config.openssl }} run: | - choco install --no-progress ${{ matrix.config.choco }} openssl --version 3.6.1 + choco install --no-progress ${{ matrix.config.choco }} openssl --version 3.6.2 - name: Build shell: cmd diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/.github/workflows/coverage.yml new/re-4.8.0/.github/workflows/coverage.yml --- old/re-4.7.0/.github/workflows/coverage.yml 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/.github/workflows/coverage.yml 2026-05-12 10:12:34.000000000 +0200 @@ -47,7 +47,7 @@ - name: coverage check run: | - min_cov="68.3" + min_cov="70.0" mkdir html cov=$(~/.local/bin/gcovr -r . --html-details html/index.html --json-summary | jq .line_percent) echo "Coverage: ${cov}% (min $min_cov%)" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/.github/workflows/freebsd.yml new/re-4.8.0/.github/workflows/freebsd.yml --- old/re-4.7.0/.github/workflows/freebsd.yml 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/.github/workflows/freebsd.yml 2026-05-12 10:12:34.000000000 +0200 @@ -23,11 +23,12 @@ id: test uses: vmactions/freebsd-vm@v1 with: + release: "14.4" usesh: true prepare: | - pkg install -y ninja cmake run: | + pkg update && pkg install -y ninja cmake freebsd-version cmake -B build && cmake --build build -t retest ./build/test/retest -r -v diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/.github/workflows/ssl.yml new/re-4.8.0/.github/workflows/ssl.yml --- old/re-4.7.0/.github/workflows/ssl.yml 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/.github/workflows/ssl.yml 2026-05-12 10:12:34.000000000 +0200 @@ -34,7 +34,7 @@ - name: Download pre-compiled OpenSSL/LibreSSL run: | - wget "https://github.com/baresip/tools/releases/download/v2025.05.1/assets.tar.gz"; + wget "https://github.com/baresip/tools/releases/download/v2026.05.0/assets.tar.gz"; tar -xf assets.tar.gz - name: make diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/CHANGELOG.md new/re-4.8.0/CHANGELOG.md --- old/re-4.7.0/CHANGELOG.md 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/CHANGELOG.md 2026-05-12 10:12:34.000000000 +0200 @@ -5,6 +5,28 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## v4.8.0 - 2026-05-13 + +## What's Changed +* ci/cmake_win: fix choco openssl by @sreimers in https://github.com/baresip/re/pull/1563 +* test,sipreg: enable outbound testing by @alfredh in https://github.com/baresip/re/pull/1553 +* ci/windows: roll back choco openssl version 3.6.2 by @alfredh in https://github.com/baresip/re/pull/1566 +* hash: safety check for string by @cspiel1 in https://github.com/baresip/re/pull/1562 +* ci/freebsd: use freebsd 14.4 and pkg update fixes by @sreimers in https://github.com/baresip/re/pull/1567 +* tls: upgrade usage of legacy functions by @alfredh in https://github.com/baresip/re/pull/1565 +* ci/coverage: increase minimum coverage to 70% by @alfredh in https://github.com/baresip/re/pull/1564 +* tls: use SSL_set1_dnsname() for OpenSSL 4.0.0 and later by @alfredh in https://github.com/baresip/re/pull/1569 +* tls/openssl/sni: fix OpenSSL 4 deprecation and refactor by @sreimers in https://github.com/baresip/re/pull/1570 +* http: Send HTTP request with explicit server address by @fAuernigg in https://github.com/baresip/re/pull/1571 +* tls/openssl: fix OpenSSL 4.0.0 consts by @sreimers in https://github.com/baresip/re/pull/1572 +* ci/ssl: bump no-deprecated OpenSSL and LibreSSL by @sreimers in https://github.com/baresip/re/pull/1573 +* readme: update supported OpenSSL and LibreSSL versions by @sreimers in https://github.com/baresip/re/pull/1574 +* mem: update mem_debug_tail() doxygen comment by @alfredh in https://github.com/baresip/re/pull/1576 + + +**Full Changelog**: https://github.com/baresip/re/compare/v4.7.0...v4.8.0 + + ## v4.7.0 - 2026-04-07 ### What's Changed diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/CMakeLists.txt new/re-4.8.0/CMakeLists.txt --- old/re-4.7.0/CMakeLists.txt 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/CMakeLists.txt 2026-05-12 10:12:34.000000000 +0200 @@ -14,7 +14,7 @@ cmake_minimum_required(VERSION 3.18...4.0) project(re - VERSION 4.7.0 + VERSION 4.8.0 LANGUAGES C HOMEPAGE_URL https://github.com/baresip/re DESCRIPTION "Generic library for real-time communications" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/README.md new/re-4.8.0/README.md --- old/re-4.7.0/README.md 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/README.md 2026-05-12 10:12:34.000000000 +0200 @@ -283,8 +283,8 @@ ### Supported versions of OpenSSL -* OpenSSL version 3.x.x -* LibreSSL version 3.x +* OpenSSL version 3.x.x and 4.x.x +* LibreSSL version 4.x ## Coding guidelines diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/include/re_http.h new/re-4.8.0/include/re_http.h --- old/re-4.7.0/include/re_http.h 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/include/re_http.h 2026-05-12 10:12:34.000000000 +0200 @@ -151,6 +151,10 @@ int http_request(struct http_req **reqp, struct http_cli *cli, const char *met, const char *uri, http_resp_h *resph, http_data_h *datah, http_bodyh *bodyh, void *arg, const char *fmt, ...); +int http_request_addr(struct http_req **reqp, struct http_cli *cli, + const char *met, const char *uri, const struct sa *addr, + http_resp_h *resph, http_data_h *datah, + http_bodyh *bodyh, void *arg, const char *fmt, ...); void http_req_set_conn_handler(struct http_req *req, http_conn_h *connh); void http_client_set_laddr(struct http_cli *cli, const struct sa *addr); void http_client_set_laddr6(struct http_cli *cli, const struct sa *addr); @@ -254,6 +258,8 @@ const struct pl *header); int http_reqconn_clr_header(struct http_reqconn *conn); int http_reqconn_send(struct http_reqconn *conn, const struct pl *uri); +int http_reqconn_set_peer(struct http_reqconn *conn, + const struct sa *peer); #ifdef USE_TLS int http_reqconn_set_tls_hostname(struct http_reqconn *conn, const struct pl *hostname); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/mk/Doxyfile new/re-4.8.0/mk/Doxyfile --- old/re-4.7.0/mk/Doxyfile 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/mk/Doxyfile 2026-05-12 10:12:34.000000000 +0200 @@ -4,7 +4,7 @@ # Project related configuration options #--------------------------------------------------------------------------- PROJECT_NAME = libre -PROJECT_NUMBER = 4.7.0 +PROJECT_NUMBER = 4.8.0 OUTPUT_DIRECTORY = ../re-dox CREATE_SUBDIRS = NO OUTPUT_LANGUAGE = English diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/src/hash/func.c new/re-4.8.0/src/hash/func.c --- old/re-4.7.0/src/hash/func.c 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/src/hash/func.c 2026-05-12 10:12:34.000000000 +0200 @@ -52,6 +52,8 @@ { uint32_t hash = 0; size_t i; + if (!str) + return 0; for (i = 0; i < len; i++) { hash += tolower(str[i]); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/src/http/client.c new/re-4.8.0/src/http/client.c --- old/re-4.7.0/src/http/client.c 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/src/http/client.c 2026-05-12 10:12:34.000000000 +0200 @@ -753,24 +753,12 @@ } -/** - * Send an HTTP request - * - * @param reqp Pointer to allocated HTTP request object - * @param cli HTTP Client - * @param met Request method - * @param uri Request URI - * @param resph Response handler - * @param datah Content handler (optional) - * @param bodyh Body handler (optional) - * @param arg Handler argument - * @param fmt Formatted HTTP headers and body (optional) - * - * @return 0 if success, otherwise errorcode - */ -int http_request(struct http_req **reqp, struct http_cli *cli, const char *met, - const char *uri, http_resp_h *resph, http_data_h *datah, - http_bodyh *bodyh, void *arg, const char *fmt, ...) +static int http_request_addr_v(struct http_req **reqp, struct http_cli *cli, + const char *met, const char *uri, + const struct sa *addr, + http_resp_h *resph, http_data_h *datah, + http_bodyh *bodyh, void *arg, + const char *fmt, va_list ap) { struct http_uri http_uri; struct pl pl; @@ -779,7 +767,6 @@ struct sa sa; bool ipv6; bool secure; - va_list ap; int err; if (!cli || !met || !uri) @@ -812,8 +799,9 @@ req->cli = cli; req->secure = secure; - req->port = pl_isset(&http_uri.port) ? pl_u32(&http_uri.port) : - defport; + req->port = (addr && sa_port(addr)) ? sa_port(addr) : + (pl_isset(&http_uri.port) ? pl_u32(&http_uri.port) : + defport); req->resph = resph; req->datah = datah; req->bodyh = bodyh; @@ -836,14 +824,10 @@ met, &http_uri.path, ipv6 ? "[" : "", &http_uri.host, ipv6 ? "]" : ""); - if (fmt) { - va_start(ap, fmt); + if (fmt) err |= mbuf_vprintf(req->mbreq, fmt, ap); - va_end(ap); - } - else { + else err |= mbuf_write_str(req->mbreq, "\r\n"); - } if (err) goto out; @@ -868,8 +852,14 @@ goto out; #endif - if (!sa_set_str(&req->srvv[0], req->host, req->port)) { - + if (addr) { + /* Use explicit addr instead of DNS resolution */ + req->srvv[0] = *addr; + sa_set_port(&req->srvv[0], req->port); + req->srvc = 1; + err = req_connect(req); + } + else if (!sa_set_str(&req->srvv[0], req->host, req->port)) { req->srvc = 1; err = req_connect(req); @@ -904,6 +894,74 @@ return err; } + + +/** + * Send an HTTP request + * + * @param reqp Pointer to allocated HTTP request object + * @param cli HTTP Client + * @param met Request method + * @param uri Request URI + * @param resph Response handler + * @param datah Content handler (optional) + * @param bodyh Body handler (optional) + * @param arg Handler argument + * @param fmt Formatted HTTP headers and body (optional) + * + * @return 0 if success, otherwise errorcode + */ +int http_request(struct http_req **reqp, struct http_cli *cli, const char *met, + const char *uri, http_resp_h *resph, http_data_h *datah, + http_bodyh *bodyh, void *arg, const char *fmt, ...) +{ + va_list ap; + int err; + + va_start(ap, fmt); + err = http_request_addr_v(reqp, cli, met, uri, NULL, + resph, datah, bodyh, arg, fmt, ap); + va_end(ap); + + return err; +} + + +/** + * Send an HTTP request with explicit server address (bypasses DNS) + * + * Like http_request but connects to addr instead of resolving the URI + * host via DNS. The Host header still uses the hostname from uri. + * If addr is NULL, falls back to DNS resolution like http_request(). + * + * @param reqp Pointer to allocated HTTP request object + * @param cli HTTP Client + * @param met Request method + * @param uri Request URI (host used for Host header only) + * @param addr Explicit server address for TCP connect, or NULL + * @param resph Response handler + * @param datah Content handler (optional) + * @param bodyh Body handler (optional) + * @param arg Handler argument + * @param fmt Formatted HTTP headers and body (optional) + * + * @return 0 if success, otherwise errorcode + */ +int http_request_addr(struct http_req **reqp, struct http_cli *cli, + const char *met, const char *uri, const struct sa *addr, + http_resp_h *resph, http_data_h *datah, + http_bodyh *bodyh, void *arg, const char *fmt, ...) +{ + va_list ap; + int err; + + va_start(ap, fmt); + err = http_request_addr_v(reqp, cli, met, uri, addr, + resph, datah, bodyh, arg, fmt, ap); + va_end(ap); + + return err; +} /** diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/src/http/request.c new/re-4.8.0/src/http/request.c --- old/re-4.7.0/src/http/request.c 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/src/http/request.c 2026-05-12 10:12:34.000000000 +0200 @@ -350,21 +350,25 @@ if (conn->custhdr) pl_set_mbuf(&custh, conn->custhdr); - err = http_request(&conn->req, conn->client, - conn->met, conn->uri, - resp_handler, conn->datah ? data_handler : NULL, - (conn->bodyh || conn->body) ? req_body_handler : NULL, - conn, - "%r%s" - "User-Agent: re " RE_VERSION "\r\n" - "%r" - "%r" - "%r" - "\r\n", - auth, auth ? "\r\n" : "", - &ct, - &custh, - &cl); + err = http_request_addr(&conn->req, conn->client, + conn->met, conn->uri, + sa_isset(&conn->peer, SA_ADDR) ? + &conn->peer : NULL, + resp_handler, + conn->datah ? data_handler : NULL, + (conn->bodyh || conn->body) ? + req_body_handler : NULL, + conn, + "%r%s" + "User-Agent: re " RE_VERSION "\r\n" + "%r" + "%r" + "%r" + "\r\n", + auth, auth ? "\r\n" : "", + &ct, + &custh, + &cl); mem_deref(clbuf); mem_deref(ctbuf); @@ -592,6 +596,33 @@ #endif +/** + * Set explicit peer address for next request (bypasses DNS) + * + * If set, the TCP connection goes to this address while + * the URI's hostname is still used for the Host header and + * TLS SNI. Useful for routing through a local proxy. + * + * @param conn HTTP request connection + * @param peer Peer address (NULL to clear) + * + * @return 0 if success, otherwise errorcode + */ +int http_reqconn_set_peer(struct http_reqconn *conn, + const struct sa *peer) +{ + if (!conn) + return EINVAL; + + if (peer) + conn->peer = *peer; + else + memset(&conn->peer, 0, sizeof(conn->peer)); + + return 0; +} + + int http_reqconn_send(struct http_reqconn *conn, const struct pl *uri) { int err; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/src/mem/mem.c new/re-4.8.0/src/mem/mem.c --- old/re-4.7.0/src/mem/mem.c 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/src/mem/mem.c 2026-05-12 10:12:34.000000000 +0200 @@ -487,6 +487,8 @@ /** * Debug last n allocated memory objects/blocks + * + * @param last_n Last number of blocks */ void mem_debug_tail(uint32_t last_n) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/src/tls/openssl/sni.c new/re-4.8.0/src/tls/openssl/sni.c --- old/re-4.7.0/src/tls/openssl/sni.c 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/src/tls/openssl/sni.c 2026-05-12 10:12:34.000000000 +0200 @@ -26,51 +26,77 @@ struct tls_conn; -static int x509_match_alt_name(X509 *x509, const char *sni, bool *match) +static bool x509_match_common_name(X509 *x509, const char *sni) +{ + const X509_NAME *nm = X509_get_subject_name(x509); + + int lastpos = -1; + for (;;) { + lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, + lastpos); + if (lastpos == -1) + break; + + const X509_NAME_ENTRY *e = X509_NAME_get_entry(nm, lastpos); + const ASN1_STRING *astr = X509_NAME_ENTRY_get_data(e); + if (!astr) + continue; + + struct pl cn = {(char *)ASN1_STRING_get0_data(astr), + ASN1_STRING_length(astr)}; + + if (!pl_strcasecmp(&cn, sni)) + return true; + } + + return false; +} + + +static bool x509_match_alt_name(X509 *x509, const char *sni) { GENERAL_NAMES *gs = NULL; ASN1_STRING *astr = NULL; ASN1_OCTET_STRING *octet = NULL; - int err = 0; + bool match = false; - *match = false; gs = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL); if (!gs) - return 0; + return false; for (int i = 0; i < sk_GENERAL_NAME_num(gs); i++) { GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i); if (g->type == GEN_DNS) { astr = ASN1_IA5STRING_new(); - if (!astr) { - err = ENOMEM; + if (!astr) goto out; - } - if (!ASN1_STRING_set(astr, sni, -1)) { - err = ENOMEM; + if (!ASN1_STRING_set(astr, sni, -1)) goto out; - } if (!ASN1_STRING_cmp(astr, g->d.dNSName)) { - *match = true; + match = true; break; } } else if (g->type == GEN_IPADD) { octet = a2i_IPADDRESS(sni); + if (!octet) + break; if (!ASN1_OCTET_STRING_cmp(octet, g->d.iPAddress)) { - *match = true; + match = true; break; } + ASN1_OCTET_STRING_free(octet); } } out: + GENERAL_NAMES_free(gs); ASN1_IA5STRING_free(astr); ASN1_OCTET_STRING_free(octet); - return err; + return match; } @@ -95,11 +121,7 @@ return list_head(certs)->data; LIST_FOREACH(certs, le) { - char cn[TLSEXT_MAXLEN_host_name] = ""; X509 *x509; - X509_NAME *nm; - bool match = false; - int err; tls_cert = le->data; x509 = tls_cert_x509(tls_cert); @@ -108,20 +130,13 @@ continue; } - nm = X509_get_subject_name(x509); - int n = X509_NAME_get_text_by_NID(nm, NID_commonName, - cn, (int) sizeof(cn)); - if (n > 0 && !str_cmp(sni, cn)) + if (x509_match_common_name(x509, sni)) break; - err = x509_match_alt_name(x509, sni, &match); - if (err) { - tls_cert = NULL; + if (x509_match_alt_name(x509, sni)) break; - } - if (match) - break; + tls_cert = NULL; } ERR_clear_error(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/src/tls/openssl/tls.c new/re-4.8.0/src/tls/openssl/tls.c --- old/re-4.7.0/src/tls/openssl/tls.c 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/src/tls/openssl/tls.c 2026-05-12 10:12:34.000000000 +0200 @@ -1015,7 +1015,7 @@ int tls_peer_common_name(const struct tls_conn *tc, char *cn, size_t size) { X509 *cert; - int n; + int n = -1; if (!tc || !cn || !size) return EINVAL; @@ -1028,8 +1028,19 @@ if (!cert) return ENOENT; - n = X509_NAME_get_text_by_NID(X509_get_subject_name(cert), - NID_commonName, cn, (int)size); + const X509_NAME *name = X509_get_subject_name(cert); + + int ix = X509_NAME_get_index_by_NID(name, NID_commonName, -1); + if (ix != -1) { + const X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, ix); + const ASN1_STRING *astr = X509_NAME_ENTRY_get_data(entry); + + if (astr) { + str_ncpy(cn, (char *)ASN1_STRING_get0_data(astr), + size); + n = ASN1_STRING_length(astr); + } + } X509_free(cert); @@ -1235,11 +1246,19 @@ SSL_set_hostflags(tc->ssl, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); +#if OPENSSL_VERSION_MAJOR >= 4 + if (!SSL_set1_dnsname(tc->ssl, host)) { + DEBUG_WARNING("SSL_set1_dnsname error\n"); + ERR_clear_error(); + return EPROTO; + } +#else if (!SSL_set1_host(tc->ssl, host)) { DEBUG_WARNING("SSL_set1_host error\n"); ERR_clear_error(); return EPROTO; } +#endif if (!SSL_set_tlsext_host_name(tc->ssl, host)) { DEBUG_WARNING("SSL_set_tlsext_host_name error\n"); @@ -1300,7 +1319,7 @@ * * @return 0 if success, otherwise errorcode */ -static int convert_X509_NAME_to_mbuf(X509_NAME *field, struct mbuf *mb, +static int convert_X509_NAME_to_mbuf(const X509_NAME *field, struct mbuf *mb, unsigned long flags) { BIO *outbio; @@ -1350,7 +1369,7 @@ tls_get_certfield_h *field_getter, unsigned long flags) { X509 *crt = NULL; - X509_NAME *field; + const X509_NAME *field; crt = SSL_CTX_get0_certificate(tls->ctx); if (!crt) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/src/tls/openssl/tls.h new/re-4.8.0/src/tls/openssl/tls.h --- old/re-4.7.0/src/tls/openssl/tls.h 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/src/tls/openssl/tls.h 2026-05-12 10:12:34.000000000 +0200 @@ -20,7 +20,11 @@ #define SSL_ST_OK TLS_ST_OK #endif +#if OPENSSL_VERSION_MAJOR >= 4 +typedef const X509_NAME*(tls_get_certfield_h)(const X509 *); +#else typedef X509_NAME*(tls_get_certfield_h)(const X509 *); +#endif struct tls; struct tls_cert; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/test/http.c new/re-4.8.0/test/http.c --- old/re-4.7.0/test/http.c 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/test/http.c 2026-05-12 10:12:34.000000000 +0200 @@ -820,3 +820,143 @@ return test_http_loop_base(true, "GET", true, false, false, true); } #endif + + +static void http_req_addr_handler(struct http_conn *conn, + const struct http_msg *msg, void *arg) +{ + struct test *t = arg; + (void)msg; + + ++t->n_request; + http_reply(conn, 200, "OK", "Content-Length: 0\r\n\r\n"); +} + + +static void http_resp_addr_handler(int err, const struct http_msg *msg, + void *arg) +{ + struct test *t = arg; + + if (err) + goto out; + + ++t->n_response; + TEST_EQUALS(200, msg->scode); + re_cancel(); + + out: + if (err) + abort_test(t, err); +} + + +static int test_http_request_addr_base(bool secure) +{ + struct http_sock *sock = NULL; + struct http_cli *cli = NULL; + struct http_req *req = NULL; + struct dnsc *dnsc = NULL; + struct dns_server *dns_srv = NULL; + struct sa srv; + struct test t; + char url[256]; + int err = 0; +#ifdef USE_TLS + char path[256]; +#endif + memset(&t, 0, sizeof(t)); + t.secure = secure; + + err = sa_set_str(&srv, "127.0.0.1", 0); + TEST_ERR(err); + + /* Mock DNS server with no records */ + err = dns_server_alloc(&dns_srv, "127.0.0.1"); + TEST_ERR(err); + +#ifdef USE_TLS + if (secure) { + re_snprintf(path, sizeof(path), "%s/server-ecdsa.pem", + test_datapath()); + err = https_listen(&sock, &srv, path, http_req_addr_handler, + &t); + } + else +#endif + { + err = http_listen(&sock, &srv, http_req_addr_handler, &t); + } + if (err) + goto out; + + err = tcp_sock_local_get(http_sock_tcp(sock), &srv); + if (err) + goto out; + + err = dnsc_alloc(&dnsc, NULL, &dns_srv->addr, 1); + if (err) + goto out; + + err = http_client_alloc(&cli, dnsc); + if (err) + goto out; + +#ifdef USE_TLS + if (secure) { + re_snprintf(path, sizeof(path), "%s/server-ecdsa.pem", + test_datapath()); + err = http_client_add_ca(cli, path); + if (err) + goto out; + } +#endif + + /* Port 1 in URL — without explicit addr the connect goes to port 1 + * (nothing listens), proving http_request_addr bypasses ip and port + * in the URL and uses the given ip and port */ + re_snprintf(url, sizeof(url), "http%s://127.0.0.1:1/index.html", + secure ? "s" : ""); + + err = http_request_addr(&req, cli, "GET", url, &srv, + http_resp_addr_handler, NULL, NULL, &t, + "\r\n"); + if (err) + goto out; + + err = re_main_timeout(secure ? 1800 : 900); + if (err) + goto out; + + if (t.err) { + err = t.err; + goto out; + } + + TEST_EQUALS(1, t.n_request); + TEST_EQUALS(1, t.n_response); + + out: + mem_deref(t.mb_body); + mem_deref(req); + mem_deref(cli); + mem_deref(dnsc); + mem_deref(sock); + mem_deref(dns_srv); + + return err; +} + + +int test_http_request_addr(void) +{ + return test_http_request_addr_base(false); +} + + +#ifdef USE_TLS +int test_https_request_addr(void) +{ + return test_http_request_addr_base(true); +} +#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/test/mock/sipsrv.c new/re-4.8.0/test/mock/sipsrv.c --- old/re-4.7.0/test/mock/sipsrv.c 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/test/mock/sipsrv.c 2026-05-12 10:12:34.000000000 +0200 @@ -42,8 +42,24 @@ if (srv->terminate) err = sip_reply(srv->sip, msg, 503, "Server Error"); - else - err = sip_reply(srv->sip, msg, 200, "OK"); + else { + + if (sip_msg_hdr_has_value(msg, SIP_HDR_SUPPORTED, + "outbound")) { + + err = sip_replyf(srv->sip, msg, 200, "OK", + "Contact: <%r>\r\n" + "Content-Length: 0\r\n" + "Require: outbound\r\n" + "Flow-Timer: 1\r\n" + "\r\n" + , + &msg->to.auri); + } + else { + err = sip_reply(srv->sip, msg, 200, "OK"); + } + } if (err) { DEBUG_WARNING("could not reply: %m\n", err); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/test/sipreg.c new/re-4.8.0/test/sipreg.c --- old/re-4.7.0/test/sipreg.c 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/test/sipreg.c 2026-05-12 10:12:34.000000000 +0200 @@ -18,6 +18,7 @@ struct test { + struct tmr tmr; enum sip_transp tp; unsigned n_resp; uint16_t srcport; @@ -32,6 +33,15 @@ } +static void tmr_handler(void *arg) +{ + struct test *test = arg; + (void)test; + + re_cancel(); +} + + static int sipstack_fixture(struct sip **sipp) { struct sa laddr, laddrs; @@ -106,7 +116,12 @@ out: if (err) test->err = err; - re_cancel(); + + /* done */ + if (test->tp == SIP_TRANSP_UDP) + tmr_start(&test->tmr, 50, tmr_handler, test); + else + re_cancel(); } #define CPARAMS "some-param=test;other-param=123;" @@ -135,11 +150,13 @@ err = sip_server_uri(srv, reg_uri, sizeof(reg_uri), tp); TEST_ERR(err); + const int regid = 1; + err = sipreg_alloc(®, sip, reg_uri, "sip:x@test", NULL, "sip:x@test", - 3600, "x", NULL, 0, 0, NULL, NULL, false, - sip_resp_handler, &test, NULL, NULL); + 3600, "x", NULL, 0, regid, NULL, NULL, false, + sip_resp_handler, &test, NULL, "X-Custom: 1234\r\n"); TEST_ERR(err); err = sipreg_set_contact_params(reg, CPARAMS); @@ -169,8 +186,13 @@ ";" CPARAMS ">;expires=", NULL); TEST_ERR(err); + ASSERT_TRUE(sipreg_registered(reg)); + ASSERT_TRUE(!sipreg_failed(reg)); out: + tmr_cancel(&test.tmr); + + sipreg_unregister(reg); mem_deref(reg); sip_close(sip, true); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/test/test.c new/re-4.8.0/test/test.c --- old/re-4.7.0/test/test.c 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/test/test.c 2026-05-12 10:12:34.000000000 +0200 @@ -122,6 +122,10 @@ TEST(test_http_conn_large_body), TEST(test_http_large_body), TEST(test_http_loop), + TEST(test_http_request_addr), +#ifdef USE_TLS + TEST(test_https_request_addr), +#endif #ifdef USE_TLS TEST(test_https_loop), TEST(test_http_client_set_tls), @@ -204,6 +208,11 @@ #endif TEST(test_fmt_trim), TEST(test_sipevent), + TEST(test_sipreg_tcp), +#ifdef USE_TLS + TEST(test_sipreg_tls), +#endif + TEST(test_sipreg_udp), TEST(test_sipsess), TEST(test_sipsess_100rel_420), TEST(test_sipsess_100rel_421), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/re-4.7.0/test/test.h new/re-4.8.0/test/test.h --- old/re-4.7.0/test/test.h 2026-04-07 07:18:58.000000000 +0200 +++ new/re-4.8.0/test/test.h 2026-05-12 10:12:34.000000000 +0200 @@ -228,6 +228,10 @@ int test_http_conn_large_body(void); int test_dns_http_integration(void); int test_dns_cache_http_integration(void); +int test_http_request_addr(void); +#ifdef USE_TLS +int test_https_request_addr(void); +#endif #ifdef USE_TLS int test_https_loop(void); int test_http_client_set_tls(void);
