On Mon, 2010-11-01 at 12:15 +0100, Alexander Malysh wrote:
> SSL client patch is not commited because you have to implement this option
> for SMSC modules first....
The new patch adds the implementation of client SSL certificate support
to SMPP, which is the only SMSC using SSL. It also adds documentation of
the new option to the userguide.
If use-ssl and the ssl-client-certkey-file option are both specifed
conn_open_ssl uses the provided pem file for the ssl connection in
tranceiver/transmitter/receiver modes, else the old behaviour applies.
ciao
Luca
Index: gwlib/cfg.def
===================================================================
--- gwlib/cfg.def (revision 4868)
+++ gwlib/cfg.def (working copy)
@@ -389,6 +389,7 @@
OCTSTR(max-sms-octets)
OCTSTR(login-prompt)
OCTSTR(password-prompt)
+ OCTSTR(ssl-client-certkey-file)
OCTSTR(generic-param-username)
OCTSTR(generic-param-password)
OCTSTR(generic-param-from)
Index: doc/userguide/userguide.xml
===================================================================
--- doc/userguide/userguide.xml (revision 4868)
+++ doc/userguide/userguide.xml (working copy)
@@ -3159,6 +3159,14 @@
Defines whether we should try to bind with SSL enabled connection.
</entry></row>
+ <row><entry><literal>ssl-client-certkey-file (c)</literal></entry>
+ <entry>filename</entry>
+ <entry valign="bottom">
+ A PEM encoded SSL certificate and private key file to be used
+ for SSL connections. This option is used together with use-ssl
+ for client certificate validation with SMPP SMSCs requiring it.
+ </entry></row>
+
<row><entry><literal>transceiver-mode</literal></entry>
<entry>bool</entry>
<entry valign="bottom">
Index: gw/smsc/smsc_smpp.c
===================================================================
--- gw/smsc/smsc_smpp.c (revision 4868)
+++ gw/smsc/smsc_smpp.c (working copy)
@@ -154,6 +154,7 @@
int transmit_port;
int receive_port;
int use_ssl;
+ Octstr *ssl_client_certkey_file;
volatile int quitting;
long enquire_link_interval;
long max_pending_submits;
@@ -265,6 +266,7 @@
smpp->bind_addr_ton = 0;
smpp->bind_addr_npi = 0;
smpp->use_ssl = 0;
+ smpp->ssl_client_certkey_file = NULL;
smpp->load = load_create_real(0);
load_add_interval(smpp->load, 1);
@@ -288,6 +290,7 @@
octstr_destroy(smpp->my_number);
octstr_destroy(smpp->alt_charset);
octstr_destroy(smpp->alt_addr_charset);
+ octstr_destroy(smpp->ssl_client_certkey_file);
load_destroy(smpp->load);
gw_free(smpp);
}
@@ -1111,7 +1114,7 @@
#ifdef HAVE_LIBSSL
if (smpp->use_ssl)
- conn = conn_open_ssl(smpp->host, smpp->transmit_port, NULL, smpp->conn->our_host);
+ conn = conn_open_ssl(smpp->host, smpp->transmit_port, smpp->ssl_client_certkey_file, smpp->conn->our_host);
else
#endif
conn = conn_open_tcp(smpp->host, smpp->transmit_port, smpp->conn->our_host);
@@ -1159,7 +1162,7 @@
#ifdef HAVE_LIBSSL
if (smpp->use_ssl)
- conn = conn_open_ssl(smpp->host, smpp->transmit_port, NULL, smpp->conn->our_host);
+ conn = conn_open_ssl(smpp->host, smpp->transmit_port, smpp->ssl_client_certkey_file, smpp->conn->our_host);
else
#endif
conn = conn_open_tcp(smpp->host, smpp->transmit_port, smpp->conn->our_host);
@@ -1205,7 +1208,7 @@
#ifdef HAVE_LIBSSL
if (smpp->use_ssl)
- conn = conn_open_ssl(smpp->host, smpp->receive_port, NULL, smpp->conn->our_host);
+ conn = conn_open_ssl(smpp->host, smpp->receive_port, smpp->ssl_client_certkey_file, smpp->conn->our_host);
else
#endif
conn = conn_open_tcp(smpp->host, smpp->receive_port, smpp->conn->our_host);
@@ -2349,9 +2352,11 @@
cfg_get_integer(&smpp->bind_addr_npi, grp, octstr_imm("bind-addr-npi"));
cfg_get_bool(&smpp->use_ssl, grp, octstr_imm("use-ssl"));
+ if (smpp->use_ssl)
#ifndef HAVE_LIBSSL
- if (smpp->use_ssl)
panic(0, "SMPP: Can not use 'use-ssl' without SSL support compiled in.");
+#else
+ smpp->ssl_client_certkey_file = cfg_get(grp, octstr_imm("ssl-client-certkey-file"));
#endif
conn->data = smpp;
