Module: kamailio Branch: master Commit: 86549be22f92442c192281bedcce1c3a1f80cac1 URL: https://github.com/kamailio/kamailio/commit/86549be22f92442c192281bedcce1c3a1f80cac1
Author: S-P Chan <[email protected]> Committer: S-P Chan <[email protected]> Date: 2026-03-12T16:41:16+08:00 tls: fix $tls_my_subject/$tls_peer_subject always returning null The PVs $tls_my_subject, $tls_my_issuer, $tls_peer_subject and $tls_peer_issuer are registered with pv_comp() as their getter with only PV_CERT_{LOCAL,PEER}|PV_CERT_{SUBJECT,ISSUER} flags â no PV_COMP_* bit. After pv_comp() strips the cert/subject flags, ind_local becomes 0, hitting the default: branch which sets nid=NID_undef. get_comp() then called X509_NAME_get_index_by_NID() with NID_undef which always returns -1, causing all four PVs to silently return null regardless of the certificate content. Fix by handling NID_undef in get_comp() as a request for the full distinguished name, using X509_NAME_oneline() to return the complete subject or issuer string (e.g. /O=Example/CN=host.example.com). --- Modified: src/modules/tls/tls_select.c --- Diff: https://github.com/kamailio/kamailio/commit/86549be22f92442c192281bedcce1c3a1f80cac1.diff Patch: https://github.com/kamailio/kamailio/commit/86549be22f92442c192281bedcce1c3a1f80cac1.patch --- diff --git a/src/modules/tls/tls_select.c b/src/modules/tls/tls_select.c index 18abcc7dd03..ca1535d1789 100644 --- a/src/modules/tls/tls_select.c +++ b/src/modules/tls/tls_select.c @@ -919,7 +919,7 @@ static int pv_ssl_cert(sip_msg_t *msg, pv_param_t *param, pv_value_t *res) } -#if(OPENSSL_VERSION_NUMBER >= 0x10100001L) +#if (OPENSSL_VERSION_NUMBER >= 0x10100001L) /* NB: SSL_get0_verified_chain() was introduced in OpenSSL 1.1.0 */ static int get_verified_cert_chain( STACK_OF(X509) * *chain, struct tcp_connection **c, struct sip_msg *msg) @@ -1013,6 +1013,20 @@ static int get_comp(str *res, int local, int issuer, int nid, sip_msg_t *msg) goto err; } + if(nid == NID_undef) { + /* no component requested - return the full subject/issuer oneline */ + if(X509_NAME_oneline(name, buf, sizeof(buf)) == NULL) { + ERR("Error converting X509 name to string\n"); + goto err; + } + res->s = buf; + res->len = strlen(buf); + if(!local) + X509_free(cert); + tcpconn_put(c); + return 0; + } + index = X509_NAME_get_index_by_NID(name, nid, -1); if(index == -1) { switch(nid) { @@ -1777,7 +1791,7 @@ select_row_t tls_sel[] = { {sel_cert, SEL_PARAM_STR, STR_STATIC_INIT("urlencoded_cert"), sel_ssl_cert, DIVERSION | CERT_URLENCODED}, -#if(OPENSSL_VERSION_NUMBER >= 0x10100001L) +#if (OPENSSL_VERSION_NUMBER >= 0x10100001L) {sel_cert, SEL_PARAM_STR, STR_STATIC_INIT("verified_cert_chain"), sel_ssl_verified_cert_chain, CONSUME_NEXT_INT}, #endif
_______________________________________________ Kamailio - Development Mailing List -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
