[sr-dev] git:master:20d0a188: tls: if port is 0 in tls client profile cfg definition, ignore matching port

Tue, 24 Feb 2015 03:32:09 -0800 

Module: kamailio
Branch: master
Commit: 20d0a188701127dae34dd40d7f14be0037d0b888
URL: 
https://github.com/kamailio/kamailio/commit/20d0a188701127dae34dd40d7f14be0037d0b888

Author: Daniel-Constantin Mierla <[email protected]>
Committer: Daniel-Constantin Mierla <[email protected]>
Date: 2015-02-24T12:29:51+01:00

tls: if port is 0 in tls client profile cfg definition, ignore matching port

- tcp port can be randomly allocated by OS, making hard to guess it in
  advance

---

Modified: modules/tls/tls_domain.c
Modified: modules/tls/tls_server.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/20d0a188701127dae34dd40d7f14be0037d0b888.diff
Patch: 
https://github.com/kamailio/kamailio/commit/20d0a188701127dae34dd40d7f14be0037d0b888.patch

---

diff --git a/modules/tls/tls_domain.c b/modules/tls/tls_domain.c
index e31a4fe..0d95a62 100644
--- a/modules/tls/tls_domain.c
+++ b/modules/tls/tls_domain.c
@@ -1308,7 +1308,7 @@ tls_domain_t* tls_lookup_cfg(tls_domains_cfg_t* cfg, int 
type,
                                p->server_name.len, ZSW(p->server_name.s),
                                sname->len, ZSW(sname->s));
                }
-               if ((p->port == port) && ip_addr_cmp(&p->ip, ip)) {
+               if ((p->port==0 || p->port == port) && ip_addr_cmp(&p->ip, ip)) 
{
                        if(sname && sname->len>0) {
                                if(p->server_name.len==sname->len
                                        && strncasecmp(p->server_name.s, 
sname->s, sname->len)==0) {
diff --git a/modules/tls/tls_server.c b/modules/tls/tls_server.c
index 28cf1a3..26872c9 100644
--- a/modules/tls/tls_server.c
+++ b/modules/tls/tls_server.c
@@ -196,16 +196,8 @@ static int tls_complete_init(struct tcp_connection* c)
        } else {
                state=S_TLS_CONNECTING;
                sname = tls_get_connect_server_name();
-               if(&c->rcv.bind_address!=NULL) {
-                       /* if there is a bind_address, use it, because the src 
port
-                        * for connection can be randomly assigned by OS */
-                       dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
-                                               &c->rcv.bind_address->address,
-                                               c->rcv.bind_address->port_no, 
sname);
-               } else {
-                       dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
+               dom = tls_lookup_cfg(cfg, TLS_DOMAIN_CLI,
                                                &c->rcv.dst_ip, 
c->rcv.dst_port, sname);
-               }
        }
        if (unlikely(c->state<0)) {
                BUG("Invalid connection (state %d)\n", c->state);


_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to