<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x
...'
- code is contributed under BSD for core and main components (tm, sl, auth,
tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the
checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING
guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on
sr-dev mailing list -->
- [x] Commit message has the format required by CONTRIBUTING guide
- [x] Commits are split per component (core, individual modules, libs, utils,
...)
- [x] Each component has a single commit (if not, squash them into one commit)
- [x] No commits to README files for modules (changes must be done to docbook
files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [x] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the
checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [x] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
Currently `stirshaken` module performs x509 certificate path check twice (when
enabled):
- first by calling `stir_shaken_verify_cert_path` directly from the
[`stirshaken_mod.c`](https://github.com/kamailio/kamailio/blob/330543f46cbb6bf815ebf77c98378314091197ce/src/modules/stirshaken/stirshaken_mod.c#L626)
- second time from the
[`libstirshaken`](https://github.com/signalwire/libstirshaken/blame/cb6ede40b3ce12ab76e370186a14dc141839ef07/src/stir_shaken_verify.c#L445)
`libstirshaken` had the path check built in since approx 2020 ([last commit
mentioning it as
TODO](https://github.com/signalwire/libstirshaken/blame/552650e31e3dc66806944b6495490bbb98bae4af/src/stir_shaken_verify.c#L362)
before the `stir_shaken_verify_cert_path` function was introduced). This
shouldn't be an issue since `stirshaken` module was added to Kamailio in
2021.
This PR removes the x509 certificate path check from the `stirshaken_mod.c` by
passing the responsibility to perform certificate path check to the
`libstirshaken`.
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/4202
-- Commit Summary --
* stirshaken: removed repeated x509 certification path check
-- File Changes --
M src/modules/stirshaken/doc/stirshaken_admin.xml (4)
M src/modules/stirshaken/stirshaken_mod.c (17)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/4202.patch
https://github.com/kamailio/kamailio/pull/4202.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4202
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/4...@github.com>
_______________________________________________
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
