Class: OverSIP::SIP::TlsServer
- Inherits:
-
TcpServer
- Object
- EM::Connection
- Reactor
- TcpReactor
- TcpServer
- OverSIP::SIP::TlsServer
- Defined in:
- lib/oversip/sip/listeners/tls_server.rb,
lib/oversip/sip/modules/user_assertion.rb
Direct Known Subclasses
Constant Summary collapse
- TLS_HANDSHAKE_MAX_TIME =
8
Constants inherited from TcpReactor
OverSIP::SIP::TcpReactor::HEADERS_MAX_SIZE
Constants included from MessageProcessor
Constants included from Logger
Logger::SYSLOG_POSIXMQ_MAPPING
Instance Attribute Summary collapse
-
#asserted_user ⇒ Object
Returns the value of attribute asserted_user.
Attributes inherited from TcpServer
Instance Method Summary collapse
- #post_init ⇒ Object
- #ssl_handshake_completed ⇒ Object
- #ssl_verify_peer(pem) ⇒ Object
- #unbind(cause = nil) ⇒ Object
Methods inherited from TcpServer
#post_connection, #remote_desc
Methods inherited from TcpReactor
#get_body, #parse_headers, #receive_data, #send_sip_msg
Methods inherited from Reactor
#initialize, #receive_senderror, reliable_transport_listener?
Methods included from Logger
close, #fatal, fg_system_msg2str, init_logger_mq, load_methods, #log_id, syslog_system_msg2str, syslog_user_msg2str
Constructor Details
This class inherits a constructor from OverSIP::SIP::Reactor
Instance Attribute Details
#asserted_user ⇒ Object
Returns the value of attribute asserted_user.
105 106 107 |
# File 'lib/oversip/sip/modules/user_assertion.rb', line 105 def asserted_user @asserted_user end |
Instance Method Details
#post_init ⇒ Object
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/oversip/sip/listeners/tls_server.rb', line 8 def post_init @client_pems = [] @client_last_pem = false start_tls({ :verify_peer => true, :cert_chain_file => ::OverSIP.tls_public_cert, :private_key_file => ::OverSIP.tls_private_cert }) # If the remote client does never send us a TLS certificate # after the TCP connection we would leak by storing more and # more messages in @pending_messages array. @timer_tls_handshake = ::EM::Timer.new(TLS_HANDSHAKE_MAX_TIME) do unless @connected log_system_notice "TLS handshake not performed within #{TLS_HANDSHAKE_MAX_TIME} seconds, closing the connection" close_connection end end end |
#ssl_handshake_completed ⇒ Object
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/oversip/sip/listeners/tls_server.rb', line 44 def ssl_handshake_completed log_system_info "TLS connection established from " << remote_desc # TODO: What to do it falidation fails? always do validation? validated, cert, tls_error, tls_error_string = ::OverSIP::TLS.validate @client_pems.pop, @client_pems if validated log_system_info "client provides a valid TLS certificate" else log_system_notice "client's TLS certificate validation failed (TLS error: #{tls_error.inspect}, description: #{tls_error_string.inspect})" end # @connected in TlsServer means "TLS connection" rather than # just "TCP connection". @connected = true @timer_tls_handshake.cancel if @timer_tls_handshake end |
#ssl_verify_peer(pem) ⇒ Object
30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/oversip/sip/listeners/tls_server.rb', line 30 def ssl_verify_peer pem # TODO: Dirty workaround for bug https://github.com/eventmachine/eventmachine/issues/194. return true if @client_last_pem == pem @client_last_pem = pem @client_pems << pem log_system_debug "received certificate num #{@client_pems.size} from client" if $oversip_debug # Validation must be done in ssl_handshake_completed after receiving all the certs, so return true. return true end |
#unbind(cause = nil) ⇒ Object
63 64 65 66 |
# File 'lib/oversip/sip/listeners/tls_server.rb', line 63 def unbind cause=nil super @timer_tls_handshake.cancel if @timer_tls_handshake end |