tls: rename new struct and functions

baresip · Nov 15, 2022 · 4ad222f · 4ad222f
1 parent de2f54c
commit 4ad222f
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 35 deletions.
diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c
@@ -58,7 +58,7 @@ struct tls {
 	struct list certs;   /**< Certificates for SNI selection       */
 };
 
-struct uac_cert {
+struct tls_cert {
 	struct le le;
 	X509 *x509;
 	EVP_PKEY *pkey;
@@ -1875,7 +1875,7 @@ static int pl_skip_prefixed_2(struct pl *pl)
 }
 
 
-int BIO_sni_from_client_hello(BIO *bio, struct pl *sni)
+int bio_sni_from_client_hello(BIO *bio, struct pl *sni)
 {
 	struct pl pl;
 	uint16_t len = 0;
@@ -1967,9 +1967,9 @@ int BIO_sni_from_client_hello(BIO *bio, struct pl *sni)
 }
 
 
-static void uac_cert_destructor(void *arg)
+static void tls_cert_destructor(void *arg)
 {
-	struct uac_cert *uc = arg;
+	struct tls_cert *uc = arg;
 
 	mem_deref(uc->host);
 	X509_free(uc->x509);
@@ -1980,14 +1980,14 @@ static void uac_cert_destructor(void *arg)
 
 int tls_add_certf(struct tls *tls, const char *certf, const struct pl *host)
 {
-	struct uac_cert *uc;
+	struct tls_cert *uc;
 	BIO *bio = NULL;
 	int err = 0;
 
 	if (!tls || !certf)
 		return EINVAL;
 
-	uc = mem_zalloc(sizeof(*uc), uac_cert_destructor);
+	uc = mem_zalloc(sizeof(*uc), tls_cert_destructor);
 	if (pl_isset(host)) {
 		err = pl_strdup(&uc->host, host);
 		if (err)
@@ -2108,10 +2108,9 @@ static int x509_match_alt_name(X509 *x509, const struct pl *sni, bool *match)
 }
 
 
-struct uac_cert *tls_uac_cert_for_sni(const struct tls *tls,
-					const struct pl *sni)
+struct tls_cert *tls_cert_for_sni(const struct tls *tls, const struct pl *sni)
 {
-	struct uac_cert *uac_cert = NULL;
+	struct tls_cert *tls_cert = NULL;
 	struct le *le;
 	char *cn;
 
@@ -2128,10 +2127,10 @@ struct uac_cert *tls_uac_cert_for_sni(const struct tls *tls,
 		bool match = false;
 		int err;
 
-		uac_cert = le->data;
-		x509 = uac_cert->x509;
+		tls_cert = le->data;
+		x509 = tls_cert->x509;
 		if (!x509) {
-			uac_cert = NULL;
+			tls_cert = NULL;
 			continue;
 		}
 
@@ -2142,7 +2141,7 @@ struct uac_cert *tls_uac_cert_for_sni(const struct tls *tls,
 
 		err = x509_match_alt_name(x509, sni, &match);
 		if (err) {
-			uac_cert = NULL;
+			tls_cert = NULL;
 			break;
 		}
 
@@ -2151,29 +2150,29 @@ struct uac_cert *tls_uac_cert_for_sni(const struct tls *tls,
 	}
 
 	mem_deref(cn);
-	return uac_cert;
+	return tls_cert;
 }
 
 
-X509 *uac_cert_x509(struct uac_cert *hc)
+X509 *tls_cert_x509(struct tls_cert *hc)
 {
 	return hc ? hc->x509 : NULL;
 }
 
 
-EVP_PKEY *uac_cert_pkey(struct uac_cert *hc)
+EVP_PKEY *tls_cert_pkey(struct tls_cert *hc)
 {
 	return hc ? hc->pkey : NULL;
 }
 
 
-STACK_OF(X509*) uac_cert_chain(struct uac_cert *hc)
+STACK_OF(X509*) tls_cert_chain(struct tls_cert *hc)
 {
 	return hc ? hc->chain : NULL;
 }
 
 
-const char *uac_cert_host(struct uac_cert *hc)
+const char *tls_cert_host(struct tls_cert *hc)
 {
 	return hc ? hc->host : NULL;
 }
diff --git a/src/tls/openssl/tls.h b/src/tls/openssl/tls.h
@@ -28,14 +28,13 @@ typedef X509_NAME*(tls_get_certfield_h)(X509 *);
 #endif
 
 struct tls;
-struct uac_cert;
+struct tls_cert;
 
 void tls_flush_error(void);
 SSL_CTX *tls_ssl_ctx(const struct tls *tls);
-int BIO_sni_from_client_hello(BIO *bio, struct pl *sni);
-struct uac_cert *tls_uac_cert_for_sni(const struct tls *tls,
-					const struct pl *sni);
-X509 *uac_cert_x509(struct uac_cert *hc);
-EVP_PKEY *uac_cert_pkey(struct uac_cert *hc);
-STACK_OF(X509*) uac_cert_chain(struct uac_cert *hc);
-const char *uac_cert_host(struct uac_cert *hc);
+int bio_sni_from_client_hello(BIO *bio, struct pl *sni);
+struct tls_cert *tls_cert_for_sni(const struct tls *tls, const struct pl *sni);
+X509 *tls_cert_x509(struct tls_cert *hc);
+EVP_PKEY *tls_cert_pkey(struct tls_cert *hc);
+STACK_OF(X509*) tls_cert_chain(struct tls_cert *hc);
+const char *tls_cert_host(struct tls_cert *hc);
diff --git a/src/tls/openssl/tls_tcp.c b/src/tls/openssl/tls_tcp.c
@@ -213,7 +213,7 @@ static bool estab_handler(int *err, bool active, void *arg)
 }
 
 
-static int tls_use_uac_cert(struct tls_conn *tc, struct uac_cert *uc)
+static int tls_use_cert(struct tls_conn *tc, struct tls_cert *uc)
 {
 	int err;
 	int r;
@@ -225,14 +225,16 @@ static int tls_use_uac_cert(struct tls_conn *tc, struct uac_cert *uc)
 	if (r != 1)
 		return EINVAL;
 
-	r = SSL_use_cert_and_key(tc->ssl, uac_cert_x509(uc), uac_cert_pkey(uc),
-				 uac_cert_chain(uc), 1);
+	r = SSL_use_cert_and_key(tc->ssl, tls_cert_x509(uc), tls_cert_pkey(uc),
+				 tls_cert_chain(uc), 1);
 	if (r != 1)
 		return EINVAL;
 
 	/* tls_set_verify_server() does what we want, although this function
-	 * is called for a client hello and we want to verify the TLS client */
-	err = tls_set_verify_server(tc, uac_cert_host(uc));
+	 * is called for a client hello and we want to verify the TLS client.
+	 * TODO: Should we rename `tls_set_verify_client()` and
+	 * `tls_set_verify_server()`?                                        */
+	err = tls_set_verify_server(tc, tls_cert_host(uc));
 	return err;
 }
 
@@ -241,7 +243,7 @@ static bool recv_handler(int *err, struct mbuf *mb, bool *estab, void *arg)
 {
 	struct tls_conn *tc = arg;
 	struct pl sni = PL_INIT;
-	struct uac_cert *uc = NULL;
+	struct tls_cert *uc = NULL;
 	int r;
 	int errch;
 
@@ -265,12 +267,12 @@ static bool recv_handler(int *err, struct mbuf *mb, bool *estab, void *arg)
 			*err = tls_connect(tc);
 		}
 		else {
-			errch = BIO_sni_from_client_hello(tc->sbio_in, &sni);
+			errch = bio_sni_from_client_hello(tc->sbio_in, &sni);
 			if (!errch && pl_isset(&sni))
-				uc = tls_uac_cert_for_sni(tc->tls, &sni);
+				uc = tls_cert_for_sni(tc->tls, &sni);
 
 			if (uc)
-				*err = tls_use_uac_cert(tc, uc);
+				*err = tls_use_cert(tc, uc);
 
 			if (*err)
 				return true;