RubyGems - oversip_p - Versions diffs - 1.0.0 - Mend

oversip_p 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

checksums.yaml +7 -0
data/AUTHORS +22 -0
data/LICENSE +25 -0
data/README.md +43 -0
data/Rakefile +54 -0
data/bin/oversip +184 -0
data/etc/oversip.conf +274 -0
data/etc/proxies.conf +145 -0
data/etc/server.rb +315 -0
data/etc/tls/ca/cacert.pem +3894 -0
data/etc/tls/demo-tls.oversip.net.crt +17 -0
data/etc/tls/demo-tls.oversip.net.key +15 -0
data/etc/tls/upgrade-cacert.sh +12 -0
data/etc/tls/utils/create-cert.rb +162 -0
data/etc/tls/utils/get-sip-identities.rb +95 -0
data/ext/common/c_util.h +74 -0
data/ext/common/ruby_c_util.h +88 -0
data/ext/sip_parser/common_headers.h +210 -0
data/ext/sip_parser/ext_help.h +18 -0
data/ext/sip_parser/extconf.rb +3 -0
data/ext/sip_parser/sip_message_parser.c +29741 -0
data/ext/sip_parser/sip_parser.h +250 -0
data/ext/sip_parser/sip_parser_ruby.c +1370 -0
data/ext/sip_parser/sip_uri_parser.c +39699 -0
data/ext/stud/extconf.rb +43 -0
data/ext/stun/ext_help.h +16 -0
data/ext/stun/extconf.rb +3 -0
data/ext/stun/stun_ruby.c +394 -0
data/ext/utils/ext_help.h +14 -0
data/ext/utils/extconf.rb +3 -0
data/ext/utils/haproxy_protocol.c +6163 -0
data/ext/utils/haproxy_protocol.h +27 -0
data/ext/utils/ip_utils.c +5952 -0
data/ext/utils/ip_utils.h +64 -0
data/ext/utils/outbound_utils.c +3227 -0
data/ext/utils/outbound_utils.h +27 -0
data/ext/utils/utils_ruby.c +392 -0
data/ext/utils/utils_ruby.h +76 -0
data/ext/websocket_framing_utils/ext_help.h +18 -0
data/ext/websocket_framing_utils/extconf.rb +3 -0
data/ext/websocket_framing_utils/ws_framing_utils.h +47 -0
data/ext/websocket_framing_utils/ws_framing_utils_ruby.c +135 -0
data/ext/websocket_http_parser/ext_help.h +18 -0
data/ext/websocket_http_parser/extconf.rb +3 -0
data/ext/websocket_http_parser/ws_http_parser.c +1635 -0
data/ext/websocket_http_parser/ws_http_parser.h +87 -0
data/ext/websocket_http_parser/ws_http_parser_ruby.c +630 -0
data/lib/oversip/config.rb +597 -0
data/lib/oversip/config_validators.rb +126 -0
data/lib/oversip/default_server.rb +52 -0
data/lib/oversip/errors.rb +10 -0
data/lib/oversip/fiber_pool.rb +56 -0
data/lib/oversip/launcher.rb +635 -0
data/lib/oversip/logger.rb +84 -0
data/lib/oversip/modules/outbound_mangling.rb +56 -0
data/lib/oversip/modules/user_assertion.rb +73 -0
data/lib/oversip/proxies_config.rb +189 -0
data/lib/oversip/ruby_ext/eventmachine.rb +38 -0
data/lib/oversip/sip/client.rb +428 -0
data/lib/oversip/sip/client_transaction.rb +586 -0
data/lib/oversip/sip/constants.rb +88 -0
data/lib/oversip/sip/core.rb +217 -0
data/lib/oversip/sip/launcher.rb +221 -0
data/lib/oversip/sip/listeners/connection.rb +54 -0
data/lib/oversip/sip/listeners/ipv4_tcp_client.rb +21 -0
data/lib/oversip/sip/listeners/ipv4_tcp_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv4_tls_client.rb +21 -0
data/lib/oversip/sip/listeners/ipv4_tls_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv4_tls_tunnel_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv4_udp_server.rb +21 -0
data/lib/oversip/sip/listeners/ipv6_tcp_client.rb +21 -0
data/lib/oversip/sip/listeners/ipv6_tcp_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv6_tls_client.rb +21 -0
data/lib/oversip/sip/listeners/ipv6_tls_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv6_tls_tunnel_server.rb +22 -0
data/lib/oversip/sip/listeners/ipv6_udp_server.rb +21 -0
data/lib/oversip/sip/listeners/tcp_client.rb +97 -0
data/lib/oversip/sip/listeners/tcp_connection.rb +202 -0
data/lib/oversip/sip/listeners/tcp_server.rb +71 -0
data/lib/oversip/sip/listeners/tls_client.rb +125 -0
data/lib/oversip/sip/listeners/tls_server.rb +88 -0
data/lib/oversip/sip/listeners/tls_tunnel_connection.rb +89 -0
data/lib/oversip/sip/listeners/tls_tunnel_server.rb +61 -0
data/lib/oversip/sip/listeners/udp_connection.rb +214 -0
data/lib/oversip/sip/listeners.rb +24 -0
data/lib/oversip/sip/message.rb +177 -0
data/lib/oversip/sip/message_processor.rb +213 -0
data/lib/oversip/sip/name_addr.rb +51 -0
data/lib/oversip/sip/proxy.rb +324 -0
data/lib/oversip/sip/request.rb +179 -0
data/lib/oversip/sip/response.rb +37 -0
data/lib/oversip/sip/rfc3263.rb +643 -0
data/lib/oversip/sip/server_transaction.rb +295 -0
data/lib/oversip/sip/sip.rb +76 -0
data/lib/oversip/sip/tags.rb +39 -0
data/lib/oversip/sip/timers.rb +55 -0
data/lib/oversip/sip/transport_manager.rb +130 -0
data/lib/oversip/sip/uac.rb +89 -0
data/lib/oversip/sip/uac_request.rb +84 -0
data/lib/oversip/sip/uri.rb +208 -0
data/lib/oversip/syslog.rb +68 -0
data/lib/oversip/system_callbacks.rb +45 -0
data/lib/oversip/tls.rb +172 -0
data/lib/oversip/utils.rb +30 -0
data/lib/oversip/version.rb +21 -0
data/lib/oversip/websocket/constants.rb +55 -0
data/lib/oversip/websocket/http_request.rb +59 -0
data/lib/oversip/websocket/launcher.rb +183 -0
data/lib/oversip/websocket/listeners/connection.rb +51 -0
data/lib/oversip/websocket/listeners/ipv4_ws_server.rb +22 -0
data/lib/oversip/websocket/listeners/ipv4_wss_server.rb +22 -0
data/lib/oversip/websocket/listeners/ipv4_wss_tunnel_server.rb +22 -0
data/lib/oversip/websocket/listeners/ipv6_ws_server.rb +22 -0
data/lib/oversip/websocket/listeners/ipv6_wss_server.rb +22 -0
data/lib/oversip/websocket/listeners/ipv6_wss_tunnel_server.rb +22 -0
data/lib/oversip/websocket/listeners/ws_server.rb +331 -0
data/lib/oversip/websocket/listeners/wss_server.rb +88 -0
data/lib/oversip/websocket/listeners/wss_tunnel_server.rb +133 -0
data/lib/oversip/websocket/listeners.rb +13 -0
data/lib/oversip/websocket/websocket.rb +13 -0
data/lib/oversip/websocket/ws_framing.rb +545 -0
data/lib/oversip/websocket/ws_sip_app.rb +120 -0
data/lib/oversip.rb +127 -0
data/test/oversip_test_helper.rb +19 -0
data/test/test_http_parser.rb +73 -0
data/test/test_name_addr.rb +27 -0
data/test/test_name_addr_parser.rb +24 -0
data/test/test_sip_message_parser.rb +168 -0
data/test/test_sip_uri_parser.rb +56 -0
data/test/test_uri.rb +68 -0
data/thirdparty/stud/stud.tar.gz +0 -0
metadata +334 -0

data/lib/oversip/sip/listeners/ipv6_tls_server.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module OverSIP::SIP
+  class IPv6TlsServer < TlsServer
+    @ip_type = :ipv6
+    @transport = :tls
+    @connections = {}
+    @invite_server_transactions = {}
+    @non_invite_server_transactions = {}
+    @invite_client_transactions = {}
+    @non_invite_client_transactions = {}
+    @is_reliable_transport_listener = true
+    @is_outbound_listener = true
+    LOG_ID = "SIP TLS IPv6 server"
+    def log_id
+      LOG_ID
+    end
+  end
+end

data/lib/oversip/sip/listeners/ipv6_tls_tunnel_server.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module OverSIP::SIP
+  class IPv6TlsTunnelServer < TlsTunnelServer
+    @ip_type = :ipv6
+    @transport = :tls
+    @connections = {}
+    @invite_server_transactions = {}
+    @non_invite_server_transactions = {}
+    @invite_client_transactions = {}
+    @non_invite_client_transactions = {}
+    @is_reliable_transport_listener = true
+    @is_outbound_listener = true
+    LOG_ID = "SIP TLS-Tunnel IPv6 server"
+    def log_id
+      LOG_ID
+    end
+  end
+end

data/lib/oversip/sip/listeners/ipv6_udp_server.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module OverSIP::SIP
+  class IPv6UdpServer < UdpConnection
+    @ip_type = :ipv6
+    @transport = :udp
+    @connections = nil  # To be set after creating the unique server instance.
+    @invite_server_transactions = {}
+    @non_invite_server_transactions = {}
+    @invite_client_transactions = {}
+    @non_invite_client_transactions = {}
+    @is_outbound_listener = true
+    LOG_ID = "SIP UDP IPv6 server"
+    def log_id
+      LOG_ID
+    end
+  end
+end

data/lib/oversip/sip/listeners/tcp_client.rb ADDED Viewed

@@ -0,0 +1,97 @@
+module OverSIP::SIP
+  class TcpClient < TcpConnection
+    class << self
+      attr_reader :server_class
+    end
+    attr_reader :connected
+    attr_reader :pending_client_transactions
+    def initialize ip, port
+      # NOTE: The parent class implementing "initialize" method is Connection, and allows no arguments.
+      # If we call just "super" from here it will fail since "ip" and "port" will be passed as
+      # arguments. So we must use "super()" and we are done (no arguments are passed to parent).
+      super()
+      @remote_ip = ip
+      @remote_port = port
+      @connection_id = ::OverSIP::SIP::TransportManager.add_connection self, self.class, self.class.ip_type, @remote_ip, @remote_port
+      @connected = false
+      @pending_client_transactions = []
+      ### TODO: make it configurable.
+      set_pending_connect_timeout 2.0
+    end
+    def connection_completed
+      log_system_info "TCP connection opened to " << remote_desc
+      @connected = true
+      @pending_client_transactions.clear
+    end
+    def remote_desc
+      @remote_desc ||= case self.class.ip_type
+        when :ipv4  ; "#{@remote_ip}:#{@remote_port.to_s}"
+        when :ipv6  ; "[#{@remote_ip}]:#{@remote_port.to_s}"
+        end
+    end
+    def unbind cause=nil
+      @state = :ignore
+      # Remove the connection.
+      self.class.connections.delete @connection_id
+      @local_closed = true  if cause == ::Errno::ETIMEDOUT
+      if @connected
+        log_msg = "connection to #{remote_desc} "
+        log_msg << ( @local_closed ? "locally closed" : "remotely closed" )
+        log_msg << " (cause: #{cause.inspect})"  if cause
+        log_system_debug log_msg  if $oversip_debug
+      # If the TCP client connection has failed (remote server rejected the connection) then
+      # inform to all the pending client transactions.
+      else
+        log_system_notice "connection to #{remote_desc} failed"  if $oversip_debug
+        @pending_client_transactions.each do |client_transaction|
+          client_transaction.connection_failed
+        end
+        @pending_client_transactions.clear
+      end unless $!
+      @connected = false
+    end
+    # For the case in which OverSIP receives a SIP request from a connection open by OverSIP.
+    def record_route
+      @record_route and return @record_route
+      server_class = self.class.server_class
+      local_port, local_ip = ::Socket.unpack_sockaddr_in(get_sockname)
+      case
+        when server_class == ::OverSIP::SIP::IPv4TcpServer
+          uri_ip = local_ip
+        when server_class == ::OverSIP::SIP::IPv6TcpServer
+          uri_ip = "[#{local_ip}]"
+        when server_class == ::OverSIP::SIP::IPv4TlsServer
+          uri_ip = local_ip
+        when server_class == ::OverSIP::SIP::IPv6TlsServer
+          uri_ip = "[#{local_ip}]"
+        end
+      @record_route = "<sip:#{uri_ip}:#{local_port};transport=#{server_class.transport.to_s};lr;ovid=#{OverSIP::SIP::Tags.value_for_route_ovid}>"
+    end
+  end
+end

data/lib/oversip/sip/listeners/tcp_connection.rb ADDED Viewed

@@ -0,0 +1,202 @@
+module OverSIP::SIP
+  class TcpConnection < Connection
+    # Max size (bytes) of the buffered data when receiving message headers
+    # (avoid DoS attacks).
+    HEADERS_MAX_SIZE = 16384
+    def remote_ip_type
+      @remote_ip_type || self.class.ip_type
+    end
+    def remote_ip
+      @remote_ip
+    end
+    def remote_port
+      @remote_port
+    end
+    def receive_data data
+      @state == :ignore and return
+      @buffer << data
+      @state == :waiting_for_on_client_tls_handshake and return
+      process_received_data
+    end
+    def process_received_data
+      @state == :ignore and return
+      while (case @state
+        when :init
+          @parser.reset
+          @parser_nbytes = 0
+          @state = :headers
+        when :headers
+          parse_headers
+          # TODO: Add a timer for the case in which an attacker sends us slow headers that never end:
+          #   http://ha.ckers.org/slowloris/.
+        when :body
+          get_body
+        when :finished
+          if @msg.request?
+            process_request
+          else
+            process_response
+          end
+          # Set state to :init.
+          @state = :init
+          # Return true to continue processing possible remaining data.
+          true
+        when :ignore
+          false
+        end)
+      end  # while
+    end
+    def parse_headers
+      return false if @buffer.empty?
+      # Parse the currently buffered data. If parsing fails @parser_nbytes gets nil value.
+      unless @parser_nbytes = @parser.execute(@buffer.to_str, @parser_nbytes)
+        # The parsed data is invalid, however some data could be parsed so @parsed.parsed
+        # can be:
+        # - SIP::Request
+        # - SIP::Response
+        # - nil (the message is so wrong that cannot be neither a request or response).
+        if wrong_message = @parser.parsed
+          log_system_warn "parsing error for #{MSG_TYPE[wrong_message.class]}: \"#{@parser.error}\""
+        else
+          log_system_warn "parsing error: \"#{@parser.error}\""
+        end
+        close_connection_after_writing
+        @state = :ignore
+        return false
+      end
+      # Avoid flood attacks in TCP (very long headers).
+      if @parser_nbytes > HEADERS_MAX_SIZE
+        log_system_warn "DoS attack detected: headers size exceedes #{HEADERS_MAX_SIZE} bytes, closing connection with #{remote_desc}"
+        close_connection
+        # After closing client connection some data can still arrrive to "receive_data()"
+        # (explained in EM documentation). By setting @state = :ignore we ensure such
+        # remaining data is not processed.
+        @state = :ignore
+        return false
+      end
+      # If the parsing has not finished, it is correct in TCP so return false and wait for more data under :headers state.
+      return false  unless @parser.finished?
+      # At this point we've got a SIP::Request, SIP::Response or :outbound_keepalive symbol.
+      @msg = @parser.parsed
+      # Clear parsed data from the buffer.
+      @buffer.read(@parser_nbytes)
+      # Received data is a Outbound keealive.
+      if @msg == :outbound_keepalive
+        log_system_debug "Outbound keepalive received, replying single CRLF"  if $oversip_debug
+        # Reply a single CRLF over the same connection.
+        send_data CRLF
+        # If TCP then go back to :init state so possible remaining data would be processed.
+        @state = :init
+        return true
+      end
+      @parser.post_parsing
+      # Here we have received the entire headers of a SIP request or response. Fill some
+      # attributes.
+      @msg.connection = self
+      @msg.transport = self.class.transport
+      @msg.source_ip = @remote_ip
+      @msg.source_port = @remote_port
+      @msg.source_ip_type = @remote_ip_type || self.class.ip_type
+      unless valid_message? @parser
+        close_connection_after_writing
+        @state = :ignore
+        return false
+      end
+      add_via_received_rport if @msg.request?
+      unless check_via_branch
+        close_connection_after_writing
+        @state = :ignore
+        return false
+      end
+      # Examine Content-Length header.
+      # In SIP over TCP Content-Length header is mandatory.
+      if (@body_length = @msg.content_length)
+        # There is body (or should be).
+        if @body_length > 0
+          @state = :body
+          # Return true to continue in get_body() method.
+          return true
+        # No body.
+        else
+          # Set :finished state and return true to process the parsed message.
+          @state = :finished
+          return true
+        end
+      # No Content-Length, invalid message!
+      else
+        # Log it and reply a 400 Bad Request (if it's a request).
+        # Close the connection, set :ignore state and return false to leave
+        # receive_data().
+        if @msg.request?
+          unless @msg.sip_method == :ACK
+            log_system_warn "request body size doesn't match Content-Length => 400"
+            @msg.reply 400, "Body size doesn't match Content-Length"
+          else
+            log_system_warn "ACK body size doesn't match Content-Length, ignoring it"
+          end
+        else
+          log_system_warn "response has not Content-Length header, ignoring it"
+        end
+        close_connection_after_writing
+        @state = :ignore
+        return false
+      end
+    end  # parse_headers
+    def get_body
+      # Return false until the buffer gets all the body.
+      return false if @buffer.size < @body_length
+      ### TODO: Creo que es mejor forzarlo a BINARY y no a UTF-8. Aunque IOBuffer ya lo saca siempre en BINARY.
+      # ¿Por qué lo forcé a UTF-8?
+      # RESPUESTA: Si no lo hago y resulta que el body no es UTF-8 válido, al añadir el body a los headers (que
+      # se generan como un string en UTF-8 (aunque contengan símbolos no UTF-8) fallaría. O todo UTF-8 (aunque
+      # tenga símbolos inválidos) o todo BINARY.
+      @msg.body = @buffer.read(@body_length).force_encoding(::Encoding::UTF_8)
+      @state = :finished
+      return true
+    end
+    # Parameters ip and port are just included because they are needed in UDP, so the API remains equal.
+    def send_sip_msg msg, ip=nil, port=nil
+      if self.error?
+        log_system_notice "SIP message could not be sent, connection is closed"
+        return false
+      end
+      send_data msg
+      true
+    end
+  end
+end

data/lib/oversip/sip/listeners/tcp_server.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module OverSIP::SIP
+  class TcpServer < TcpConnection
+    attr_reader :outbound_flow_token
+    def post_connection
+      begin
+        @remote_port, @remote_ip = ::Socket.unpack_sockaddr_in(get_peername)
+      rescue => e
+        log_system_error "error obtaining remote IP/port (#{e.class}: #{e.message}), closing connection"
+        close_connection
+        @state = :ignore
+        return
+      end
+      @connection_id = ::OverSIP::SIP::TransportManager.add_connection self, self.class, self.class.ip_type, @remote_ip, @remote_port
+      # Create an Outbound (RFC 5626) flow token for this connection.
+      @outbound_flow_token = ::OverSIP::SIP::TransportManager.add_outbound_connection self
+      ### Testing TCP keepalive.
+      # https://github.com/bklang/eventmachine/commit/74c65a56c733bc1b6f092e32a9f0d722501ade46
+      # http://tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/
+      if ::OverSIP::SIP.tcp_keepalive_interval
+        set_sock_opt Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, true
+        set_sock_opt Socket::SOL_TCP, Socket::TCP_KEEPIDLE, ::OverSIP::SIP.tcp_keepalive_interval  # First TCP ping.
+        set_sock_opt Socket::SOL_TCP, Socket::TCP_KEEPINTVL, ::OverSIP::SIP.tcp_keepalive_interval  # Interval between TCP pings.
+      end
+      log_system_debug("connection opened from " << remote_desc)  if $oversip_debug
+    end
+    def remote_desc force=nil
+      if force
+        @remote_desc = case @remote_ip_type
+          when :ipv4  ; "#{@remote_ip}:#{@remote_port.to_s}"
+          when :ipv6  ; "[#{@remote_ip}]:#{@remote_port.to_s}"
+          end
+      else
+        @remote_desc ||= case self.class.ip_type
+          when :ipv4  ; "#{@remote_ip}:#{@remote_port.to_s}"
+          when :ipv6  ; "[#{@remote_ip}]:#{@remote_port.to_s}"
+          end
+      end
+    end
+    def unbind cause=nil
+      @state = :ignore
+      # Remove the connection.
+      self.class.connections.delete @connection_id
+      # Remove the Outbound token flow.
+      ::OverSIP::SIP::TransportManager.delete_outbound_connection @outbound_flow_token
+      @local_closed = true  if cause == ::Errno::ETIMEDOUT
+      if $oversip_debug
+        log_msg = "connection from #{remote_desc} "
+        log_msg << ( @local_closed ? "locally closed" : "remotely closed" )
+        log_msg << " (cause: #{cause.inspect})"  if cause
+        log_system_debug log_msg
+      end unless $!
+    end
+  end
+end

data/lib/oversip/sip/listeners/tls_client.rb ADDED Viewed

@@ -0,0 +1,125 @@
+module OverSIP::SIP
+  class TlsClient < TcpClient
+    TLS_HANDSHAKE_MAX_TIME = 4
+    attr_writer :callback_on_server_tls_handshake
+    def initialize ip, port
+      super
+      @pending_messages = []
+    end
+    def connection_completed
+      @server_pems = []
+      @server_last_pem = false
+      start_tls({
+        :verify_peer => @callback_on_server_tls_handshake,
+        :cert_chain_file => ::OverSIP.tls_public_cert,
+        :private_key_file => ::OverSIP.tls_private_cert,
+        :ssl_version => %w(tlsv1 tlsv1_1 tlsv1_2)
+      })
+      # If the remote server does never send us a TLS certificate
+      # after the TCP connection we would leak by storing more and
+      # more messages in @pending_messages array.
+      @timer_tls_handshake = ::EM::Timer.new(TLS_HANDSHAKE_MAX_TIME) do
+        unless @connected
+          log_system_notice "TLS handshake not performed within #{TLS_HANDSHAKE_MAX_TIME} seconds, closing the connection"
+          close_connection
+        end
+      end
+    end
+    # Called for every certificate provided by the peer.
+    # This is just called in case @callback_on_server_tls_handshake is true.
+    def ssl_verify_peer pem
+      # TODO: Dirty workaround for bug https://github.com/eventmachine/eventmachine/issues/194.
+      return true  if @server_last_pem == pem
+      @server_last_pem = pem
+      @server_pems << pem
+      log_system_debug "received certificate num #{@server_pems.size} from server"  if $oversip_debug
+      # Validation must be done in ssl_handshake_completed after receiving all the certs, so return true.
+      return true
+    end
+    # This is called after all the calls to ssl_verify_peer().
+    def ssl_handshake_completed
+      log_system_debug("TLS connection established to " << remote_desc)  if $oversip_debug
+      # @connected in TlsClient means "TLS connection" rather than
+      # just "TCP connection".
+      @connected = true
+      @timer_tls_handshake.cancel  if @timer_tls_handshake
+      # Run OverSIP::SipEvents.on_server_tls_handshake.
+      ::Fiber.new do
+        if @callback_on_server_tls_handshake
+          log_system_debug "running OverSIP::SipEvents.on_server_tls_handshake()..."  if $oversip_debug
+          begin
+            ::OverSIP::SipEvents.on_server_tls_handshake self, @server_pems
+          rescue ::Exception => e
+            log_system_error "error calling OverSIP::SipEvents.on_server_tls_handshake():"
+            log_system_error e
+            close_connection
+          end
+          # If the user or peer has closed the connection in the on_server_tls_handshake() callback
+          # then notify pending transactions.
+          if @local_closed or error?
+            log_system_debug "connection closed, aborting"  if $oversip_debug
+            @pending_client_transactions.each do |client_transaction|
+              client_transaction.tls_validation_failed
+            end
+            @pending_client_transactions.clear
+            @pending_messages.clear
+            @state = :ignore
+          end
+        end
+        @pending_client_transactions.clear
+        @pending_messages.each do |msg|
+          send_data msg
+        end
+        @pending_messages.clear
+      end.resume
+    end
+    def unbind cause=nil
+      super
+      @timer_tls_handshake.cancel  if @timer_tls_handshake
+      @pending_messages.clear
+    end
+    # In TLS client, we must wait until ssl_handshake_completed is
+    # completed before sending data. If not, data will be sent in
+    # plain TCP.
+    #   http://dev.sipdoc.net/issues/457
+    def send_sip_msg msg, ip=nil, port=nil
+      if self.error?
+        log_system_notice "SIP message could not be sent, connection is closed"
+        return false
+      end
+      if @connected
+        send_data msg
+      else
+        log_system_debug "TLS handshake not completed yet, waiting before sending the message"  if $oversip_debug
+        @pending_messages << msg
+      end
+      true
+    end
+  end
+end

data/lib/oversip/sip/listeners/tls_server.rb ADDED Viewed

@@ -0,0 +1,88 @@
+module OverSIP::SIP
+  class TlsServer < TcpServer
+    TLS_HANDSHAKE_MAX_TIME = 4
+    def post_init
+      @client_pems = []
+      @client_last_pem = false
+      start_tls({
+        :verify_peer => true,
+        :cert_chain_file => ::OverSIP.tls_public_cert,
+        :private_key_file => ::OverSIP.tls_private_cert,
+        :ssl_version => %w(tlsv1 tlsv1_1 tlsv1_2)
+      })
+      # If the remote client does never send us a TLS certificate
+      # after the TCP connection we would leak by storing more and
+      # more messages in @pending_messages array.
+      @timer_tls_handshake = ::EM::Timer.new(TLS_HANDSHAKE_MAX_TIME) do
+        unless @connected
+          log_system_notice "TLS handshake not performed within #{TLS_HANDSHAKE_MAX_TIME} seconds, closing the connection"
+          close_connection
+        end
+      end
+    end
+    def ssl_verify_peer pem
+      # TODO: Dirty workaround for bug https://github.com/eventmachine/eventmachine/issues/194.
+      return true  if @client_last_pem == pem
+      @client_last_pem = pem
+      @client_pems << pem
+      log_system_debug "received certificate num #{@client_pems.size} from client"  if $oversip_debug
+      # Validation must be done in ssl_handshake_completed after receiving all the certs, so return true.
+      return true
+    end
+    def ssl_handshake_completed
+      log_system_info "TLS connection established from " << remote_desc
+      # @connected in TlsServer means "TLS connection" rather than
+      # just "TCP connection".
+      @connected = true
+      @timer_tls_handshake.cancel  if @timer_tls_handshake
+      if ::OverSIP::SIP.callback_on_client_tls_handshake
+        # Set the state to :waiting_for_on_client_tls_handshake so data received after TLS handshake  but before
+        # user callback validation is just stored.
+        @state = :waiting_for_on_client_tls_handshake
+        # Run OverSIP::SipEvents.on_client_tls_handshake.
+        ::Fiber.new do
+          begin
+            log_system_debug "running OverSIP::SipEvents.on_client_tls_handshake()..."  if $oversip_debug
+            ::OverSIP::SipEvents.on_client_tls_handshake self, @client_pems
+            # If the user of the peer has not closed the connection then continue.
+            unless @local_closed or error?
+              @state = :init
+              # Call process_received_data() to process possible data received in the meanwhile.
+              process_received_data
+            else
+              log_system_debug "connection closed, aborting"  if $oversip_debug
+            end
+          rescue ::Exception => e
+            log_system_error "error calling OverSIP::SipEvents.on_client_tls_handshake():"
+            log_system_error e
+            close_connection
+          end
+        end.resume
+      end
+    end
+    def unbind cause=nil
+      @timer_tls_handshake.cancel  if @timer_tls_handshake
+      super
+    end
+  end
+end