This file is indexed.

/usr/include/sipxtapi/os/OsSSL.h is in libsipxtapi-dev 3.3.0~test17-2.1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
//
// Copyright (C) 2004-2006 SIPfoundry Inc.
// Licensed by SIPfoundry under the LGPL license.
//
// Copyright (C) 2004-2006 Pingtel Corp.  All rights reserved.
// Licensed to SIPfoundry under a Contributor Agreement.
//
// $$
///////////////////////////////////////////////////////////////////////////////

#ifndef _OsSSL_h_
#define _OsSSL_h__

// SYSTEM INCLUDES

// APPLICATION INCLUDES                      
#include "os/OsBSem.h"
#include "os/OsSysLog.h"
#include "openssl/ssl.h"

// DEFINES
// MACROS
// EXTERNAL FUNCTIONS                                       
// EXTERNAL VARIABLES
// CONSTANTS
// STRUCTS
// TYPEDEFS
// FORWARD DECLARATIONS
class UtlString;
class UtlSList;

/// Wrapper for the OpenSSL SSL_CTX context structure.
/// This class is responsible for all global policy initialization and
/// enforcement.
class OsSSL
{
/* //////////////////////////// PUBLIC //////////////////////////////////// */
  public:

   /// Construct an SSL Context from which connections are created.
   OsSSL(const char* authorityPath = NULL,   /**< Path to a directory containing trusted
                                              *   certificates files;
                                              * If NULL, compiled-in default is used */
         const char* publicCertificatePath = NULL, /**< Path to certificate file;
                                                    * If NULL, compiled-in default is used */
         const char* privateKeyPath = NULL  /**< Path to private key file;
                                             * If NULL, compiled-in default is used.
                                             * @note: If publicCertificatePath is NULL, this
                                             *        must also be NULL.
                                             */
         );

   ~OsSSL();

/* ============================ CREATORS ================================== */

/* ============================ MANIPULATORS ============================== */
 
/* ============================ ACCESSORS ================================= */

   /// Get an SSL server connection handle
   SSL* getServerConnection();

   /// Get an SSL client connection handle
   SSL* getClientConnection();

   /// Release an SSL session handle
   void releaseConnection(SSL*& connection);

   /// Get the validated names for the connection peer.
   static bool peerIdentity( SSL*       connection ///< SSL context from connection to be described
                            ,UtlSList*  altNames   /**< UtlStrings for verfied subjectAltNames
                                                    *   are added to this - caller must free them.
                                                    */
                            ,UtlString* commonName ///< the Subject name is returned here
                            );
   /**<
    * Usually, the names in the altNames will be easier to parse and use than commonName
    * Either or both of altNames or commonName may be NULL, in which case no names are returned;
    * the return value still indicates the trust relationship with the peer certificate.
    * @returns
    * - true if the connection peer is validated by a trusted authority
    * - false if not, in which case no names are returned.
    */

   /// Log SSL connection information
   static void logConnectParams(const OsSysLogFacility facility, ///< callers facility
                                const OsSysLogPriority priority, ///< log priority
                                const char* callerMsg,  ///< Identifies circumstances of connection
                                SSL*  connection  ///< SSL connection to be described
                                );
   

   /// Log an error resulting from an SSL call, with the SSL error text expanded
   static void logError(const OsSysLogFacility facility, ///< callers facility
                        const OsSysLogPriority priority, ///< how bad was it?
                        const char* callerMsg,  ///< Identifies caller and what failed
                        int errCode             ///< error returned from ssl routine
                        );
 
   /// Debug: print out list of ciphers enabled
   void dumpCipherList();

/* ============================ INQUIRY =================================== */


/* //////////////////////////// PROTECTED ///////////////////////////////// */
  protected:

/* //////////////////////////// PRIVATE /////////////////////////////////// */
  private:

   static bool sInitialized;
   
   SSL_CTX* mCTX;

   /// Certificate chain validation hook called by openssl
   static int verifyCallback(int valid,            ///< validity so far from openssl
                             X509_STORE_CTX* store ///< certificate information db
                             );
   /**<
    * @returns validity as determined by local policy
    * @note See 'man SSL_CTX_set_verify'
    */

   /// Disable copy constructor
   OsSSL(const OsSSL& rOsSSL);

   /// Disable assignment operator
   OsSSL& operator=(const OsSSL& rhs);
};

/// A singleton wrapper for OsSSL
class OsSharedSSL
{
  public:
   
   static OsSSL* get();
   
  private:

   static OsBSem* spSslLock;
   static OsSSL*  spSharedSSL;
   
   /// singleton constructor
   OsSharedSSL();

   ~OsSharedSSL();
   
   /// Disable copy constructor
   OsSharedSSL(const OsSharedSSL& r);

   /// Disable assignment operator
   OsSharedSSL& operator=(const OsSharedSSL& rhs);
};



/* ============================ INLINE METHODS ============================ */

#endif  // _OsSSL_h_