Skip to content

Commit 2f5be16

Browse files
Integration-ITIntegration-IT
authored
Update stir_shaken.c - enforce verifier pvar error reason
- more explicit SET_VERIFY_ERR_VARS. - stir_shaken_verify generic err_reason pvar is now more explicit to easily reflect the real reason. - replace verifier generic "Internal Server Error" by dedicated internal error like "Failed to parse headers", "Failed to parse identity header", "Failed to get current time", "Failed to get UNIX time from Date header", "Failed to load certificate", "Error validating certificate", "Error while verifying signature".
1 parent 85f9250 commit 2f5be16

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

modules/stir_shaken/stir_shaken.c

+6-6
Original file line numberDiff line numberDiff line change
@@ -1999,7 +1999,7 @@ static int w_stir_verify(struct sip_msg *msg, str *cert_buf,
19991999
if ((rc = get_parsed_identity( msg, &parsed)) < 0) {
20002000
if (rc == -1) {
20012001
LM_ERR("Failed to parse identity header\n");
2002-
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON);
2002+
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON_PARSE_IDENTITY);
20032003
} else { /* rc == -4 */
20042004
LM_INFO("Invalid identity header\n");
20052005
SET_VERIFY_ERR_VARS(INVALID_IDENTITY_CODE, INVALID_IDENTITY_REASON);
@@ -2028,7 +2028,7 @@ static int w_stir_verify(struct sip_msg *msg, str *cert_buf,
20282028

20292029
if ((now = time(0)) == -1) {
20302030
LM_ERR("Failed to get current time\n");
2031-
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON);
2031+
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON_GET_CURRENT_TIME);
20322032
rc = -1;
20332033
goto error;
20342034
}
@@ -2045,7 +2045,7 @@ static int w_stir_verify(struct sip_msg *msg, str *cert_buf,
20452045

20462046
if (get_date_ts(date_hf, &date_ts) < 0) {
20472047
LM_ERR("Failed to get UNIX time from Date header\n");
2048-
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON);
2048+
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON_GET_TIME_FROM_DATE_HEADER);
20492049
rc = -1;
20502050
goto error;
20512051
}
@@ -2095,7 +2095,7 @@ static int w_stir_verify(struct sip_msg *msg, str *cert_buf,
20952095

20962096
if (load_cert(&cert, &certchain, cert_buf) < 0) {
20972097
LM_ERR("Failed to load certificate\n");
2098-
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON);
2098+
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON_LOAD_CERTIFICATE);
20992099
rc = -1;
21002100
goto error;
21012101
}
@@ -2119,7 +2119,7 @@ static int w_stir_verify(struct sip_msg *msg, str *cert_buf,
21192119
if ((rc = validate_certificate(cert, certchain)) < 0) {
21202120
if (rc == -1) {
21212121
LM_ERR("Error validating certificate\n");
2122-
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON);
2122+
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON_VALIDATE_CERTIFICATE);
21232123
goto error;
21242124
} else { /* rc == -8 */
21252125
LM_INFO("Invalid certificate\n");
@@ -2135,7 +2135,7 @@ static int w_stir_verify(struct sip_msg *msg, str *cert_buf,
21352135
if ((rc = verify_signature(cert, parsed, iat_ts, orig_tn_p, dest_tn_p)) <= 0) {
21362136
if (rc < 0) {
21372137
LM_ERR("Error while verifying signature\n");
2138-
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON);
2138+
SET_VERIFY_ERR_VARS(IERROR_CODE, IERROR_REASON_VERIFY_SIGNATURE);
21392139
rc = -1;
21402140
goto error;
21412141
} else {

0 commit comments

Comments
 (0)