Commit 2e52e247 authored by Simon Morlat's avatar Simon Morlat
Browse files

fix TLS support under linphonec and gtk (problem not occuring with mobile versions)

Implement registration refresh upon SIP network protocol change.
parent 27891569
......@@ -501,6 +501,13 @@ static void sip_config_read(LinphoneCore *lc)
} else {
tr.tls_port=lp_config_get_int(lc->config,"sip","sip_tls_port",0);
}
#ifdef __linux
sal_set_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", "/etc/ssl/certs"));
#else
sal_set_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", ROOT_CA_FILE));
#endif
linphone_core_verify_server_certificates(lc,lp_config_get_int(lc->config,"sip","verify_server_certs",TRUE));
/*start listening on ports*/
linphone_core_set_sip_transports(lc,&tr);
......@@ -523,12 +530,6 @@ static void sip_config_read(LinphoneCore *lc)
ms_free(contact);
}
#ifdef __linux
sal_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", "/etc/ssl/certs"));
#else
sal_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", ROOT_CA_FILE));
#endif
tmp=lp_config_get_int(lc->config,"sip","guess_hostname",1);
linphone_core_set_guess_hostname(lc,tmp);
......@@ -1480,12 +1481,15 @@ static int apply_transports(LinphoneCore *lc){
const char *anyaddr;
LCSipTransports *tr=&lc->sip_conf.transports;
/*first of all invalidate all current registrations so that we can register again with new transports*/
__linphone_core_invalidate_registers(lc);
if (lc->sip_conf.ipv6_enabled)
anyaddr="::0";
else
anyaddr="0.0.0.0";
sal_unlisten_ports (sal);
sal_unlisten_ports(sal);
if (tr->udp_port>0){
if (sal_listen_port (sal,anyaddr,tr->udp_port,SalTransportUDP,FALSE)!=0){
transport_error(lc,"udp",tr->udp_port);
......@@ -2995,7 +2999,14 @@ const char *linphone_core_get_ring(const LinphoneCore *lc){
* @ingroup media_parameters
**/
void linphone_core_set_root_ca(LinphoneCore *lc,const char *path){
sal_root_ca(lc->sal, path);
sal_set_root_ca(lc->sal, path);
}
/**
* Specify whether the tls server certificate must be verified when connecting to a SIP/TLS server.
**/
void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno){
sal_verify_server_certificates(lc->sal,yesno);
}
static void notify_end_of_ring(void *ud, MSFilter *f, unsigned int event, void *arg){
......@@ -4126,6 +4137,7 @@ static void set_network_reachable(LinphoneCore* lc,bool_t isReachable, time_t cu
}
}
void linphone_core_refresh_registers(LinphoneCore* lc) {
const MSList *elem=linphone_core_get_proxy_config_list(lc);
for(;elem!=NULL;elem=elem->next){
......@@ -4136,6 +4148,17 @@ void linphone_core_refresh_registers(LinphoneCore* lc) {
}
}
void __linphone_core_invalidate_registers(LinphoneCore* lc){
const MSList *elem=linphone_core_get_proxy_config_list(lc);
for(;elem!=NULL;elem=elem->next){
LinphoneProxyConfig *cfg=(LinphoneProxyConfig*)elem->data;
if (linphone_proxy_config_register_enabled(cfg) ) {
linphone_proxy_config_edit(cfg);
linphone_proxy_config_done(cfg);
}
}
}
void linphone_core_set_network_reachable(LinphoneCore* lc,bool_t isReachable) {
//first disable automatic mode
if (lc->auto_net_state_mon) {
......
......@@ -870,6 +870,7 @@ char linphone_core_get_sound_source(LinphoneCore *lc);
void linphone_core_set_sound_source(LinphoneCore *lc, char source);
void linphone_core_set_ring(LinphoneCore *lc, const char *path);
const char *linphone_core_get_ring(const LinphoneCore *lc);
void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno);
void linphone_core_set_root_ca(LinphoneCore *lc, const char *path);
void linphone_core_set_ringback(LinphoneCore *lc, const char *path);
const char * linphone_core_get_ringback(const LinphoneCore *lc);
......
......@@ -529,6 +529,8 @@ void linphone_call_remove_from_conf(LinphoneCall *call);
void linphone_core_conference_check_uninit(LinphoneConference *ctx);
bool_t linphone_core_sound_resources_available(LinphoneCore *lc);
void __linphone_core_invalidate_registers(LinphoneCore* lc);
#define HOLD_OFF (0)
#define HOLD_ON (1)
......
......@@ -285,7 +285,8 @@ void sal_reuse_authorization(Sal *ctx, bool_t enabled);
void sal_use_one_matching_codec_policy(Sal *ctx, bool_t one_matching_codec);
void sal_use_rport(Sal *ctx, bool_t use_rports);
void sal_use_101(Sal *ctx, bool_t use_101);
void sal_root_ca(Sal* ctx, const char* rootCa);
void sal_set_root_ca(Sal* ctx, const char* rootCa);
void sal_verify_server_certificates(Sal *ctx, bool_t verify);
int sal_iterate(Sal *sal);
MSList * sal_get_pending_auths(Sal *sal);
......
......@@ -282,6 +282,7 @@ Sal * sal_init(){
sal->use_101=TRUE;
sal->reuse_authorization=FALSE;
sal->rootCa = 0;
sal->verify_server_certs=TRUE;
return sal;
}
......@@ -374,6 +375,7 @@ int sal_listen_port(Sal *ctx, const char *addr, int port, SalTransport tr, int i
snprintf(tlsCtx.root_ca_cert, sizeof(tlsCtx.client.cert), "%s", ctx->rootCa);
eXosip_set_tls_ctx(&tlsCtx);
}
eXosip_tls_verify_certificate(ctx->verify_server_certs);
break;
default:
ms_warning("unexpected proto, using datagram");
......@@ -440,12 +442,17 @@ void sal_use_101(Sal *ctx, bool_t use_101){
ctx->use_101=use_101;
}
void sal_root_ca(Sal* ctx, const char* rootCa) {
void sal_set_root_ca(Sal* ctx, const char* rootCa) {
if (ctx->rootCa)
ms_free(ctx->rootCa);
ctx->rootCa = ms_strdup(rootCa);
}
void sal_verify_server_certificates(Sal *ctx, bool_t verify){
ctx->verify_server_certs=verify;
eXosip_tls_verify_certificate(verify);
}
static int extract_received_rport(osip_message_t *msg, const char **received, int *rportval,SalTransport* transport){
osip_via_t *via=NULL;
osip_generic_param_t *param=NULL;
......
......@@ -39,13 +39,14 @@ struct Sal{
int running;
int session_expires;
int keepalive_period;
void *up;
void *up; /*user pointer*/
char* rootCa; /* File _or_ folder containing root CA */
bool_t one_matching_codec;
bool_t double_reg;
bool_t use_rports;
bool_t use_101;
bool_t reuse_authorization;
char* rootCa; /* File _or_ folder containing root CA */
bool_t verify_server_certs;
};
struct SalOp{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment