Commit 3b33b27f authored by Yann Diorcet's avatar Yann Diorcet
Browse files

Add common name certificate verification function in sal

Add eXosip sal wrapper to eXosip_tls_verify_cn
parent d9e81266
......@@ -567,6 +567,7 @@ static void sip_config_read(LinphoneCore *lc)
sal_set_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", ROOT_CA_FILE));
#endif
linphone_core_verify_server_certificates(lc,lp_config_get_int(lc->config,"sip","verify_server_certs",TRUE));
linphone_core_verify_server_cn(lc,lp_config_get_int(lc->config,"sip","verify_server_cn",TRUE));
/*setting the dscp must be done before starting the transports, otherwise it is not taken into effect*/
sal_set_dscp(lc->sal,linphone_core_get_sip_dscp(lc));
/*start listening on ports*/
......@@ -3701,6 +3702,13 @@ void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno){
sal_verify_server_certificates(lc->sal,yesno);
}
/**
* Specify whether the tls server certificate common name must be verified when connecting to a SIP/TLS server.
**/
void linphone_core_verify_server_cn(LinphoneCore *lc, bool_t yesno){
sal_verify_server_cn(lc->sal,yesno);
}
static void notify_end_of_ring(void *ud, MSFilter *f, unsigned int event, void *arg){
LinphoneCore *lc=(LinphoneCore*)ud;
lc->preview_finished=1;
......
......@@ -1209,6 +1209,7 @@ void linphone_core_set_sound_source(LinphoneCore *lc, char source);
void linphone_core_set_ring(LinphoneCore *lc, const char *path);
const char *linphone_core_get_ring(const LinphoneCore *lc);
void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno);
void linphone_core_verify_server_cn(LinphoneCore *lc, bool_t yesno);
void linphone_core_set_root_ca(LinphoneCore *lc, const char *path);
const char *linphone_core_get_root_ca(LinphoneCore *lc);
void linphone_core_set_ringback(LinphoneCore *lc, const char *path);
......
......@@ -359,6 +359,7 @@ void sal_use_101(Sal *ctx, bool_t use_101);
void sal_set_root_ca(Sal* ctx, const char* rootCa);
const char *sal_get_root_ca(Sal* ctx);
void sal_verify_server_certificates(Sal *ctx, bool_t verify);
void sal_verify_server_cn(Sal *ctx, bool_t verify);
int sal_iterate(Sal *sal);
MSList * sal_get_pending_auths(Sal *sal);
......
......@@ -282,6 +282,7 @@ Sal * sal_init(){
sal->reuse_authorization=FALSE;
sal->rootCa = 0;
sal->verify_server_certs=TRUE;
sal->verify_server_cn=TRUE;
sal->expire_old_contact=FALSE;
sal->add_dates=FALSE;
sal->dscp=-1;
......@@ -378,6 +379,9 @@ static void set_tls_options(Sal *ctx){
#ifdef HAVE_EXOSIP_TLS_VERIFY_CERTIFICATE
eXosip_tls_verify_certificate(ctx->verify_server_certs);
#endif
#ifdef HAVE_EXOSIP_TLS_VERIFY_CN
eXosip_tls_verify_cn(ctx->verify_server_cn);
#endif
}
void sal_set_dscp(Sal *ctx, int dscp){
......@@ -499,6 +503,13 @@ void sal_verify_server_certificates(Sal *ctx, bool_t verify){
#endif
}
void sal_verify_server_cn(Sal *ctx, bool_t verify){
ctx->verify_server_cn=verify;
#ifdef HAVE_EXOSIP_TLS_VERIFY_CN
eXosip_tls_verify_cn(verify);
#endif
}
static int extract_received_rport(osip_message_t *msg, const char **received, int *rportval,SalTransport* transport){
osip_via_t *via=NULL;
osip_generic_param_t *param=NULL;
......
......@@ -48,6 +48,7 @@ struct Sal{
bool_t use_101;
bool_t reuse_authorization;
bool_t verify_server_certs;
bool_t verify_server_cn;
bool_t expire_old_contact;
bool_t add_dates;
};
......
......@@ -40,6 +40,10 @@ AC_CHECK_LIB([eXosip2],[eXosip_tls_verify_certificate],
[AC_DEFINE([HAVE_EXOSIP_TLS_VERIFY_CERTIFICATE],[1],[Defined when eXosip_tls_verify_certificate is available])],
[AC_MSG_WARN([Could not find eXosip_tls_verify_certificate in eXosip2 !])],
[-losipparser2 -losip2 ])
AC_CHECK_LIB([eXosip2],[eXosip_tls_verify_cn],
[AC_DEFINE([HAVE_EXOSIP_TLS_VERIFY_CN],[1],[Defined when eXosip_tls_verify_certificate is available])],
[AC_MSG_WARN([Could not find eXosip_tls_verify_cn in eXosip2 !])],
[-losipparser2 -losip2 ])
AC_CHECK_LIB([eXosip2],[eXosip_trylock],
[AC_DEFINE([HAVE_EXOSIP_TRYLOCK],[1],[Defined when eXosip_get_socket is available])],
[],
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment