Commit b0e75d9d authored by Pierre-Eric Pelloux-Prayer's avatar Pierre-Eric Pelloux-Prayer
Browse files

Add configuration option allowing to specify trusted CA certificates.

This option can contain either :
- a single file path; this file can contain several concatenated CA PEM files
- a folder path containing several CA PEM files
parent 11aeb96d
......@@ -514,6 +514,8 @@ static void sip_config_read(LinphoneCore *lc)
ms_free(contact);
}
sal_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", "/etc/ssl/certs"));
tmp=lp_config_get_int(lc->config,"sip","guess_hostname",1);
linphone_core_set_guess_hostname(lc,tmp);
......@@ -2898,6 +2900,18 @@ const char *linphone_core_get_ring(const LinphoneCore *lc){
return lc->sound_conf.local_ring;
}
/**
* Sets the path to a file or folder containing trusted root CAs (PEM format)
*
* @param path
* @param lc The LinphoneCore object
*
* @ingroup media_parameters
**/
void linphone_core_set_root_ca(LinphoneCore *lc,const char *path){
sal_root_ca(lc->sal, path);
}
static void notify_end_of_ring(void *ud, MSFilter *f, unsigned int event, void *arg){
LinphoneCore *lc=(LinphoneCore*)ud;
lc->preview_finished=1;
......
......@@ -857,6 +857,7 @@ char linphone_core_get_sound_source(LinphoneCore *lc);
void linphone_core_set_sound_source(LinphoneCore *lc, char source);
void linphone_core_set_ring(LinphoneCore *lc, const char *path);
const char *linphone_core_get_ring(const LinphoneCore *lc);
void linphone_core_set_root_ca(LinphoneCore *lc, const char *path);
void linphone_core_set_ringback(LinphoneCore *lc, const char *path);
const char * linphone_core_get_ringback(const LinphoneCore *lc);
......
......@@ -698,6 +698,14 @@ extern "C" jstring Java_org_linphone_core_LinphoneCoreImpl_getRing(JNIEnv* env
return NULL;
}
}
extern "C" void Java_org_linphone_core_LinphoneCoreImpl_setRootCA(JNIEnv* env
,jobject thiz
,jlong lc
,jstring jpath) {
const char* path = jpath?env->GetStringUTFChars(jpath, NULL):NULL;
linphone_core_set_root_ca((LinphoneCore*)lc,path);
if (path) env->ReleaseStringUTFChars(jpath, path);
}
extern "C" void Java_org_linphone_core_LinphoneCoreImpl_enableKeepAlive(JNIEnv* env
,jobject thiz
,jlong lc
......
......@@ -276,6 +276,7 @@ void sal_reuse_authorization(Sal *ctx, bool_t enabled);
void sal_use_one_matching_codec_policy(Sal *ctx, bool_t one_matching_codec);
void sal_use_rport(Sal *ctx, bool_t use_rports);
void sal_use_101(Sal *ctx, bool_t use_101);
void sal_root_ca(Sal* ctx, const char* rootCa);
int sal_iterate(Sal *sal);
MSList * sal_get_pending_auths(Sal *sal);
......
......@@ -281,11 +281,14 @@ Sal * sal_init(){
sal->use_rports=TRUE;
sal->use_101=TRUE;
sal->reuse_authorization=FALSE;
sal->rootCa = 0;
return sal;
}
void sal_uninit(Sal* sal){
eXosip_quit();
if (sal->rootCa)
ms_free(sal->rootCa);
ms_free(sal);
}
......@@ -365,7 +368,14 @@ int sal_listen_port(Sal *ctx, const char *addr, int port, SalTransport tr, int i
case SalTransportTLS:
proto= IPPROTO_TCP;
keepalive=-1;
eXosip_set_option (EXOSIP_OPT_UDP_KEEP_ALIVE,&keepalive);
eXosip_set_option (EXOSIP_OPT_UDP_KEEP_ALIVE,&keepalive);
if (ctx->rootCa) {
eXosip_tls_ctx_t tlsCtx;
memset(&tlsCtx, 0, sizeof(tlsCtx));
snprintf(tlsCtx.root_ca_cert, sizeof(tlsCtx.client.cert), "%s", ctx->rootCa);
eXosip_set_tls_ctx(&tlsCtx);
}
break;
default:
ms_warning("unexpected proto, using datagram");
......@@ -432,6 +442,13 @@ void sal_use_101(Sal *ctx, bool_t use_101){
ctx->use_101=use_101;
}
void sal_root_ca(Sal* ctx, const char* rootCa) {
if (ctx->rootCa)
ms_free(ctx->rootCa);
ctx->rootCa = ms_strdup(rootCa);
ms_error("YIPI : %s == %s\n", rootCa, ctx->rootCa);
}
static int extract_received_rport(osip_message_t *msg, const char **received, int *rportval,SalTransport* transport){
osip_via_t *via=NULL;
osip_generic_param_t *param=NULL;
......
......@@ -45,6 +45,7 @@ struct Sal{
bool_t use_rports;
bool_t use_101;
bool_t reuse_authorization;
char* rootCa; /* File _or_ folder containing root CA */
};
struct SalOp{
......
......@@ -528,6 +528,14 @@ public interface LinphoneCore {
* @param null if not set
*/
String getRing();
/**
* Sets file or folder containing trusted root CAs
*
* @param path path to file with multiple PEM certif or to folder with multiple PEM files
*/
void setRootCA(String path);
void setUploadBandwidth(int bw);
void setDownloadBandwidth(int bw);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment