Added methods to set TLS certificate/key on LinphoneAuthInfo + updated auth_info_requested callback

console/linphonec.c

@@ -109,7 +109,7 @@ static char **linephonec_readline_completion(const char *text,
 #endif
 
 /* These are callback for linphone core */
-static void linphonec_prompt_for_auth(LinphoneCore *lc, const char *realm, const char *username, const char *domain);
+static void linphonec_prompt_for_auth(LinphoneCore *lc, const char *realm, const char *username, const char *domain, LinphoneAuthMethod method);
 static void linphonec_display_refer (LinphoneCore * lc, const char *refer_to);
 static void linphonec_display_something (LinphoneCore * lc, const char *something);
 static void linphonec_display_url (LinphoneCore * lc, const char *something, const char *url);
@@ -249,7 +249,7 @@ linphonec_display_url (LinphoneCore * lc, const char *something, const char *url
  * Linphone core callback
  */
 static void
-linphonec_prompt_for_auth(LinphoneCore *lc, const char *realm, const char *username, const char *domain)
+linphonec_prompt_for_auth(LinphoneCore *lc, const char *realm, const char *username, const char *domain, LinphoneAuthMethod method)
 {
 	/* no prompt possible when using pipes or tcp mode*/
 	if (unix_socket){

coreapi/authentication.c

@@ -44,161 +44,226 @@ LinphoneAuthInfo *linphone_auth_info_new(const char *username, const char *useri
 
 LinphoneAuthInfo *linphone_auth_info_clone(const LinphoneAuthInfo *ai){
 	LinphoneAuthInfo *obj=ms_new0(LinphoneAuthInfo,1);
-	if (ai->username) obj->username=ms_strdup(ai->username);
-	if (ai->userid) obj->userid=ms_strdup(ai->userid);
-	if (ai->passwd) obj->passwd=ms_strdup(ai->passwd);
-	if (ai->ha1)	obj->ha1=ms_strdup(ai->ha1);
-	if (ai->realm)	obj->realm=ms_strdup(ai->realm);
-	if (ai->domain)	obj->domain=ms_strdup(ai->domain);
+	if (ai->username) 		obj->username = ms_strdup(ai->username);
+	if (ai->userid) 		obj->userid = ms_strdup(ai->userid);
+	if (ai->passwd) 		obj->passwd = ms_strdup(ai->passwd);
+	if (ai->ha1)			obj->ha1 = ms_strdup(ai->ha1);
+	if (ai->realm)			obj->realm = ms_strdup(ai->realm);
+	if (ai->domain)			obj->domain = ms_strdup(ai->domain);
+	if (ai->tls_cert)		obj->domain = ms_strdup(ai->tls_cert);
+	if (ai->tls_key)		obj->domain = ms_strdup(ai->tls_key);
+	if (ai->tls_cert_path)	obj->domain = ms_strdup(ai->tls_cert_path);
+	if (ai->tls_key_path)	obj->domain = ms_strdup(ai->tls_key_path);
 	return obj;
 }
 
-const char *linphone_auth_info_get_username(const LinphoneAuthInfo *i){
+const char *linphone_auth_info_get_username(const LinphoneAuthInfo *i) {
 	return i->username;
 }
 
-const char *linphone_auth_info_get_passwd(const LinphoneAuthInfo *i){
+const char *linphone_auth_info_get_passwd(const LinphoneAuthInfo *i) {
 	return i->passwd;
 }
 
-const char *linphone_auth_info_get_userid(const LinphoneAuthInfo *i){
+const char *linphone_auth_info_get_userid(const LinphoneAuthInfo *i) {
 	return i->userid;
 }
 
-const char *linphone_auth_info_get_realm(const LinphoneAuthInfo *i){
+const char *linphone_auth_info_get_realm(const LinphoneAuthInfo *i) {
 	return i->realm;
 }
 
-const char *linphone_auth_info_get_domain(const LinphoneAuthInfo *i){
+const char *linphone_auth_info_get_domain(const LinphoneAuthInfo *i) {
 	return i->domain;
 }
 
-const char *linphone_auth_info_get_ha1(const LinphoneAuthInfo *i){
+const char *linphone_auth_info_get_ha1(const LinphoneAuthInfo *i) {
 	return i->ha1;
 }
 
-void linphone_auth_info_set_passwd(LinphoneAuthInfo *info, const char *passwd){
-	if (info->passwd!=NULL) {
+const char *linphone_auth_info_get_tls_cert(const LinphoneAuthInfo *i) {
+	return i->tls_cert;
+}
+
+const char *linphone_auth_info_get_tls_key(const LinphoneAuthInfo *i) {
+	return i->tls_key;
+}
+
+const char *linphone_auth_info_get_tls_cert_path(const LinphoneAuthInfo *i) {
+	return i->tls_cert_path;
+}
+
+const char *linphone_auth_info_get_tls_key_path(const LinphoneAuthInfo *i) {
+	return i->tls_key_path;
+}
+
+
+void linphone_auth_info_set_passwd(LinphoneAuthInfo *info, const char *passwd) {
+	if (info->passwd) {
 		ms_free(info->passwd);
-		info->passwd=NULL;
+		info->passwd = NULL;
 	}
-	if (passwd!=NULL && (strlen(passwd)>0)) info->passwd=ms_strdup(passwd);
+	if (passwd && strlen(passwd) > 0) info->passwd = ms_strdup(passwd);
 }
 
-void linphone_auth_info_set_username(LinphoneAuthInfo *info, const char *username){
-	if (info->username){
+void linphone_auth_info_set_username(LinphoneAuthInfo *info, const char *username) {
+	if (info->username) {
 		ms_free(info->username);
-		info->username=NULL;
+		info->username = NULL;
 	}
-	if (username && strlen(username)>0) info->username=ms_strdup(username);
+	if (username && strlen(username) > 0) info->username = ms_strdup(username);
 }
 
-void linphone_auth_info_set_userid(LinphoneAuthInfo *info, const char *userid){
-	if (info->userid){
+void linphone_auth_info_set_userid(LinphoneAuthInfo *info, const char *userid) {
+	if (info->userid) {
 		ms_free(info->userid);
-		info->userid=NULL;
+		info->userid = NULL;
 	}
-	if (userid && strlen(userid)>0) info->userid=ms_strdup(userid);
+	if (userid && strlen(userid) > 0) info->userid = ms_strdup(userid);
 }
 
-void linphone_auth_info_set_realm(LinphoneAuthInfo *info, const char *realm){
-	if (info->realm){
+void linphone_auth_info_set_realm(LinphoneAuthInfo *info, const char *realm) {
+	if (info->realm) {
 		ms_free(info->realm);
-		info->realm=NULL;
+		info->realm = NULL;
 	}
-	if (realm && strlen(realm)>0) info->realm=ms_strdup(realm);
+	if (realm && strlen(realm) > 0) info->realm = ms_strdup(realm);
 }
 
-void linphone_auth_info_set_domain(LinphoneAuthInfo *info, const char *domain){
-	if (info->domain){
+void linphone_auth_info_set_domain(LinphoneAuthInfo *info, const char *domain) {
+	if (info->domain) {
 		ms_free(info->domain);
-		info->domain=NULL;
+		info->domain = NULL;
 	}
-	if (domain && strlen(domain)>0) info->domain=ms_strdup(domain);
+	if (domain && strlen(domain) > 0) info->domain = ms_strdup(domain);
 }
 
-void linphone_auth_info_set_ha1(LinphoneAuthInfo *info, const char *ha1){
-	if (info->ha1){
+void linphone_auth_info_set_ha1(LinphoneAuthInfo *info, const char *ha1) {
+	if (info->ha1) {
 		ms_free(info->ha1);
-		info->ha1=NULL;
+		info->ha1 = NULL;
+	}
+	if (ha1 && strlen(ha1) > 0) info->ha1 = ms_strdup(ha1);
+}
+
+void linphone_auth_info_set_tls_cert(LinphoneAuthInfo *info, const char *tls_cert) {
+	if (info->tls_cert) {
+		ms_free(info->tls_cert);
+		info->tls_cert = NULL;
+	}
+	if (tls_cert && strlen(tls_cert) > 0) info->tls_cert = ms_strdup(tls_cert);
+}
+
+void linphone_auth_info_set_tls_key(LinphoneAuthInfo *info, const char *tls_key) {
+	if (info->tls_key) {
+		ms_free(info->tls_key);
+		info->tls_key = NULL;
 	}
-	if (ha1 && strlen(ha1)>0) info->ha1=ms_strdup(ha1);
+	if (tls_key && strlen(tls_key) > 0) info->tls_key = ms_strdup(tls_key);
+}
+
+void linphone_auth_info_set_tls_cert_path(LinphoneAuthInfo *info, const char *tls_cert_path) {
+	if (info->tls_cert_path) {
+		ms_free(info->tls_cert_path);
+		info->tls_cert_path = NULL;
+	}
+	if (tls_cert_path && strlen(tls_cert_path) > 0) info->tls_cert_path = ms_strdup(tls_cert_path);
+}
+
+void linphone_auth_info_set_tls_key_path(LinphoneAuthInfo *info, const char *tls_key_path) {
+	if (info->tls_key_path) {
+		ms_free(info->tls_key_path);
+		info->tls_key_path = NULL;
+	}
+	if (tls_key_path && strlen(tls_key_path) > 0) info->tls_key_path = ms_strdup(tls_key_path);
 }
 
 /**
  * Destroys a LinphoneAuthInfo object.
 **/
 void linphone_auth_info_destroy(LinphoneAuthInfo *obj){
-	if (obj->username!=NULL) ms_free(obj->username);
-	if (obj->userid!=NULL) ms_free(obj->userid);
-	if (obj->passwd!=NULL) ms_free(obj->passwd);
-	if (obj->ha1!=NULL) ms_free(obj->ha1);
-	if (obj->realm!=NULL) ms_free(obj->realm);
-	if (obj->domain!=NULL) ms_free(obj->domain);
+	if (obj->username != NULL) ms_free(obj->username);
+	if (obj->userid != NULL) ms_free(obj->userid);
+	if (obj->passwd != NULL) ms_free(obj->passwd);
+	if (obj->ha1 != NULL) ms_free(obj->ha1);
+	if (obj->realm != NULL) ms_free(obj->realm);
+	if (obj->domain != NULL) ms_free(obj->domain);
+	if (obj->tls_cert != NULL) ms_free(obj->tls_cert);
+	if (obj->tls_key != NULL) ms_free(obj->tls_key);
+	if (obj->tls_cert_path != NULL) ms_free(obj->tls_cert_path);
+	if (obj->tls_key_path != NULL) ms_free(obj->tls_key_path);
 	ms_free(obj);
 }
 
-void linphone_auth_info_write_config(LpConfig *config, LinphoneAuthInfo *obj, int pos)
-{
+void linphone_auth_info_write_config(LpConfig *config, LinphoneAuthInfo *obj, int pos) {
 	char key[50];
 	bool_t store_ha1_passwd = lp_config_get_int(config, "sip", "store_ha1_passwd", 1);
 
+	sprintf(key, "auth_info_%i", pos);
+	lp_config_clean_section(config, key);
 
-	sprintf(key,"auth_info_%i",pos);
-	lp_config_clean_section(config,key);
-
-	if (obj==NULL || lp_config_get_int(config, "sip", "store_auth_info", 1) == 0){
+	if (obj == NULL || lp_config_get_int(config, "sip", "store_auth_info", 1) == 0) {
 		return;
 	}
-	if (!obj->ha1 && obj->realm && obj->passwd && (obj->username||obj->userid) && store_ha1_passwd) {
+	if (!obj->ha1 && obj->realm && obj->passwd && (obj->username || obj->userid) && store_ha1_passwd) {
 		/*compute ha1 to avoid storing clear text password*/
-		obj->ha1=ms_malloc(33);
-		sal_auth_compute_ha1(obj->userid?obj->userid:obj->username,obj->realm,obj->passwd,obj->ha1);
+		obj->ha1 = ms_malloc(33);
+		sal_auth_compute_ha1(obj->userid ? obj->userid : obj->username, obj->realm, obj->passwd, obj->ha1);
 	}
-	if (obj->username!=NULL){
-		lp_config_set_string(config,key,"username",obj->username);
+	if (obj->username != NULL) {
+		lp_config_set_string(config, key, "username", obj->username);
 	}
-	if (obj->userid!=NULL){
-		lp_config_set_string(config,key,"userid",obj->userid);
+	if (obj->userid != NULL) {
+		lp_config_set_string(config, key, "userid", obj->userid);
 	}
-	if (obj->ha1!=NULL){
-		lp_config_set_string(config,key,"ha1",obj->ha1);
+	if (obj->ha1 != NULL) {
+		lp_config_set_string(config, key, "ha1", obj->ha1);
 	}
-	if (obj->passwd != NULL){
-		if (store_ha1_passwd && obj->ha1){
+	if (obj->passwd != NULL) {
+		if (store_ha1_passwd && obj->ha1) {
 			/*if we have our ha1 and store_ha1_passwd set to TRUE, then drop the clear text password for security*/
 			linphone_auth_info_set_passwd(obj, NULL);
-		}else{
+		} else {
 			/*we store clear text password only if store_ha1_passwd is FALSE AND we have an ha1 to store. Otherwise, passwd would simply be removed, which might bring major auth issue*/
-			lp_config_set_string(config,key,"passwd",obj->passwd);
+			lp_config_set_string(config, key, "passwd", obj->passwd);
 		}
 	}
-	if (obj->realm!=NULL){
-		lp_config_set_string(config,key,"realm",obj->realm);
+	if (obj->realm != NULL) {
+		lp_config_set_string(config, key, "realm", obj->realm);
 	}
-	if (obj->domain!=NULL){
-		lp_config_set_string(config,key,"domain",obj->domain);
+	if (obj->domain != NULL) {
+		lp_config_set_string(config, key, "domain", obj->domain);
+	}
+	if (obj->tls_cert_path != NULL) {
+		lp_config_set_string(config, key, "client_cert_chain", obj->tls_cert_path);
+	}
+	if (obj->tls_key_path != NULL) {
+		lp_config_set_string(config, key, "client_cert_key", obj->tls_key_path);
 	}
 }
 
 LinphoneAuthInfo *linphone_auth_info_new_from_config_file(LpConfig * config, int pos)
 {
 	char key[50];
-	const char *username,*userid,*passwd,*ha1,*realm,*domain;
+	const char *username,*userid,*passwd,*ha1,*realm,*domain,*tls_cert_path,*tls_key_path;
 	LinphoneAuthInfo *ret;
 
-	sprintf(key,"auth_info_%i",pos);
-	if (!lp_config_has_section(config,key)){
+	sprintf(key, "auth_info_%i", pos);
+	if (!lp_config_has_section(config, key)) {
 		return NULL;
 	}
 
-	username=lp_config_get_string(config,key,"username",NULL);
-	userid=lp_config_get_string(config,key,"userid",NULL);
-	passwd=lp_config_get_string(config,key,"passwd",NULL);
-	ha1=lp_config_get_string(config,key,"ha1",NULL);
-	realm=lp_config_get_string(config,key,"realm",NULL);
-	domain=lp_config_get_string(config,key,"domain",NULL);
-	ret=linphone_auth_info_new(username,userid,passwd,ha1,realm,domain);
+	username = lp_config_get_string(config, key, "username", NULL);
+	userid = lp_config_get_string(config, key, "userid", NULL);
+	passwd = lp_config_get_string(config, key, "passwd", NULL);
+	ha1 = lp_config_get_string(config, key, "ha1", NULL);
+	realm = lp_config_get_string(config, key, "realm", NULL);
+	domain = lp_config_get_string(config, key, "domain", NULL);
+	tls_cert_path = lp_config_get_string(config, key, "client_cert_chain", NULL);
+	tls_key_path = lp_config_get_string(config, key, "client_cert_key", NULL);
+	ret = linphone_auth_info_new(username, userid, passwd, ha1, realm, domain);
+	linphone_auth_info_set_tls_cert_path(ret, tls_cert_path);
+	linphone_auth_info_set_tls_key_path(ret, tls_key_path);
 	return ret;
 }
 
@@ -351,6 +416,13 @@ void linphone_core_add_auth_info(LinphoneCore *lc, const LinphoneAuthInfo *info)
 			sai.realm=ai->realm;
 			sai.password=ai->passwd;
 			sai.ha1=ai->ha1;
+			if (ai->tls_cert && ai->tls_key) {
+				sal_certificates_chain_parse(&sai, ai->tls_cert, SAL_CERTIFICATE_RAW_FORMAT_PEM);
+				sal_signing_key_parse(&sai, ai->tls_key, "");
+			} else if (ai->tls_cert_path && ai->tls_key_path) {
+				sal_certificates_chain_parse_file(&sai, ai->tls_cert_path, SAL_CERTIFICATE_RAW_FORMAT_PEM);
+				sal_signing_key_parse_file(&sai, ai->tls_key_path, "");
+			}
 			/*proxy case*/
 			for (proxy=(bctbx_list_t*)linphone_core_get_proxy_config_list(lc);proxy!=NULL;proxy=proxy->next) {
 				if (proxy->data == sal_op_get_user_pointer(op)) {

coreapi/bellesip_sal/sal_impl.c

@@ -1182,7 +1182,7 @@ void sal_enable_unconditional_answer(Sal *sal,int value) {
  * @param format either PEM or DER
  */
 void sal_certificates_chain_parse_file(SalAuthInfo* auth_info, const char* path, SalCertificateRawFormat format) {
-	auth_info->certificates = (SalCertificatesChain*) belle_sip_certificates_chain_parse_file(path, (belle_sip_certificate_raw_format_t)format); //
+	auth_info->certificates = (SalCertificatesChain*) belle_sip_certificates_chain_parse_file(path, (belle_sip_certificate_raw_format_t)format);
 	if (auth_info->certificates) belle_sip_object_ref((belle_sip_object_t *) auth_info->certificates);
 }
 
@@ -1196,6 +1196,28 @@ void sal_signing_key_parse_file(SalAuthInfo* auth_info, const char* path, const
 	if (auth_info->key) belle_sip_object_ref((belle_sip_object_t *) auth_info->key);
 }
 
+/** Parse a buffer containing either a certificate chain order in PEM format or a single DER cert
+ * @param auth_info structure where to store the result of parsing
+ * @param buffer the buffer to parse
+ * @param format either PEM or DER
+ */
+void sal_certificates_chain_parse(SalAuthInfo* auth_info, const char* buffer, SalCertificateRawFormat format) {
+	size_t len = buffer != NULL ? strlen(buffer) : 0;
+	auth_info->certificates = (SalCertificatesChain*) belle_sip_certificates_chain_parse(buffer, len, (belle_sip_certificate_raw_format_t)format);
+	if (auth_info->certificates) belle_sip_object_ref((belle_sip_object_t *) auth_info->certificates);
+}
+
+/**
+ * Parse a buffer containing either a private or public rsa key
+ * @param auth_info structure where to store the result of parsing
+ * @param passwd password (optionnal)
+ */
+void sal_signing_key_parse(SalAuthInfo* auth_info, const char* buffer, const char *passwd) {
+	size_t len = buffer != NULL ? strlen(buffer) : 0;
+	auth_info->key = (SalSigningKey *) belle_sip_signing_key_parse(buffer, len, passwd);
+	if (auth_info->key) belle_sip_object_ref((belle_sip_object_t *) auth_info->key);
+}
+
 /**
  * Parse a directory to get a certificate with the given subject common name
  *

coreapi/callbacks.c

@@ -970,19 +970,18 @@ static void call_released(SalOp *op){
 }
 
 static void auth_failure(SalOp *op, SalAuthInfo* info) {
-	LinphoneCore *lc=(LinphoneCore *)sal_get_user_pointer(sal_op_get_sal(op));
-	LinphoneAuthInfo *ai=NULL;
-
-	if( info != NULL ){
-		ai = (LinphoneAuthInfo*)_linphone_core_find_auth_info(lc,info->realm,info->username,info->domain, TRUE);
+	LinphoneCore *lc = (LinphoneCore *)sal_get_user_pointer(sal_op_get_sal(op));
+	LinphoneAuthInfo *ai = NULL;
 
+	if (info != NULL) {
+		ai = (LinphoneAuthInfo*)_linphone_core_find_auth_info(lc, info->realm, info->username, info->domain, TRUE);
 		if (ai){
-			ms_message("%s/%s/%s authentication fails.",info->realm,info->username,info->domain);
+			LinphoneAuthMethod method = info->mode == SalAuthModeHttpDigest ? LinphoneAuthHttpDigest : LinphoneAuthTls;
+			ms_message("%s/%s/%s/%s authentication fails.", info->realm, info->username, info->domain, info->mode == SalAuthModeHttpDigest ? "HttpDigest" : "Tls");
 			/*ask again for password if auth info was already supplied but apparently not working*/
-			linphone_core_notify_auth_info_requested(lc,info->realm,info->username,info->domain);
+			linphone_core_notify_auth_info_requested(lc, info->realm, info->username, info->domain, method);
 		}
 	}
-
 }
 
 static void register_success(SalOp *op, bool_t registered){
@@ -1171,35 +1170,50 @@ static void ping_reply(SalOp *op){
 }
 
 static bool_t fill_auth_info_with_client_certificate(LinphoneCore *lc, SalAuthInfo* sai) {
-	const char *chain_file = lp_config_get_string(lc->config,"sip","client_cert_chain", 0);
-	const char *key_file = lp_config_get_string(lc->config,"sip","client_cert_key", 0);;
+	const char *chain_file = linphone_core_get_tls_cert_path(lc);
+	const char *key_file = linphone_core_get_tls_key_path(lc);
 
+	if (key_file && chain_file) {
 #ifndef _WIN32
-	{
-	// optinal check for files
-	struct stat st;
-	if (stat(key_file,&st)) {
-		ms_warning("No client certificate key found in %s", key_file);
-		return FALSE;
-	}
-	if (stat(chain_file,&st)) {
-		ms_warning("No client certificate chain found in %s", chain_file);
-		return FALSE;
-	}
-	}
+		// optinal check for files
+		struct stat st;
+		if (stat(key_file, &st)) {
+			ms_warning("No client certificate key found in %s", key_file);
+			return FALSE;
+		}
+		if (stat(chain_file, &st)) {
+			ms_warning("No client certificate chain found in %s", chain_file);
+			return FALSE;
+		}
 #endif
-
-	sal_certificates_chain_parse_file(sai, chain_file, SAL_CERTIFICATE_RAW_FORMAT_PEM );
-	sal_signing_key_parse_file(sai, key_file, "");
+		sal_certificates_chain_parse_file(sai, chain_file, SAL_CERTIFICATE_RAW_FORMAT_PEM);
+		sal_signing_key_parse_file(sai, key_file, "");
+	} else if (lc->tls_cert && lc->tls_key) {
+		sal_certificates_chain_parse(sai, lc->tls_cert, SAL_CERTIFICATE_RAW_FORMAT_PEM);
+		sal_signing_key_parse(sai, lc->tls_key, "");
+	}
 	return sai->certificates && sai->key;
 }
 
 static bool_t fill_auth_info(LinphoneCore *lc, SalAuthInfo* sai) {
 	LinphoneAuthInfo *ai=(LinphoneAuthInfo*)_linphone_core_find_auth_info(lc,sai->realm,sai->username,sai->domain, FALSE);
 	if (ai) {
-		sai->userid=ms_strdup(ai->userid?ai->userid:ai->username);
-		sai->password=ai->passwd?ms_strdup(ai->passwd):NULL;
-		sai->ha1=ai->ha1?ms_strdup(ai->ha1):NULL;
+		if (sai->mode == SalAuthModeHttpDigest) {
+			sai->userid=ms_strdup(ai->userid?ai->userid:ai->username);
+			sai->password=ai->passwd?ms_strdup(ai->passwd):NULL;
+			sai->ha1=ai->ha1?ms_strdup(ai->ha1):NULL;
+		} else if (sai->mode == SalAuthModeTls) {
+			if (ai->tls_cert && ai->tls_key) {
+				sal_certificates_chain_parse(sai, ai->tls_cert, SAL_CERTIFICATE_RAW_FORMAT_PEM);
+				sal_signing_key_parse(sai, ai->tls_key, "");
+			} else if (ai->tls_cert_path && ai->tls_key_path) {
+				sal_certificates_chain_parse_file(sai, ai->tls_cert_path, SAL_CERTIFICATE_RAW_FORMAT_PEM);
+				sal_signing_key_parse_file(sai, ai->tls_key_path, "");
+			} else {
+				fill_auth_info_with_client_certificate(lc, sai);
+			}
+		}
+		
 		if (sai->realm && !ai->realm){
 			/*if realm was not known, then set it so that ha1 may eventually be calculated and clear text password dropped*/
 			linphone_auth_info_set_realm(ai, sai->realm);
@@ -1211,22 +1225,15 @@ static bool_t fill_auth_info(LinphoneCore *lc, SalAuthInfo* sai) {
 	}
 }
 static bool_t auth_requested(Sal* sal, SalAuthInfo* sai) {
-	LinphoneCore *lc=(LinphoneCore *)sal_get_user_pointer(sal);
-	if (sai->mode == SalAuthModeHttpDigest) {
-		if (fill_auth_info(lc,sai)) {
+	LinphoneCore *lc = (LinphoneCore *)sal_get_user_pointer(sal);
+	if (fill_auth_info(lc,sai)) {
+		return TRUE;
+	} else {
+		LinphoneAuthMethod method = sai->mode == SalAuthModeHttpDigest ? LinphoneAuthHttpDigest : LinphoneAuthTls;
+		linphone_core_notify_auth_info_requested(lc, sai->realm, sai->username, sai->domain, method);
+		if (fill_auth_info(lc, sai)) {
 			return TRUE;
-		} else {
-			{
-				linphone_core_notify_auth_info_requested(lc,sai->realm,sai->username,sai->domain);
-				if (fill_auth_info(lc,sai)) {
-					return TRUE;
-				}
-			}
-			return FALSE;
 		}
-	} else if (sai->mode == SalAuthModeTls) {
-		return fill_auth_info_with_client_certificate(lc,sai);
-	} else {
 		return FALSE;
 	}
 }

coreapi/help/java/org/linphone/core/tutorials/TutorialBuddyStatus.java

@@ -298,7 +298,7 @@ public class TutorialBuddyStatus implements LinphoneCoreListener {
 
 	@Override
 	public void authInfoRequested(LinphoneCore lc, String realm,
-			String username, String Domain) {
+			String username, String Domain, LinphoneCore.AuthMethod method) {
 		// TODO Auto-generated method stub
 		
 	}

coreapi/help/java/org/linphone/core/tutorials/TutorialChatRoom.java

@@ -77,7 +77,7 @@ public class TutorialChatRoom implements LinphoneCoreListener, LinphoneChatMessa
 	
 	public void show(LinphoneCore lc) {}
 	public void byeReceived(LinphoneCore lc, String from) {}
-	public void authInfoRequested(LinphoneCore lc, String realm, String username, String domain) {}
+	public void authInfoRequested(LinphoneCore lc, String realm, String username, String domain, LinphoneCore.AuthMethod method) {}
 	public void displayStatus(LinphoneCore lc, String message) {}
 	public void displayMessage(LinphoneCore lc, String message) {}
 	public void displayWarning(LinphoneCore lc, String message) {}

coreapi/help/java/org/linphone/core/tutorials/TutorialHelloWorld.java

@@ -71,7 +71,7 @@ public class TutorialHelloWorld implements LinphoneCoreListener {
 	
 	public void show(LinphoneCore lc) {}
 	public void byeReceived(LinphoneCore lc, String from) {}
-	public void authInfoRequested(LinphoneCore lc, String realm, String username, String domain) {}
+	public void authInfoRequested(LinphoneCore lc, String realm, String username, String domain, LinphoneCore.AuthMethod method) {}
 	public void displayStatus(LinphoneCore lc, String message) {}
 	public void displayMessage(LinphoneCore lc, String message) {}
 	public void displayWarning(LinphoneCore lc, String message) {}

coreapi/help/java/org/linphone/core/tutorials/TutorialRegistration.java

@@ -82,7 +82,7 @@ public class TutorialRegistration implements LinphoneCoreListener {
 
 	public void show(LinphoneCore lc) {}
 	public void byeReceived(LinphoneCore lc, String from) {}
-	public void authInfoRequested(LinphoneCore lc, String realm, String username, String domain) {}
+	public void authInfoRequested(LinphoneCore lc, String realm, String username, String domain, LinphoneCore.AuthMethod method) {}
 	public void displayStatus(LinphoneCore lc, String message) {}
 	public void displayMessage(LinphoneCore lc, String message) {}
 	public void displayWarning(LinphoneCore lc, String message) {}

coreapi/linphonecore.c

@@ -7929,3 +7929,45 @@ int linphone_core_stop_conference_recording(LinphoneCore *lc) {
 LinphoneConference *linphone_core_get_conference(LinphoneCore *lc) {
 	return lc->conf_ctx;
 }
+
+void linphone_core_set_tls_cert(LinphoneCore *lc, const char *tls_cert) {
+	if (lc->tls_cert) {
+		ms_free(lc->tls_cert);
+		lc->tls_cert = NULL;
+	}
+	if (tls_cert && strlen(tls_cert) > 0) lc->tls_cert = ms_strdup(tls_cert);
+}
+
+void linphone_core_set_tls_key(LinphoneCore *lc, const char *tls_key) {
+	if (lc->tls_key) {
+		ms_free(lc->tls_key);
+		lc->tls_key = NULL;
+	}
+	if (tls_key && strlen(tls_key) > 0) lc->tls_key = ms_strdup(tls_key);
+}
+
+void linphone_core_set_tls_cert_path(LinphoneCore *lc, const char *tls_cert_path) {