Commit 8660efcf authored by Simon Morlat's avatar Simon Morlat

add new tests in Flexisip suite in order to test that flexisip properly accept...

add new tests in Flexisip suite in order to test that flexisip properly accept and reject clients using TLS client based authentication.
parent b1a48fb8
......@@ -2251,7 +2251,7 @@ void linphone_core_set_rtp_no_xmit_on_audio_mute(LinphoneCore *lc,bool_t rtp_no_
/**
* Sets the UDP port used for audio streaming.
* A value if -1 will request the system to allocate the local port randomly.
* A value of -1 will request the system to allocate the local port randomly.
* This is recommended in order to avoid firewall warnings.
*
* @ingroup network_parameters
......@@ -2273,7 +2273,7 @@ void linphone_core_set_audio_port_range(LinphoneCore *lc, int min_port, int max_
/**
* Sets the UDP port used for video streaming.
* A value if -1 will request the system to allocate the local port randomly.
* A value of -1 will request the system to allocate the local port randomly.
* This is recommended in order to avoid firewall warnings.
*
* @ingroup network_parameters
......
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=France, L=Grenoble, O=Belledonne Communications, CN=Belledonne Communications unofficial rootca
Validity
Not Before: Nov 17 11:33:46 2016 GMT
Not After : Nov 27 11:33:46 2017 GMT
Subject: C=FR, ST=Some-State, L=Lorien, O=Internet Widgits Pty Ltd, CN=sip:galadrielle@sip.example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ae:3c:ab:f2:34:4b:dd:3e:96:b4:0f:76:61:5f:
59:dd:d0:93:6f:05:04:a2:2e:f7:f5:2f:65:35:02:
f5:6f:ed:dd:46:bb:72:3e:7c:47:b5:37:15:1d:1d:
90:a7:dc:0f:bf:cc:a8:58:43:86:fb:b8:c7:7e:13:
7f:05:09:47:6b:bf:a1:d1:76:7d:7a:d3:09:3a:46:
78:22:08:49:cd:02:8d:80:10:ee:d1:18:3c:e4:df:
50:be:05:80:88:56:c3:d4:36:2c:05:5d:57:07:9a:
4a:13:99:7f:46:d9:0b:dd:81:51:29:bd:8e:3a:55:
b2:33:f2:e6:3e:1c:ce:f9:2f:80:68:ca:5a:78:c5:
e1:27:4a:b4:0b:65:9b:24:ee:df:8c:16:f0:74:dc:
fe:a5:9f:52:5a:a1:f9:09:1d:47:00:d9:8a:84:72:
e2:19:7b:cb:cd:62:b3:44:e3:4f:cf:9b:1c:a1:bc:
70:d3:e0:10:8b:f2:51:28:91:84:61:92:56:03:3a:
2c:bf:11:8d:b6:4b:c8:4f:1c:e7:75:54:b9:cd:f3:
d5:be:6b:af:6e:9f:ca:77:45:44:5c:55:6a:23:49:
e0:52:fc:30:3d:a9:a8:66:f1:d8:d0:a8:5b:97:3c:
a7:de:70:db:7b:85:c1:f5:8e:54:3c:f8:0f:3a:9f:
36:2d
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
4a:f6:1f:8c:a8:fa:f6:ed:85:14:2c:12:14:69:7c:ec:ff:17:
57:e5:bd:a6:e1:50:7e:38:01:d7:a9:92:7c:e2:43:03:f7:7f:
53:f9:6a:de:bf:55:7b:62:45:fc:55:35:20:8f:6c:b5:83:a6:
30:56:84:ba:b0:cb:df:1e:6f:e2:ca:8a:9c:94:96:5a:c0:fa:
18:67:b4:e3:6b:87:09:2a:8e:e2:d3:69:cc:67:9d:ba:e3:48:
f7:1c:81:72:90:c8:8c:24:ff:90:be:14:50:6a:f4:1f:5b:66:
91:5c:06:ff:fc:5a:53:22:e8:fe:86:38:92:82:18:87:2d:0c:
78:90:4a:7a:92:3e:48:43:28:20:83:fa:6f:35:e3:b8:54:e9:
f7:a7:91:fd:63:fa:13:0b:31:45:5c:69:33:56:c3:7e:f9:b5:
57:f4:b9:3a:cb:7c:71:1f:dd:a1:0c:77:fc:f9:69:34:a1:7e:
2b:a6:05:cd:b9:c9:bb:68:f0:c6:72:54:34:42:94:4d:3f:c6:
d7:86:8b:da:d5:2a:31:28:80:6c:84:3b:60:ce:e4:4d:5a:53:
4d:b7:31:df:98:d0:d6:7c:c0:36:f3:fd:7c:a0:da:12:ee:9c:
1a:83:c9:62:22:ad:5b:92:7c:70:c2:49:92:05:87:ee:02:f9:
23:a7:55:86:65:86:96:53:7e:91:8a:2c:0f:18:9a:34:0f:29:
8c:0d:0e:4d:28:62:7b:65:ed:62:b8:d0:bf:13:5f:e6:a9:4f:
d6:9c:20:73:2c:b6:28:90:10:c3:20:30:15:14:68:27:64:ee:
74:2a:01:9d:ea:17:b8:f0:d9:d0:ee:61:f2:de:37:a4:c8:24:
96:3f:60:6a:51:9c:03:9a:12:c4:d1:72:0e:40:46:2e:82:a7:
7d:51:df:8e:3b:dd:73:83:31:cd:93:4e:64:ca:9b:6a:e8:2f:
b5:6c:3f:e5:b1:6a:d8:fd:26:7b:4c:84:64:56:11:de:7a:de:
d2:77:7f:ce:98:eb:04:58:4b:15:9b:29:5a:71:fa:a8:50:72:
b7:28:70:a2:77:20:ad:56:34:ab:69:27:47:87:09:67:f6:e1:
a3:66:d8:fc:4f:00:7c:8e:c1:65:c3:c5:8c:ef:2b:d1:a4:90:
ef:ea:5e:9a:ca:8b:95:44:92:60:a1:f8:0e:e8:2d:ca:b1:07:
57:23:b5:c6:e6:09:00:ac:7b:6f:fa:23:da:35:29:5f:26:78:
b1:04:64:0c:c6:96:41:4e:da:82:fd:2c:dd:5b:43:24:e0:ef:
1f:a0:8e:41:7d:b6:71:49:96:29:8e:67:aa:53:30:f6:4e:10:
56:26:43:72:fd:06:27:fb
-----BEGIN CERTIFICATE-----
MIIEgjCCAmoCAhAAMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJGUjEPMA0G
A1UECAwGRnJhbmNlMREwDwYDVQQHDAhHcmVub2JsZTEiMCAGA1UECgwZQmVsbGVk
b25uZSBDb21tdW5pY2F0aW9uczE0MDIGA1UEAwwrQmVsbGVkb25uZSBDb21tdW5p
Y2F0aW9ucyB1bm9mZmljaWFsIHJvb3RjYTAeFw0xNjExMTcxMTMzNDZaFw0xNzEx
MjcxMTMzNDZaMIGAMQswCQYDVQQGEwJGUjETMBEGA1UECAwKU29tZS1TdGF0ZTEP
MA0GA1UEBwwGTG9yaWVuMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM
dGQxKDAmBgNVBAMMH3NpcDpnYWxhZHJpZWxsZUBzaXAuZXhhbXBsZS5vcmcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuPKvyNEvdPpa0D3ZhX1nd0JNv
BQSiLvf1L2U1AvVv7d1Gu3I+fEe1NxUdHZCn3A+/zKhYQ4b7uMd+E38FCUdrv6HR
dn160wk6RngiCEnNAo2AEO7RGDzk31C+BYCIVsPUNiwFXVcHmkoTmX9G2QvdgVEp
vY46VbIz8uY+HM75L4Boylp4xeEnSrQLZZsk7t+MFvB03P6ln1JaofkJHUcA2YqE
cuIZe8vNYrNE40/PmxyhvHDT4BCL8lEokYRhklYDOiy/EY22S8hPHOd1VLnN89W+
a69un8p3RURcVWojSeBS/DA9qahm8djQqFuXPKfecNt7hcH1jlQ8+A86nzYtAgMB
AAEwDQYJKoZIhvcNAQELBQADggIBAEr2H4yo+vbthRQsEhRpfOz/F1flvabhUH44
AdepknziQwP3f1P5at6/VXtiRfxVNSCPbLWDpjBWhLqwy98eb+LKipyUllrA+hhn
tONrhwkqjuLTacxnnbrjSPccgXKQyIwk/5C+FFBq9B9bZpFcBv/8WlMi6P6GOJKC
GIctDHiQSnqSPkhDKCCD+m8147hU6fenkf1j+hMLMUVcaTNWw375tVf0uTrLfHEf
3aEMd/z5aTShfiumBc25ybto8MZyVDRClE0/xteGi9rVKjEogGyEO2DO5E1aU023
Md+Y0NZ8wDbz/Xyg2hLunBqDyWIirVuSfHDCSZIFh+4C+SOnVYZlhpZTfpGKLA8Y
mjQPKYwNDk0oYntl7WK40L8TX+apT9acIHMstiiQEMMgMBUUaCdk7nQqAZ3qF7jw
2dDuYfLeN6TIJJY/YGpRnAOaEsTRcg5ARi6Cp31R34473XODMc2TTmTKm2roL7Vs
P+Wxatj9JntMhGRWEd563tJ3f86Y6wRYSxWbKVpx+qhQcrcocKJ3IK1WNKtpJ0eH
CWf24aNm2PxPAHyOwWXDxYzvK9GkkO/qXprKi5VEkmCh+A7oLcqxB1cjtcbmCQCs
e2/6I9o1KV8meLEEZAzGlkFO2oL9LN1bQyTg7x+gjkF9tnFJlimOZ6pTMPZOEFYm
Q3L9Bif7
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 13 (0xd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com
Validity
Not Before: Nov 17 11:09:48 2016 GMT
Not After : Nov 17 11:09:48 2017 GMT
Subject: C=FR, ST=Some-State, L=Lorien, O=Internet Widgits Pty Ltd, CN=sip:galadrielle@sip.example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ae:3c:ab:f2:34:4b:dd:3e:96:b4:0f:76:61:5f:
59:dd:d0:93:6f:05:04:a2:2e:f7:f5:2f:65:35:02:
f5:6f:ed:dd:46:bb:72:3e:7c:47:b5:37:15:1d:1d:
90:a7:dc:0f:bf:cc:a8:58:43:86:fb:b8:c7:7e:13:
7f:05:09:47:6b:bf:a1:d1:76:7d:7a:d3:09:3a:46:
78:22:08:49:cd:02:8d:80:10:ee:d1:18:3c:e4:df:
50:be:05:80:88:56:c3:d4:36:2c:05:5d:57:07:9a:
4a:13:99:7f:46:d9:0b:dd:81:51:29:bd:8e:3a:55:
b2:33:f2:e6:3e:1c:ce:f9:2f:80:68:ca:5a:78:c5:
e1:27:4a:b4:0b:65:9b:24:ee:df:8c:16:f0:74:dc:
fe:a5:9f:52:5a:a1:f9:09:1d:47:00:d9:8a:84:72:
e2:19:7b:cb:cd:62:b3:44:e3:4f:cf:9b:1c:a1:bc:
70:d3:e0:10:8b:f2:51:28:91:84:61:92:56:03:3a:
2c:bf:11:8d:b6:4b:c8:4f:1c:e7:75:54:b9:cd:f3:
d5:be:6b:af:6e:9f:ca:77:45:44:5c:55:6a:23:49:
e0:52:fc:30:3d:a9:a8:66:f1:d8:d0:a8:5b:97:3c:
a7:de:70:db:7b:85:c1:f5:8e:54:3c:f8:0f:3a:9f:
36:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
33:D0:36:5B:62:9B:1C:4D:31:47:9E:C0:91:41:E3:AE:29:61:AB:DB
X509v3 Authority Key Identifier:
keyid:06:5F:5D:C7:16:AF:62:F8:2D:6E:71:03:88:A0:D6:1D:2B:04:7F:BA
Signature Algorithm: sha256WithRSAEncryption
ba:a1:0a:7e:8e:a6:1e:e8:3d:5f:da:28:a6:57:3e:cb:50:79:
06:8f:19:1b:df:b0:d2:e6:12:1f:ef:a2:bd:de:40:07:e2:5d:
3d:64:41:34:10:24:3c:85:62:8e:69:0c:99:89:b7:ce:a4:f6:
08:6d:37:8a:51:98:bd:46:b7:1b:dd:b2:ba:f7:f4:2f:47:d5:
74:3f:c5:fe:95:60:b3:42:51:4f:d1:ac:ed:a4:c6:f6:16:f3:
49:b6:8d:64:7f:76:e1:95:5e:ef:eb:46:4b:d7:a5:59:1d:0d:
ba:c5:07:5f:c3:db:2e:40:aa:6e:34:0c:1a:1d:4b:72:e3:ac:
61:b5
-----BEGIN CERTIFICATE-----
MIIDsjCCAxugAwIBAgIBDTANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCRlIx
EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTYxMTE3MTEwOTQ4WhcN
MTcxMTE3MTEwOTQ4WjCBgDELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3Rh
dGUxDzANBgNVBAcMBkxvcmllbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMSgwJgYDVQQDDB9zaXA6Z2FsYWRyaWVsbGVAc2lwLmV4YW1wbGUub3Jn
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjyr8jRL3T6WtA92YV9Z
3dCTbwUEoi739S9lNQL1b+3dRrtyPnxHtTcVHR2Qp9wPv8yoWEOG+7jHfhN/BQlH
a7+h0XZ9etMJOkZ4IghJzQKNgBDu0Rg85N9QvgWAiFbD1DYsBV1XB5pKE5l/RtkL
3YFRKb2OOlWyM/LmPhzO+S+AaMpaeMXhJ0q0C2WbJO7fjBbwdNz+pZ9SWqH5CR1H
ANmKhHLiGXvLzWKzRONPz5scobxw0+AQi/JRKJGEYZJWAzosvxGNtkvITxzndVS5
zfPVvmuvbp/Kd0VEXFVqI0ngUvwwPamoZvHY0Khblzyn3nDbe4XB9Y5UPPgPOp82
LQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl
bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUM9A2W2KbHE0xR57AkUHjrilh
q9swHwYDVR0jBBgwFoAUBl9dxxavYvgtbnEDiKDWHSsEf7owDQYJKoZIhvcNAQEL
BQADgYEAuqEKfo6mHug9X9ooplc+y1B5Bo8ZG9+w0uYSH++ivd5AB+JdPWRBNBAk
PIVijmkMmYm3zqT2CG03ilGYvUa3G92yuvf0L0fVdD/F/pVgs0JRT9Gs7aTG9hbz
SbaNZH924ZVe7+tGS9elWR0NusUHX8PbLkCqbjQMGh1LcuOsYbU=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCuPKvyNEvdPpa0
D3ZhX1nd0JNvBQSiLvf1L2U1AvVv7d1Gu3I+fEe1NxUdHZCn3A+/zKhYQ4b7uMd+
E38FCUdrv6HRdn160wk6RngiCEnNAo2AEO7RGDzk31C+BYCIVsPUNiwFXVcHmkoT
mX9G2QvdgVEpvY46VbIz8uY+HM75L4Boylp4xeEnSrQLZZsk7t+MFvB03P6ln1Ja
ofkJHUcA2YqEcuIZe8vNYrNE40/PmxyhvHDT4BCL8lEokYRhklYDOiy/EY22S8hP
HOd1VLnN89W+a69un8p3RURcVWojSeBS/DA9qahm8djQqFuXPKfecNt7hcH1jlQ8
+A86nzYtAgMBAAECggEAHyf8O0A8vKA/hI0rRvgs8qwkYPrNvE6XykEiYNtZlh07
rzU/lYrVq8LgxKcPweRo8IwhIj9Y+NQu4A2ObhEds1e+EN2WTItGICSPwM4onD8z
nE3q1nr2EJsaLhB/zmFtfRn+vyrUsChXzK9rAfk31PEV2VfrAeVnC0EJCNxP6mDX
gAjTNN/+Elqzr8Cr7aofthaMnCWnI6JBJ0MCqaozDBreyfGkaFC+RkRxUpZQerqN
tvcurKn0C/Q5ZcfIugvnEFa4nL/V4s+j4Kv1SWgvfi2z4eR7wyiZVT+mStMiHvg5
JCLNli4GtFyhYzsTqUnd3S2t0unEdaFLEzJakHGjQQKBgQDdjw9UN354QS2Aiqoe
Gu5e9nc3gi3e/dHmPyk4jKPC/cqrQ3AVrXILLjU/FHpT7OrkwoQNvI0qG39r1Akq
hnztTqDw0HVskuWJmPmUxfdl6DIOUln7pEX4yZMreDwdEjxx/oZzbu7bhU3k7zNV
zKv54deN78AmtVI5KzrEdvKfnQKBgQDJUnAtvDeuwE44XUU0mBoH3XdLULLaVeAl
4vovM/8U283+wiBkASXamFimboBKe34TGH/v10hmKxBHyPCgl9ps6o9iFbPRNzOB
kmGrTTojSOJ6u9EXvQ+wTYjzl2n/RlivIsOZRC0YXmk3n+mRPa0TGwnpxH13cEFV
RnEUnYdT0QKBgBZXw/L5Oa7E2+LXmPo6OwmmjzUw0pFnRVCT1ANY43bZgyOsRFRb
TmHkQghfd0qZXMK+/vQnrJCvfzUPh/Ea6ORBhqdiTkUpty4eGCUxpZZISSv6kAp5
cXj6UvYSRPWljiTsxwBDEqFemxFYMfQYFMu5Q7STlewRYv5S5rVDTYpdAoGAG77I
xwTRh7vpC8uO5hiwPbU/45lTjNOY+J+3axn3ZaCFWz7Vx/KAjQfB7+36sEkkru0J
dLxuteXpcHs47mj/KVOKPzJOfd7lsk3COCGEiahZziBkSKk9qEaHQUr0yMGhJ0Hb
QxwqOtmIFqprPiEJ4UAwtY7m27cUyfPTUcwEAoECgYBEoCn8kmRXuBoDVNPK1IPh
vQcD0RDdtGhOrM36Pmmbky6oS37c3AV4sXOhw7aTYs4GejpeH0tX7F0hiwaZ/SqG
WxliyHCpUxpl+LsGzdfqCa9nEPn4B27/jFYHVCiSheOfVEwjGavkO+VIZbuHXAP4
V8rXqdmFIbiVb43P6yoMhg==
-----END PRIVATE KEY-----
flexisip.conf : is the configuration of the flexisip running on sip2.linphone.org. It has lots of IP addresses hardcoded because this machine is running multiple instances on different IP addresses.
flexisip-generic.conf : is the same configuration without any IP address hardcoded and relative paths. It can be run on any machine from the "tester" directory of linphone.
This diff is collapsed.
......@@ -40,7 +40,7 @@ aliases=localhost sip2.linphone.org sipopen.example.org sip.example.org auth.exa
#note: the ip addresses are explicitely specified here because the machine has several interfaces. In a simple case, using '*' instead of the explicit ip address is sufficient,
#and there is no need to specify the ipv6 transport addresses.
transports=sip:94.23.19.176:5060 sips:94.23.19.176:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:94.23.19.176:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:94.23.19.176:5063;require-peer-certificate=1 sip:94.23.19.176:5064 sip:[2001:41d0:2:14b0::1]:5060 sips:[2001:41d0:2:14b0::1]:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:[2001:41d0:2:14b0::1]:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:[2001:41d0:2:14b0::1]:5063;require-peer-certificate=1 sip:[2001:41d0:2:14b0::1]:5064
transports=sip:94.23.19.176:5060 sips:94.23.19.176:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:94.23.19.176:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:94.23.19.176:5063;tls-verify-incoming=1 sip:94.23.19.176:5064 sip:[2001:41d0:2:14b0::1]:5060 sips:[2001:41d0:2:14b0::1]:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:[2001:41d0:2:14b0::1]:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:[2001:41d0:2:14b0::1]:5063;tls-verify-incoming=1 sip:[2001:41d0:2:14b0::1]:5064
# An absolute path of a directory where TLS server certificate and
......
......@@ -1195,7 +1195,7 @@ static void test_list_subscribe_wrong_body(void) {
}
static void publish_subscribe(void) {
static void redis_publish_subscribe(void) {
LinphoneCoreManager* marie = linphone_core_manager_new("marie_rc");
LinphoneCoreManager* pauline = linphone_core_manager_new(transport_supported(LinphoneTransportTls) ? "pauline_rc" : "pauline_tcp_rc");
LinphoneCoreManager* marie2 = NULL;
......@@ -1215,6 +1215,87 @@ static void publish_subscribe(void) {
linphone_core_manager_destroy(marie2);
}
static void tls_authentication_requested_good(LinphoneCore *lc, LinphoneAuthInfo *auth_info, LinphoneAuthMethod method) {
if (method == LinphoneAuthTls){
char *cert = bc_tester_res("certificates/client/cert2.pem");
char *key = bc_tester_res("certificates/client/key2.pem");
linphone_auth_info_set_tls_cert_path(auth_info, cert);
linphone_auth_info_set_tls_key_path(auth_info, key);
linphone_core_add_auth_info(lc, auth_info);
bc_free(cert);
ms_free(key);
}
}
static void tls_authentication_requested_bad(LinphoneCore *lc, LinphoneAuthInfo *auth_info, LinphoneAuthMethod method) {
if (method == LinphoneAuthTls){
char *cert = bc_tester_res("certificates/client/cert2-signed-by-other-ca.pem");
char *key = bc_tester_res("certificates/client/key2.pem");
linphone_auth_info_set_tls_cert_path(auth_info, cert);
linphone_auth_info_set_tls_key_path(auth_info, key);
linphone_core_add_auth_info(lc, auth_info);
bc_free(cert);
bc_free(key);
}
}
static void tls_client_auth_try_register(const char *identity, bool_t with_good_cert, bool_t must_work){
LinphoneCoreManager *lcm;
LinphoneCoreVTable* vtable = linphone_core_v_table_new();
LinphoneProxyConfig *cfg;
lcm = linphone_core_manager_new(NULL);
vtable->authentication_requested= with_good_cert ? tls_authentication_requested_good : tls_authentication_requested_bad;
linphone_core_add_listener(lcm->lc,vtable);
cfg = linphone_core_create_proxy_config(lcm->lc);
linphone_proxy_config_set_server_addr(cfg, "sip:sip2.linphone.org:5063;transport=tls");
linphone_proxy_config_enable_register(cfg, TRUE);
linphone_proxy_config_set_identity(cfg, identity);
linphone_core_add_proxy_config(lcm->lc, cfg);
if (must_work){
BC_ASSERT_TRUE(wait_for(lcm->lc, NULL, &lcm->stat.number_of_LinphoneRegistrationOk, 1));
BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed,0, int, "%d");
BC_ASSERT_EQUAL(lcm->stat.number_of_auth_info_requested,1, int, "%d");
}else{
BC_ASSERT_TRUE(wait_for(lcm->lc, NULL, &lcm->stat.number_of_LinphoneRegistrationFailed, 1));
BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationOk,0, int, "%d");
/*we should expect 2 "auth_requested": one for the TLS certificate, another one because the server rejects the REGISTER with 401.*/
/*If the certificate isn't recognized at all, the connection will not happen and no SIP response will be received from server.*/
if (with_good_cert) BC_ASSERT_EQUAL(lcm->stat.number_of_auth_info_requested,2, int, "%d");
else BC_ASSERT_EQUAL(lcm->stat.number_of_auth_info_requested,1, int, "%d");
}
linphone_proxy_config_unref(cfg);
linphone_core_manager_destroy(lcm);
linphone_core_v_table_destroy(vtable);
}
void tls_client_auth_bad_certificate_cn(void) {
if (transport_supported(LinphoneTransportTls)) {
/*first register to the proxy with galadrielle's identity, and authenticate by supplying galadrielle's certificate.
* It must work.*/
tls_client_auth_try_register("sip:galadrielle@sip.example.org", TRUE, TRUE);
/*now do the same thing, but trying to register as "Arwen". It must fail.*/
tls_client_auth_try_register("sip:arwen@sip.example.org", TRUE, FALSE);
}
}
void tls_client_auth_bad_certificate(void) {
if (transport_supported(LinphoneTransportTls)) {
/*first register to the proxy with galadrielle's identity, and authenticate by supplying galadrielle's certificate.
* It must work.*/
tls_client_auth_try_register("sip:galadrielle@sip.example.org", FALSE, FALSE);
}
}
test_t flexisip_tests[] = {
TEST_ONE_TAG("Subscribe forking", subscribe_forking, "LeaksMemory"),
TEST_NO_TAG("Message forking", message_forking),
......@@ -1248,8 +1329,11 @@ test_t flexisip_tests[] = {
#if HAVE_SIPP
TEST_NO_TAG("Subscribe on wrong dialog", test_subscribe_on_wrong_dialog),
#endif
TEST_ONE_TAG("Publish/subscribe", publish_subscribe, "Skip")
TEST_ONE_TAG("Redis Publish/subscribe", redis_publish_subscribe, "Skip"),
TEST_NO_TAG("TLS authentication - client rejected due to CN mismatch", tls_client_auth_bad_certificate_cn),
TEST_NO_TAG("TLS authentication - client rejected due to unrecognized certificate chain", tls_client_auth_bad_certificate)
};
test_suite_t flexisip_test_suite = {"Flexisip", NULL, NULL, liblinphone_tester_before_each, liblinphone_tester_after_each,
sizeof(flexisip_tests) / sizeof(flexisip_tests[0]), flexisip_tests};
......@@ -138,7 +138,7 @@ static void register_with_refresh_base_3(LinphoneCore* lc
} else
/*checking to be done outside this functions*/
BC_ASSERT_EQUAL(counters->number_of_LinphoneRegistrationCleared,0, int, "%d");
linphone_proxy_config_destroy(proxy_cfg);
linphone_proxy_config_unref(proxy_cfg);
}
static void register_with_refresh_base_2(LinphoneCore* lc
......@@ -860,14 +860,14 @@ static void tls_certificate_failure(void){
linphone_core_set_root_ca(lcm->lc,NULL); /*no root ca*/
linphone_core_refresh_registers(lcm->lc);
BC_ASSERT_TRUE(wait_for(lc,lc,&lcm->stat.number_of_LinphoneRegistrationFailed,2));
ms_free(rootcapath);
bc_free(rootcapath);
rootcapath = bc_tester_res("certificates/cn/cafile.pem"); /*good root ca*/
linphone_core_set_root_ca(lcm->lc,rootcapath);
linphone_core_refresh_registers(lcm->lc);
BC_ASSERT_TRUE(wait_for(lc,lc,&lcm->stat.number_of_LinphoneRegistrationOk,1));
BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed,2, int, "%d");
linphone_core_manager_destroy(lcm);
ms_free(rootcapath);
bc_free(rootcapath);
}
}
......@@ -905,7 +905,7 @@ static void tls_certificate_data(void) {
linphone_core_set_root_ca_data(lcm->lc, NULL); /*no root ca*/
linphone_core_refresh_registers(lcm->lc);
BC_ASSERT_TRUE(wait_for(lc, lc, &lcm->stat.number_of_LinphoneRegistrationFailed, 2));
ms_free(rootcapath);
bc_free(rootcapath);
ms_free(data);
rootcapath = bc_tester_res("certificates/cn/cafile.pem"); /*good root ca*/
data = read_file(rootcapath);
......@@ -914,7 +914,7 @@ static void tls_certificate_data(void) {
BC_ASSERT_TRUE(wait_for(lc, lc, &lcm->stat.number_of_LinphoneRegistrationOk, 1));
BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed, 2, int, "%d");
linphone_core_manager_destroy(lcm);
ms_free(rootcapath);
bc_free(rootcapath);
ms_free(data);
}
}
......@@ -957,7 +957,7 @@ static void tls_alt_name_register(void){
BC_ASSERT_TRUE(wait_for(lc,lc,&lcm->stat.number_of_LinphoneRegistrationOk,1));
BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed,0, int, "%d");
linphone_core_manager_destroy(lcm);
ms_free(rootcapath);
bc_free(rootcapath);
}
}
......@@ -974,7 +974,7 @@ static void tls_wildcard_register(void){
BC_ASSERT_TRUE(wait_for(lc,lc,&lcm->stat.number_of_LinphoneRegistrationOk,2));
BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed,0, int, "%d");
linphone_core_manager_destroy(lcm);
ms_free(rootcapath);
bc_free(rootcapath);
}
}
......@@ -1003,8 +1003,8 @@ static void tls_auth_global_client_cert(void) {
lp_config_set_string(lpc, "sip", "client_cert_key", key_path);
linphone_core_manager_start(manager, TRUE);
linphone_core_manager_destroy(manager);
ms_free(cert_path);
ms_free(key_path);
bc_free(cert_path);
bc_free(key_path);
}
}
......@@ -1022,8 +1022,8 @@ static void tls_auth_global_client_cert_api(void) {
linphone_core_manager_destroy(pauline);
ms_free(cert);
ms_free(key);
ms_free(cert_path);
ms_free(key_path);
bc_free(cert_path);
bc_free(key_path);
}
}
......@@ -1037,8 +1037,8 @@ static void tls_auth_global_client_cert_api_path(void) {
linphone_core_set_tls_key_path(lc, key);
BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1));
linphone_core_manager_destroy(pauline);
ms_free(cert);
ms_free(key);
bc_free(cert);
bc_free(key);
}
}
......@@ -1057,8 +1057,8 @@ static void tls_auth_info_client_cert_api(void) {
linphone_core_manager_destroy(pauline);
ms_free(cert);
ms_free(key);
ms_free(cert_path);
ms_free(key_path);
bc_free(cert_path);
bc_free(key_path);
}
}
......@@ -1073,8 +1073,8 @@ static void tls_auth_info_client_cert_api_path(void) {
linphone_auth_info_set_tls_key_path(authInfo, key);
BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1));
linphone_core_manager_destroy(pauline);
ms_free(cert);
ms_free(key);
bc_free(cert);
bc_free(key);
}
}
......@@ -1085,8 +1085,8 @@ static void authentication_requested_2(LinphoneCore *lc, LinphoneAuthInfo *auth_
linphone_auth_info_set_tls_cert_path(auth_info, cert);
linphone_auth_info_set_tls_key_path(auth_info, key);
linphone_core_add_auth_info(lc, auth_info);
ms_free(cert);
ms_free(key);
bc_free(cert);
bc_free(key);
}
static void tls_auth_info_client_cert_cb(void) {
......@@ -1119,8 +1119,8 @@ static void authentication_requested_3(LinphoneCore *lc, LinphoneAuthInfo *auth_
linphone_core_add_auth_info(lc, auth_info);
ms_free(cert);
ms_free(key);
ms_free(cert_path);
ms_free(key_path);
bc_free(cert_path);
bc_free(key_path);
}
static void tls_auth_info_client_cert_cb_2(void) {
......@@ -1142,6 +1142,7 @@ static void tls_auth_info_client_cert_cb_2(void) {
}
}
test_t register_tests[] = {
TEST_NO_TAG("Simple register", simple_register),
TEST_NO_TAG("Simple register unregister", simple_unregister),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment