update certificate test, use mediastream stats/iterate

coreapi/linphonecall.c

@@ -2245,11 +2245,11 @@ void linphone_call_stop_recording(LinphoneCall *call){
  * @}
 **/
 
-static void report_bandwidth(LinphoneCall *call, RtpSession *as, RtpSession *vs){
-	call->stats[LINPHONE_CALL_STATS_AUDIO].download_bandwidth=(as!=NULL) ? (rtp_session_compute_recv_bandwidth(as)*1e-3) : 0;
-	call->stats[LINPHONE_CALL_STATS_AUDIO].upload_bandwidth=(as!=NULL) ? (rtp_session_compute_send_bandwidth(as)*1e-3) : 0;
-	call->stats[LINPHONE_CALL_STATS_VIDEO].download_bandwidth=(vs!=NULL) ? (rtp_session_compute_recv_bandwidth(vs)*1e-3) : 0;
-	call->stats[LINPHONE_CALL_STATS_VIDEO].upload_bandwidth=(vs!=NULL) ? (rtp_session_compute_send_bandwidth(vs)*1e-3) : 0;
+static void report_bandwidth(LinphoneCall *call, MediaStream *as, MediaStream *vs){
+	call->stats[LINPHONE_CALL_STATS_AUDIO].download_bandwidth=(as!=NULL) ? (media_stream_get_down_bw(as)*1e-3) : 0;
+	call->stats[LINPHONE_CALL_STATS_AUDIO].upload_bandwidth=(as!=NULL) ? (media_stream_get_up_bw(as)*1e-3) : 0;
+	call->stats[LINPHONE_CALL_STATS_VIDEO].download_bandwidth=(vs!=NULL) ? (media_stream_get_down_bw(vs)*1e-3) : 0;
+	call->stats[LINPHONE_CALL_STATS_VIDEO].upload_bandwidth=(vs!=NULL) ? (media_stream_get_up_bw(vs)*1e-3) : 0;
 	ms_message("bandwidth usage: audio=[d=%.1f,u=%.1f] video=[d=%.1f,u=%.1f] kbit/sec",
 		call->stats[LINPHONE_CALL_STATS_AUDIO].download_bandwidth,
 		call->stats[LINPHONE_CALL_STATS_AUDIO].upload_bandwidth ,
@@ -2364,7 +2364,7 @@ void linphone_call_background_tasks(LinphoneCall *call, bool_t one_second_elapse
 				video_load=ms_ticker_get_average_load(call->videostream->ms.ticker);
 			vs=call->videostream->ms.session;
 		}
-		report_bandwidth(call,as,vs);
+		report_bandwidth(call,(MediaStream*)call->audiostream,(MediaStream*)call->videostream);
 		ms_message("Thread processing load: audio=%f\tvideo=%f",audio_load,video_load);
 	}
 

mediastreamer2

@@ -1 +1 @@
-Subproject commit ac5233ae16394d59cf4d9783a229f2adc2111b12
+Subproject commit 5b941cb169940ae643de86e957daa86c31c25145

oRTP

@@ -1 +1 @@
-Subproject commit 706f0b59f818a69c673053e831fa1f19a855f80b
+Subproject commit ce8c19753495b4ad16a6c5df2bf2bf235443f762

tester/call_tester.c

@@ -95,6 +95,35 @@ static void linphone_call_cb(LinphoneCall *call,void * user_data) {
 }
 #endif
 
+static void check_rtcp(LinphoneCoreManager* caller, LinphoneCoreManager* callee) {
+	LinphoneCall *c1,*c2;
+	int i;
+	int dummy=0;
+
+	c1=linphone_core_get_current_call(caller->lc);
+	c2=linphone_core_get_current_call(callee->lc);
+
+	for (i=0; i<3; i++) {
+		if (linphone_call_get_audio_stats(c1)->round_trip_delay >0.0
+				&& linphone_call_get_audio_stats(c2)->round_trip_delay >0.0
+				&& (!linphone_call_get_video_stats(c1) || linphone_call_get_video_stats(c1)->round_trip_delay>0.0)
+				&& (!linphone_call_get_video_stats(c1) || linphone_call_get_video_stats(c1)->round_trip_delay>0.0)) {
+			break;
+		}
+		wait_for(caller->lc,callee->lc,&dummy,1);
+
+	}
+	CU_ASSERT_TRUE(linphone_call_get_audio_stats(c1)->round_trip_delay>0.0);
+	CU_ASSERT_TRUE(linphone_call_get_audio_stats(c2)->round_trip_delay>0.0);
+	if (linphone_call_log_video_enabled(linphone_call_get_call_log(c1))) {
+		CU_ASSERT_TRUE(linphone_call_get_video_stats(c1)->round_trip_delay>0.0);
+	}
+	if (linphone_call_log_video_enabled(linphone_call_get_call_log(c2))) {
+		CU_ASSERT_TRUE(linphone_call_get_video_stats(c2)->round_trip_delay>0.0);
+	}
+
+}
+
 bool_t call_with_params(LinphoneCoreManager* caller_mgr
 						,LinphoneCoreManager* callee_mgr
 						, const LinphoneCallParams *caller_params
@@ -205,6 +234,9 @@ static void simple_call(void) {
 		CU_ASSERT_TRUE(wait_for(lc_pauline,lc_marie,&stat_marie->number_of_LinphoneCallStreamsRunning,1));
 		/*just to sleep*/
 		wait_for(lc_pauline,lc_marie,&stat_marie->number_of_LinphoneCallStreamsRunning,3);
+
+		check_rtcp(marie,pauline);
+
 		linphone_core_terminate_all_calls(lc_pauline);
 		CU_ASSERT_TRUE(wait_for(lc_pauline,lc_marie,&stat_pauline->number_of_LinphoneCallEnd,1));
 		CU_ASSERT_TRUE(wait_for(lc_pauline,lc_marie,&stat_marie->number_of_LinphoneCallEnd,1));
@@ -325,9 +357,9 @@ static void call_with_dns_time_out(void) {
 
 static void early_cancelled_call(void) {
 	LinphoneCoreManager* marie = linphone_core_manager_new( "marie_rc");
-	LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_alt_rc");
+	LinphoneCoreManager* pauline = linphone_core_manager_new2( "empty_rc",FALSE);
 
-	LinphoneCall* out_call = linphone_core_invite(pauline->lc,"sip:marie@sip.example.org");
+	LinphoneCall* out_call = linphone_core_invite_address(pauline->lc,marie->identity);
 	
 	CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&pauline->stat.number_of_LinphoneCallOutgoingInit,1));
 	linphone_core_terminate_call(pauline->lc,out_call);
@@ -398,7 +430,7 @@ static void call_declined(void) {
 	LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_rc");
 
 	LinphoneCall* in_call;
-	LinphoneCall* out_call = linphone_core_invite(pauline->lc,"marie");
+	LinphoneCall* out_call = linphone_core_invite_address(pauline->lc,marie->identity);
 	linphone_call_ref(out_call);
 	CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_LinphoneCallIncomingReceived,1));
 	CU_ASSERT_PTR_NOT_NULL(in_call=linphone_core_get_current_call(marie->lc));
@@ -471,6 +503,7 @@ static bool_t check_ice(LinphoneCoreManager* caller, LinphoneCoreManager* callee
 	}
 	return success;
 }
+
 static void call_with_ice(void) {
 	LinphoneCoreManager* marie = linphone_core_manager_new( "marie_rc");
 	LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_rc");
@@ -487,6 +520,9 @@ static void call_with_ice(void) {
 	CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&pauline->stat.number_of_LinphoneCallStreamsRunning,2));
 	CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_LinphoneCallStreamsRunning,2));
 	
+	check_rtcp(marie,pauline);
+
+
 	/*then close the call*/
 	linphone_core_terminate_all_calls(pauline->lc);
 	CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&pauline->stat.number_of_LinphoneCallEnd,1));
@@ -645,6 +681,29 @@ static void call_with_video_added(void) {
 	linphone_core_manager_destroy(pauline);
 }
 
+static void call_with_media_relay(void) {
+	LinphoneCoreManager* marie = linphone_core_manager_new( "marie_rc");
+	LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_rc");
+	linphone_core_set_user_agent(marie->lc,"Natted Linphone",NULL);
+	linphone_core_set_user_agent(pauline->lc,"Natted Linphone",NULL);
+	CU_ASSERT_TRUE(call(pauline,marie));
+	check_rtcp(pauline,marie);
+
+#ifdef VIDEO_ENABLED
+	CU_ASSERT_TRUE(add_video(pauline,marie));
+	check_rtcp(pauline,marie);
+#endif
+
+	/*just to sleep*/
+	linphone_core_terminate_all_calls(pauline->lc);
+	CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&pauline->stat.number_of_LinphoneCallEnd,1));
+	CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_LinphoneCallEnd,1));
+
+	linphone_core_manager_destroy(marie);
+	linphone_core_manager_destroy(pauline);
+
+}
+
 static void call_with_declined_video(void) {
 	LinphoneCoreManager* marie = linphone_core_manager_new( "marie_rc");
 	LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_rc");
@@ -703,6 +762,8 @@ static void video_call(void) {
 	linphone_call_send_vfu_request(marie_call);
 	CU_ASSERT_TRUE( wait_for(marie->lc,pauline->lc,&marie->stat.number_of_IframeDecoded,1));
 
+	check_rtcp(marie,pauline);
+
 	linphone_core_terminate_all_calls(pauline->lc);
 	CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&pauline->stat.number_of_LinphoneCallEnd,1));
 	CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_LinphoneCallEnd,1));
@@ -901,6 +962,7 @@ static void srtp_ice_call(void) {
 		add_video(pauline,marie);
 
 		CU_ASSERT_TRUE(check_ice(pauline,marie,LinphoneIceStateHostConnection));
+		check_rtcp(marie,pauline);
 #endif
 		/*wait for ice to found the direct path*/
 		CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_IframeDecoded,1));
@@ -1156,6 +1218,7 @@ test_t call_tests[] = {
 	{ "Call with DNS timeout", call_with_dns_time_out },
 	{ "Cancelled ringing call", cancelled_ringing_call },
 	{ "Simple call", simple_call },
+	{ "Call with media relay", call_with_media_relay},
 	{ "Simple call compatibility mode", simple_call_compatibility_mode },
 	{ "Early-media call", early_media_call },
 	{ "Call terminated by caller", call_terminated_by_caller },

tester/certificates/agent.pem

@@ -1,137 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDHZG78iwkkxJeq3ZPuQwY9DfdcNCvHXayW+5p5VUULV50ohJKt
-JJzhp5ysq4VH7q/dmOnMnbYTACnqVSlph88zRdQJd/g0h6T4DyWa5Jxe+R1hwLWV
-fgeSXstCK8m9SwxKqnqA5mPZxfARXg3r4XWkUK2A1lWIXCkZU3MMD4JJ4QIDAQAB
-AoGAGgyi+1dmwGj2r5n3I5+aBwv2DxO5zHgOfkMssUFUneC6ZXq8duZboJd3Po/B
-/93NGBRMJzFLgjv5PeYWXPUjOoJT7eg0aDJKX/uMKSvzhyIL/bUJPfyo2GCmkAr5
-CF5EBFFjlsui2kSFusxbQmyzZkkIl3OYdlTBdQFsmEROk8kCQQD3aW1ZPbDkSxsi
-09VZBWVW95LojcxYQeqjPTs8EAB2jKmR4aw8KGKCz+yBGwiSdukDZ/p3IftuifHk
-J+3a6kqnAkEAzlBKjM8xVWprTp/3p1DMYNA+KNsXuf08xGB/zegpU561FjUzK7U4
-QKyDSIaRgSv4WAJbIauwaZdydM6Q0DnANwJBAKEQGQeHiaiU3E2H6dPSF27OLO0H
-ooeyIbWzHuSy5hpG5/z4FM/02myePzCtEJ+ImZiGEB+OF8iWNMp60/U3oPECQAoR
-RPIGEkQ2wzG9AJq7iJ2Yy8+2kTvULajvhI0JrSqVbgS9Z9fUKgCN6oIZfvQsrxus
-UcIc3KjqaP1mLw7aIpUCQH5S0B+GOwKa8+RbuRcgBvksqkRwRZn6jawoNJJSBCDn
-gQJ5B9PvJXppTsbnulSD2srhUqCR1pzGfnl8bYV8b8Q=
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDbTCCAtagAwIBAgIBADANBgkqhkiG9w0BAQUFADCBuzELMAkGA1UEBhMCRlIx
-EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
-DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
-BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
-YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTMwNDMwMTQzMTE3WhcN
-MTQwNDMwMTQzMTE3WjCBvzELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3Rh
-dGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQKDBlCZWxsZWRvbm5lIENvbW11
-bmljYXRpb25zMQwwCgYDVQQLDANMQUIxGjAYBgNVBAMMEXNpcDIubGlucGhvbmUu
-b3JnMTowOAYJKoZIhvcNAQkBFitqZWhhbi5tb25uaWVyQGJlbGxlZG9ubmUtY29t
-bXVuaWNhdGlvbnMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHZG78
-iwkkxJeq3ZPuQwY9DfdcNCvHXayW+5p5VUULV50ohJKtJJzhp5ysq4VH7q/dmOnM
-nbYTACnqVSlph88zRdQJd/g0h6T4DyWa5Jxe+R1hwLWVfgeSXstCK8m9SwxKqnqA
-5mPZxfARXg3r4XWkUK2A1lWIXCkZU3MMD4JJ4QIDAQABo3sweTAJBgNVHRMEAjAA
-MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
-BgNVHQ4EFgQUMhkW8N0sNI/+El1P4AzuxQbIsYwwHwYDVR0jBBgwFoAUBl9dxxav
-YvgtbnEDiKDWHSsEf7owDQYJKoZIhvcNAQEFBQADgYEAkzT/wjLRg4JXAZDZ1uVR
-uAXrftoKrsvTysRU7Lr+N5W9FPoWqBh35Kx5SnRN3LYf0OIaJ5hufC8v+SOIJ6Me
-QpKMlMY05Fz7R2aXkSS3Ie1GUJNKnWmos2uRFIMgIpFpr2VAZqVlsjC6J7SKIdGw
-JvmtefxJrjl8Tpzw5uRNC58=
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAxx5TlbzfmfCneIzofE09/4lr+hQk2ihrBAgZi+kVto5o/oW8
-xtvUfek6dOcF8lK6Ss6AvTQH/4SrK8Ico72eOaxTXjBxpdZuEvftmowawUqvr8DV
-dwsleFcp7pmdNarG6WxW9d690ixE4TKpvSYAzoVv2z/0PxjGLNTALcfav8tCvjEv
-804Pw4NuSmW6wjw+kRKTz/l4wYNlVXsAXt30xAuELkbHEVmcFBL5Al4CsgwF0su3
-oA8/IYE+eOIFu6ANZa8h2t9yHZSDlAwhe0yPRt0NDzp3RbsaG0oPudkmP3ithTJz
-5Pmf7Oq46Ko2Wk3GfxykaoYpvjBTahkWOUoFowIDAQABAoIBABMZ/qy7rLuo0XgI
-FHlwM4VjGn+oFQz0maeOW10HpDSaHspj7AMrrYvSpu/2BaUEeKiafNEpv6ashHsz
-KOowU5B2zpyXix98nZymOh38WMi4MHhsyE2ePR75RaWFCQbP9jsIUKNPlegmpQjx
-gkUJ80PcmyluTjELYF+GnVUG+h4x5y2RiUiQr+zTUXGTBDny3jKdtMrmctqkG9hQ
-cgIV/RG+CaFGxdkTShHEAhpd+g0DIivHZctwrF7Q1WFJBj3zChe223a6JdF2ke4c
-Rr79PkHkCWGwv6Rp/95XUnQKJ8/FPTNtFoGzR6bhKmWqh3q2qfZKRKtXw2LBwFJp
-f8U5++kCgYEA8ieuaVqKmCZwm/WRWeimG+UHs+EtHLgmj18ylD1jKQaRetSDcZ4m
-6ounfrxyBL7DBDym/CeWbq9OI9cQB2RGLK3To6vj1UbRQ6tKiRzDq933sYZoEcTs
-kBzexW8oUsclAvqYbqEjxEoEQrgHTWvjuHYiTrNlOAo+eL0VV6trZMUCgYEA0oC8
-40I8quYILtlkSYT3+iMRX4Vy1BzzMOkzRrA9jFoJZIxcOnWitJWmfBcXgOckt9ka
-XchsxOcYbNa9CuI7YKrJ5SNP9cjxcxsd/gieQXcN3J/nebFwlsQFN1e8mZIZj7ik
-nDf+r0lyuighDR7dLjR00a39csLCx6dH0amb90cCgYB+9jEqya7q0RSvoJQh2Knm
-7DEardASQ7br6tTBBmKMKwZxqSR1mJ780FX0S+dX95CWExrWEAd+ZumIPwUHaxqj
-6EuTf9cHhobHfPKqautonAt3B2pfDqmdcZWXXI1+wSz1n9/1+QSgsNIFDSm+/Pc7
-Sqz4KHTEahKRCUo8WgMHpQKBgQCXeFdy2Bi7iKbev0Mwu+OMNGut5mLISsSbr1Jc
-TTkcozUbCvzafAdGFmEj7aHV+X0sZaZZUX0i+n9S4fpJuJytZHe+z/gbjipff2XH
-hAAMb1SkKtPvd0Ti185BEnr9rmmCR4T7fDdhfmJ1naaawFi7hLeCocY8K/TooXBG
-Z9t4xQKBgQDCqZ5Gumy+pvyUqLXtgrCmWlbr03ONBKb9n662thWeBWpCKb2e0RUA
-oxTZvVsTQz88Ageoh55QHIe85//iT2wDtjUFcc80aoWDDhQuwxnu7jtEyj1wytl9
-SIsjG4JDTK1tBAVZFxyS5sMLZ2nonzynAyHPN0j1UCHF2T2Hk7/vEQ==
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIEFzCCA4CgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBuzELMAkGA1UEBhMCRlIx
-EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
-DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
-BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
-YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTMwNzE1MTQzNDQ3WhcN
-MTYwNzE0MTQzNDQ3WjCBnTELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEi
-MCAGA1UECgwZQmVsbGVkb25uZSBDb21tdW5pY2F0aW9uczEMMAoGA1UECwwDTEFC
-MRUwEwYDVQQDDAx1c2VsZXNzLm5hbWUxNDAyBgkqhkiG9w0BCQEWJWNvbnRhY3RA
-YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDHHlOVvN+Z8Kd4jOh8TT3/iWv6FCTaKGsECBmL6RW2jmj+
-hbzG29R96Tp05wXyUrpKzoC9NAf/hKsrwhyjvZ45rFNeMHGl1m4S9+2ajBrBSq+v
-wNV3CyV4VynumZ01qsbpbFb13r3SLEThMqm9JgDOhW/bP/Q/GMYs1MAtx9q/y0K+
-MS/zTg/Dg25KZbrCPD6REpPP+XjBg2VVewBe3fTEC4QuRscRWZwUEvkCXgKyDAXS
-y7egDz8hgT544gW7oA1lryHa33IdlIOUDCF7TI9G3Q0POndFuxobSg+52SY/eK2F
-MnPk+Z/s6rjoqjZaTcZ/HKRqhim+MFNqGRY5SgWjAgMBAAGjgcIwgb8wCQYDVR0T
-BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNh
-dGUwHQYDVR0OBBYEFFTLqxYKaMQ+dgVPEwvjWt0QWh2uMB8GA1UdIwQYMBaAFAZf
-XccWr2L4LW5xA4ig1h0rBH+6MAsGA1UdDwQEAwIF4DA3BgNVHREEMDAughVhbHRu
-YW1lMS5saW5waG9uZS5vcmeCFWFsdG5hbWUyLmxpbnBob25lLm9yZzANBgkqhkiG
-9w0BAQUFAAOBgQBZ8yk7MMp+wyiEH/4HF/MTobAmNJxgnVGvz3lnGGNXCrE9hJiA
-xNdh0jfQfLMVJN5MtkpcM6Md9wowXkIMakpDIiTwnl+ve6GPOypZv2TXrm68sYid
-SXlvHqN5G12HMUP577NNQxgpod6+d0jW6oPYWx1a7kCa8hOlKTRvajMyjQ==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAxGYHUVdxtkJCtFbaFd31aflHq7px9Yz/QhJUuivf30UNfgwT
-k7n8UQG4G7F+LXno04uNR0B4mPPLRcfibLCKzDgMwHKReqnwtS35r2Pvfva3vvdB
-ZOA7HkFIEpcp8R8XxK3Lcmcn1yYAravYKawM6QwkQv1FdM0TeRNTXXSqc4/Ty1Sd
-WjoJxyEbGb8N44MRIfi6fePYlpKKI7/nQ8Y+E1f87OhOcBV+33b0hBXDLBY9XqsR
-7JaZDpwlMBRsTTFU6+ApF4q4RmGFoACA2ZO4GkE8OdIbRLhPa8DPVzfo52sJhmSM
-gPw8JN3TRYxbmEF+KhVejdmGxtAKNEBzEwbnwwIDAQABAoIBAQCbhdP7pMxGMLhT
-yIcQU+C4F4+avJzrfsjP0GZJut6gFjV2ACgsjlXw6/SX8XjimCw4AMVSjAozzLLG
-Ql/aA/8VcrkeWFs9kH8tagfTzMZlewfMcE3XjP0jmzxwhEXRS/btZ1a49FkHNW/K
-F0+oyDa9AUFhzuAGezMVaKlWU0F7GiGciGWRTUqt9CxtbagVdCo6Oilo1pEVpf8S
-aEM0Eyl7VnkjPBWZ/wZwEhetvrFl/Wb0k31d0TkmcNpIGHd+nAbBhoJkZ0MISC64
-TmJaDW982xIV30FlGmm/tKGO4a5xTEwlw5E3k8ReubLGS8RkHLXNZKmxQK5fA1BJ
-mcwa5ue5AoGBAOg40SDdLYzL8fpASBVXi15s3muAOODO9hVGzIUp/2OVxQ6SGK2P
-tEI2UJwjKJtgVHgs/dN4uHhmYN+n6DPOWMt0x7UigFlskr0qjKfAEfi1hb6S1ZPR
-hCWPe1NnOMKkNnasMVETkfS7FKxQ4DfhU+I0geXfKXCY7HZZRz/4Fg+XAoGBANiC
-LlCzeTzkdY1+Es1MyBApyZCHWUK1aJbHhA5BYr+aojIl9t/962ioBcFQ3j4krq4x
-OcQqcbu7lUSR/YdDSLkRxMH7AEfbKwwJUa4NrxAjSRkvbWVyNVGLa5B9eXj9zS3Q
-AV23BKwjuWOmSCg70EsxeSyKEwvdvdrGfKWMfW61AoGAIC5PfNhpyYsxu1ZRJvP8
-0lcP86HPQAguPgCTsxiA1dIZfs1sMhEqD8rrHNgadn3A9u51NmsSVU0Ku7PPD+7W
-i0thqY5gbwQGycQtvcl2NBsjr6c1hciRIYtiscoqKX8MNSHjq7KklV+fm8mRaO0G
-7OAN6EcmvP3UNwpkP08n730CgYEAhtcM4VXle/cM/0I1k4buUqKz1j91aAZzTPSV
-Wgt+5LX5riHWz0nlAxkh/HPQ9gMCh5pAz9tfWfxJyprhuww8joZydB1O33GwLZ7g
-L/Z1wSc4r2bKSxQGAPND2olKzf/DeXTCZQtG7a6SF23IIsadwzbcsNCNbCZ9x3M2
-ziPhOsECgYB9BU7vYn5LMTtA7FIx+Fv//aepoBT/+pC8AUCA7EX5vEIf3cxEwesm
-CkHknaKWlxhlK379OKQryYrUsRxjxwFd0DNK5tT+jx6m8VVKe1Bz/8uYZDNCtJr0
-zoqngR61r5jCYZLYcggcTimVoHMJXxcdsReBX8P7u3JNU2CulGvX7w==
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIID6DCCA1GgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBuzELMAkGA1UEBhMCRlIx
-EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
-DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
-BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
-YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTMwNzE1MTQ0MDM4WhcN
-MTYwNzE0MTQ0MDM4WjCBpzELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEi
-MCAGA1UECgwZQmVsbGVkb25uZSBDb21tdW5pY2F0aW9uczEMMAoGA1UECwwDTEFC
-MR8wHQYDVQQDDBYqLndpbGRjYXJkLmxpbnBob25lLmZyMTQwMgYJKoZIhvcNAQkB
-FiVjb250YWN0QGJlbGxlZG9ubmUtY29tbXVuaWNhdGlvbnMuY29tMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGYHUVdxtkJCtFbaFd31aflHq7px9Yz/
-QhJUuivf30UNfgwTk7n8UQG4G7F+LXno04uNR0B4mPPLRcfibLCKzDgMwHKReqnw
-tS35r2Pvfva3vvdBZOA7HkFIEpcp8R8XxK3Lcmcn1yYAravYKawM6QwkQv1FdM0T
-eRNTXXSqc4/Ty1SdWjoJxyEbGb8N44MRIfi6fePYlpKKI7/nQ8Y+E1f87OhOcBV+
-33b0hBXDLBY9XqsR7JaZDpwlMBRsTTFU6+ApF4q4RmGFoACA2ZO4GkE8OdIbRLhP
-a8DPVzfo52sJhmSMgPw8JN3TRYxbmEF+KhVejdmGxtAKNEBzEwbnwwIDAQABo4GJ
-MIGGMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVk
-IENlcnRpZmljYXRlMB0GA1UdDgQWBBRJAgxmoZo5VCDjeR/tR5XZtE2NtzAfBgNV
-HSMEGDAWgBQGX13HFq9i+C1ucQOIoNYdKwR/ujALBgNVHQ8EBAMCBeAwDQYJKoZI
-hvcNAQEFBQADgYEAXxtgbwO3/ilkEx3jW8wlBN4dg++EBCsw0RkhhiNyWLwF7OOf
-xttppVNF4HW3xiOAs7FUSIgiNwHd+j8N3LpJxBpd7ePSaKy/U1EWoj38u8q5Q1gU
-d3Lu+D0XaQvZyVW7xoYwTLa9CmRItow4GIkExoUhyrurbOmJ/3q9/SRGWF8=
------END CERTIFICATE-----

tester/certificates/altname/agent.pem

@@ -0,0 +1,76 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDHZG78iwkkxJeq3ZPuQwY9DfdcNCvHXayW+5p5VUULV50ohJKt
+JJzhp5ysq4VH7q/dmOnMnbYTACnqVSlph88zRdQJd/g0h6T4DyWa5Jxe+R1hwLWV
+fgeSXstCK8m9SwxKqnqA5mPZxfARXg3r4XWkUK2A1lWIXCkZU3MMD4JJ4QIDAQAB
+AoGAGgyi+1dmwGj2r5n3I5+aBwv2DxO5zHgOfkMssUFUneC6ZXq8duZboJd3Po/B
+/93NGBRMJzFLgjv5PeYWXPUjOoJT7eg0aDJKX/uMKSvzhyIL/bUJPfyo2GCmkAr5
+CF5EBFFjlsui2kSFusxbQmyzZkkIl3OYdlTBdQFsmEROk8kCQQD3aW1ZPbDkSxsi
+09VZBWVW95LojcxYQeqjPTs8EAB2jKmR4aw8KGKCz+yBGwiSdukDZ/p3IftuifHk
+J+3a6kqnAkEAzlBKjM8xVWprTp/3p1DMYNA+KNsXuf08xGB/zegpU561FjUzK7U4
+QKyDSIaRgSv4WAJbIauwaZdydM6Q0DnANwJBAKEQGQeHiaiU3E2H6dPSF27OLO0H
+ooeyIbWzHuSy5hpG5/z4FM/02myePzCtEJ+ImZiGEB+OF8iWNMp60/U3oPECQAoR
+RPIGEkQ2wzG9AJq7iJ2Yy8+2kTvULajvhI0JrSqVbgS9Z9fUKgCN6oIZfvQsrxus
+UcIc3KjqaP1mLw7aIpUCQH5S0B+GOwKa8+RbuRcgBvksqkRwRZn6jawoNJJSBCDn
+gQJ5B9PvJXppTsbnulSD2srhUqCR1pzGfnl8bYV8b8Q=
+-----END RSA PRIVATE KEY-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com
+        Validity
+            Not Before: Sep 23 15:58:58 2013 GMT
+            Not After : Sep 23 15:58:58 2014 GMT
+        Subject: C=FR, ST=France, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=See altname for DNS name/emailAddress=jehan.monnier@belledonne-communications.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c7:64:6e:fc:8b:09:24:c4:97:aa:dd:93:ee:43:
+                    06:3d:0d:f7:5c:34:2b:c7:5d:ac:96:fb:9a:79:55:
+                    45:0b:57:9d:28:84:92:ad:24:9c:e1:a7:9c:ac:ab:
+                    85:47:ee:af:dd:98:e9:cc:9d:b6:13:00:29:ea:55:
+                    29:69:87:cf:33:45:d4:09:77:f8:34:87:a4:f8:0f:
+                    25:9a:e4:9c:5e:f9:1d:61:c0:b5:95:7e:07:92:5e:
+                    cb:42:2b:c9:bd:4b:0c:4a:aa:7a:80:e6:63:d9:c5:
+                    f0:11:5e:0d:eb:e1:75:a4:50:ad:80:d6:55:88:5c:
+                    29:19:53:73:0c:0f:82:49:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Key Usage: 
+                Digital Signature, Non Repudiation, Key Encipherment
+            X509v3 Subject Alternative Name: 
+                DNS:altname.linphone.org, DNS:*.wildcard2.linphone.org
+    Signature Algorithm: sha1WithRSAEncryption
+         21:05:d3:36:82:5d:f4:f4:70:71:17:ac:06:12:49:0c:d6:c3:
+         21:07:9c:2f:79:c8:14:da:e5:3a:92:04:22:5b:74:cf:53:3c:
+         95:33:51:93:66:04:59:c6:3d:dd:22:cf:3f:f8:0e:24:93:6b:
+         2a:02:f7:bf:ba:89:1b:72:9a:d4:1b:bf:22:3d:08:51:13:a4:
+         bf:43:d2:89:a1:c5:f2:e3:04:24:1e:d4:33:64:06:83:2d:b6:
+         66:34:16:a9:f4:8d:6f:3f:71:86:ab:73:19:36:ae:43:29:7e:
+         9d:6c:35:3a:75:f4:22:8b:c5:e3:1e:ee:c1:0d:d7:63:cc:95:
+         4a:6a
+-----BEGIN CERTIFICATE-----
+MIIDSjCCArOgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBuzELMAkGA1UEBhMCRlIx
+EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
+DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
+BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
+YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTMwOTIzMTU1ODU4WhcN
+MTQwOTIzMTU1ODU4WjCBwjELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTER
+MA8GA1UEBwwIR3Jlbm9ibGUxIjAgBgNVBAoMGUJlbGxlZG9ubmUgQ29tbXVuaWNh
+dGlvbnMxDDAKBgNVBAsMA0xBQjEhMB8GA1UEAwwYU2VlIGFsdG5hbWUgZm9yIERO
+UyBuYW1lMTowOAYJKoZIhvcNAQkBFitqZWhhbi5tb25uaWVyQGJlbGxlZG9ubmUt
+Y29tbXVuaWNhdGlvbnMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH
+ZG78iwkkxJeq3ZPuQwY9DfdcNCvHXayW+5p5VUULV50ohJKtJJzhp5ysq4VH7q/d
+mOnMnbYTACnqVSlph88zRdQJd/g0h6T4DyWa5Jxe+R1hwLWVfgeSXstCK8m9SwxK
+qnqA5mPZxfARXg3r4XWkUK2A1lWIXCkZU3MMD4JJ4QIDAQABo1UwUzAJBgNVHRME
+AjAAMAsGA1UdDwQEAwIF4DA5BgNVHREEMjAwghRhbHRuYW1lLmxpbnBob25lLm9y
+Z4IYKi53aWxkY2FyZDIubGlucGhvbmUub3JnMA0GCSqGSIb3DQEBBQUAA4GBACEF
+0zaCXfT0cHEXrAYSSQzWwyEHnC95yBTa5TqSBCJbdM9TPJUzUZNmBFnGPd0izz/4
+DiSTayoC97+6iRtymtQbvyI9CFETpL9D0omhxfLjBCQe1DNkBoMttmY0Fqn0jW8/
+cYarcxk2rkMpfp1sNTp19CKLxeMe7sEN12PMlUpq
+-----END CERTIFICATE-----

tester/certificates/altname/openssl-altname.cnf

@@ -0,0 +1,359 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+ req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= FR
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= France
+
+localityName			= Locality Name (eg, city)
+localityName_default		= Grenoble
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Belledonne Communications
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= LAB
+#organizationalUnitName_default	=
+
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_max			= 64
+commonName_default		= See altname for DNS name
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+emailAddress_default		= jehan.monnier@belledonne-communications.com
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = altname.linphone.org
+DNS.2 = *.wildcard2.linphone.org
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= ./demoCA		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)

tester/certificates/cn/agent.pem

@@ -0,0 +1,80 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDHZG78iwkkxJeq3ZPuQwY9DfdcNCvHXayW+5p5VUULV50ohJKt
+JJzhp5ysq4VH7q/dmOnMnbYTACnqVSlph88zRdQJd/g0h6T4DyWa5Jxe+R1hwLWV
+fgeSXstCK8m9SwxKqnqA5mPZxfARXg3r4XWkUK2A1lWIXCkZU3MMD4JJ4QIDAQAB
+AoGAGgyi+1dmwGj2r5n3I5+aBwv2DxO5zHgOfkMssUFUneC6ZXq8duZboJd3Po/B
+/93NGBRMJzFLgjv5PeYWXPUjOoJT7eg0aDJKX/uMKSvzhyIL/bUJPfyo2GCmkAr5
+CF5EBFFjlsui2kSFusxbQmyzZkkIl3OYdlTBdQFsmEROk8kCQQD3aW1ZPbDkSxsi
+09VZBWVW95LojcxYQeqjPTs8EAB2jKmR4aw8KGKCz+yBGwiSdukDZ/p3IftuifHk
+J+3a6kqnAkEAzlBKjM8xVWprTp/3p1DMYNA+KNsXuf08xGB/zegpU561FjUzK7U4
+QKyDSIaRgSv4WAJbIauwaZdydM6Q0DnANwJBAKEQGQeHiaiU3E2H6dPSF27OLO0H
+ooeyIbWzHuSy5hpG5/z4FM/02myePzCtEJ+ImZiGEB+OF8iWNMp60/U3oPECQAoR
+RPIGEkQ2wzG9AJq7iJ2Yy8+2kTvULajvhI0JrSqVbgS9Z9fUKgCN6oIZfvQsrxus
+UcIc3KjqaP1mLw7aIpUCQH5S0B+GOwKa8+RbuRcgBvksqkRwRZn6jawoNJJSBCDn
+gQJ5B9PvJXppTsbnulSD2srhUqCR1pzGfnl8bYV8b8Q=
+-----END RSA PRIVATE KEY-----
+
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com
+        Validity
+            Not Before: Sep 23 16:13:11 2013 GMT
+            Not After : Sep 21 16:13:11 2023 GMT
+        Subject: C=FR, ST=France, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=sip2.linphone.org, CN=*.wildcard1.linphone.org/emailAddress=jehan.monnier@belledonne-communications.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (1024 bit)
+                Modulus:
+                    00:c7:64:6e:fc:8b:09:24:c4:97:aa:dd:93:ee:43:
+                    06:3d:0d:f7:5c:34:2b:c7:5d:ac:96:fb:9a:79:55:
+                    45:0b:57:9d:28:84:92:ad:24:9c:e1:a7:9c:ac:ab:
+                    85:47:ee:af:dd:98:e9:cc:9d:b6:13:00:29:ea:55:
+                    29:69:87:cf:33:45:d4:09:77:f8:34:87:a4:f8:0f:
+                    25:9a:e4:9c:5e:f9:1d:61:c0:b5:95:7e:07:92:5e:
+                    cb:42:2b:c9:bd:4b:0c:4a:aa:7a:80:e6:63:d9:c5:
+                    f0:11:5e:0d:eb:e1:75:a4:50:ad:80:d6:55:88:5c:
+                    29:19:53:73:0c:0f:82:49:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                32:19:16:F0:DD:2C:34:8F:FE:12:5D:4F:E0:0C:EE:C5:06:C8:B1:8C
+            X509v3 Authority Key Identifier: 
+                keyid:06:5F:5D:C7:16:AF:62:F8:2D:6E:71:03:88:A0:D6:1D:2B:04:7F:BA
+
+    Signature Algorithm: sha1WithRSAEncryption
+         af:2e:d2:9a:b9:e0:ca:c8:e3:25:eb:30:0b:5e:02:e9:43:2d:
+         84:09:11:d1:be:8e:a4:86:bf:c7:19:aa:18:c3:55:b2:07:c5:
+         68:ff:c6:39:f7:2b:da:27:85:34:8b:7b:6c:92:8f:ba:aa:9d:
+         44:f3:0c:47:88:7a:0c:b1:e0:c7:6f:eb:af:d2:ab:d0:6d:25:
+         d5:ff:40:37:69:2b:bd:f2:6e:4a:42:32:29:98:27:c7:ec:34:
+         25:eb:22:6f:83:50:82:1c:08:88:77:ec:31:82:c2:0c:77:b1:
+         2b:c9:7d:6c:ff:95:d0:10:cf:8e:9f:2e:eb:a1:a6:40:fc:c0:
+         ec:83
+-----BEGIN CERTIFICATE-----
+MIIDjDCCAvWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBuzELMAkGA1UEBhMCRlIx
+EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK
+DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV
+BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA
+YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTMwOTIzMTYxMzExWhcN
+MjMwOTIxMTYxMzExWjCB3jELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTER
+MA8GA1UEBwwIR3Jlbm9ibGUxIjAgBgNVBAoMGUJlbGxlZG9ubmUgQ29tbXVuaWNh
+dGlvbnMxDDAKBgNVBAsMA0xBQjEaMBgGA1UEAwwRc2lwMi5saW5waG9uZS5vcmcx
+ITAfBgNVBAMMGCoud2lsZGNhcmQxLmxpbnBob25lLm9yZzE6MDgGCSqGSIb3DQEJ
+ARYramVoYW4ubW9ubmllckBiZWxsZWRvbm5lLWNvbW11bmljYXRpb25zLmNvbTCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx2Ru/IsJJMSXqt2T7kMGPQ33XDQr
+x12slvuaeVVFC1edKISSrSSc4aecrKuFR+6v3ZjpzJ22EwAp6lUpaYfPM0XUCXf4
+NIek+A8lmuScXvkdYcC1lX4Hkl7LQivJvUsMSqp6gOZj2cXwEV4N6+F1pFCtgNZV
+iFwpGVNzDA+CSeECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
+T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDIZFvDdLDSP
+/hJdT+AM7sUGyLGMMB8GA1UdIwQYMBaAFAZfXccWr2L4LW5xA4ig1h0rBH+6MA0G
+CSqGSIb3DQEBBQUAA4GBAK8u0pq54MrI4yXrMAteAulDLYQJEdG+jqSGv8cZqhjD
+VbIHxWj/xjn3K9onhTSLe2ySj7qqnUTzDEeIegyx4Mdv66/Sq9BtJdX/QDdpK73y
+bkpCMimYJ8fsNCXrIm+DUIIcCIh37DGCwgx3sSvJfWz/ldAQz46fLuuhpkD8wOyD
+-----END CERTIFICATE-----

tester/certificates/cn/cacert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRjCCAq+gAwIBAgIJAJ3nFcA7qFrOMA0GCSqGSIb3DQEBBQUAMIG7MQswCQYD
+VQQGEwJGUjETMBEGA1UECAwKU29tZS1TdGF0ZTERMA8GA1UEBwwIR3Jlbm9ibGUx
+IjAgBgNVBAoMGUJlbGxlZG9ubmUgQ29tbXVuaWNhdGlvbnMxDDAKBgNVBAsMA0xB
+QjEWMBQGA1UEAwwNSmVoYW4gTW9ubmllcjE6MDgGCSqGSIb3DQEJARYramVoYW4u
+bW9ubmllckBiZWxsZWRvbm5lLWNvbW11bmljYXRpb25zLmNvbTAeFw0xMzA0MzAx
+MzMwMThaFw0yMzA0MjgxMzMwMThaMIG7MQswCQYDVQQGEwJGUjETMBEGA1UECAwK
+U29tZS1TdGF0ZTERMA8GA1UEBwwIR3Jlbm9ibGUxIjAgBgNVBAoMGUJlbGxlZG9u
+bmUgQ29tbXVuaWNhdGlvbnMxDDAKBgNVBAsMA0xBQjEWMBQGA1UEAwwNSmVoYW4g
+TW9ubmllcjE6MDgGCSqGSIb3DQEJARYramVoYW4ubW9ubmllckBiZWxsZWRvbm5l
+LWNvbW11bmljYXRpb25zLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+z5F8mMh3SUr6NUd7tq2uW2Kdn22Zn3kNpLYb78AQK4IoQMOLGXbBdyoXvz1fublg
+bxtLYsiGhICd7Ul9zLGc3edn85LbD3Skb7ERx6MakRnYep3FzagZJhn14QEaZCx6
+3Qs0Ir4rSP7hmlpYt8VO/zqqNR3tsA59O0D9c7bpQ7UCAwEAAaNQME4wHQYDVR0O
+BBYEFAZfXccWr2L4LW5xA4ig1h0rBH+6MB8GA1UdIwQYMBaAFAZfXccWr2L4LW5x
+A4ig1h0rBH+6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAKvmt2m1o
+axGKc0DjiJPypU/NsAf4Yu0nOnY8pHqJJCB0AWVoAPM7vGYPWpeH7LSdGZLuT9eK
+FUWGJhPnkrnklmBdVB0l7qXYjR5uf766HDkoDxuLhNifow3IYvsS+L2Y6puRQb9w
+HLMDE29mBDl0WyoX3h0yR0EiAO15V9A7I10=
+-----END CERTIFICATE-----

tester/certificates/cn/openssl-cn.cnf

@@ -0,0 +1,357 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+countryName_default             = FR
+countryName_min                 = 2
+countryName_max                 = 2
+
+stateOrProvinceName             = State or Province Name (full name)
+stateOrProvinceName_default     = France
+
+localityName                    = Locality Name (eg, city)
+localityName_default            = Grenoble
+
+0.organizationName              = Organization Name (eg, company)
+0.organizationName_default      = Belledonne Communications
+
+# we can do this but it is not needed normally :-)
+#1.organizationName             = Second Organization Name (eg, company)
+#1.organizationName_default     = World Wide Web Pty Ltd
+
+organizationalUnitName          = Organizational Unit Name (eg, section)
+organizationalUnitName_default  = LAB
+#organizationalUnitName_default =
+
+0.commonName                    = Common Name (e.g. server FQDN or YOUR name)
+0.commonName_max                        = 64
+0.commonName_default            = sip2.linphone.org
+
+1.commonName                    = Common Name (e.g. server FQDN or YOUR name)
+1.commonName_max                = 64
+1.commonName_default            = *.wildcard1.linphone.org
+
+emailAddress                    = Email Address
+emailAddress_max                = 64
+emailAddress_default            = jehan.monnier@belledonne-communications.com
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= ./demoCA		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)

tester/flexisip.conf

@@ -37,8 +37,7 @@ aliases=localhost sipopen.example.org sip.example.org auth.example.org auth1.exa
 # 	transports=sips:sip.linphone.org:6060;maddr=192.168.0.29
 #  Default value: sip:*
 #transports=sip:192.168.56.101:5060  sips:192.168.56.101:5061
-transports=sip:127.0.0.1:5060  sips:127.0.0.1:5061
-
+transports=sip:127.0.0.1:5060  sips:127.0.0.1:5061;tls-certificates-dir=/Users/jehanmonnier/workspaces/workspace-macosx/linphone/tester/certificates/cn sips:127.0.0.1:5062;tls-certificates-dir=/Users/jehanmonnier/workspaces/workspace-macosx/linphone/tester/certificates/altname
 # An absolute path of a directory where TLS server certificate and
 # private key can be found, concatenated inside an 'agent.pem' file.
 #  Default value: /etc/flexisip/tls
@@ -444,14 +443,14 @@ routes=
 [module::MediaRelay]
 # Indicate whether the module is activated.
 #  Default value: true
-enabled=false
+enabled=true
 
 # A request/response enters module if the boolean filter evaluates
 # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain
 # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org')
-# && (user-agent == 'Linphone v2')
+# && (:q
 #  Default value: 
-filter=
+filter= (user-agent contains 'Natted Linphone')
 
 # SDP attribute set by the first proxy to forbid subsequent proxies
 # to provide relay.

tester/pauline_alt_rc

@@ -1,42 +1,20 @@
 [sip]
-sip_port=5072
-sip_tcp_port=5072
-sip_tls_port=5073
+sip_tls_port=-1
 default_proxy=0
-ping_with_options=0
 register_only_when_network_is_up=0
 
 [auth_info_0]
 username=pauline
 userid=pauline
 passwd=secret
-realm="altname2.linphone.org"
+realm=sip.example.org
 
 
 [proxy_0]
-reg_proxy=sip2.linphone.org;transport=tls
-reg_route=sip2.linphone.org;transport=tls
-reg_identity=sip:pauline@altname2.linphone.org
+reg_proxy=altname.linphone.org:5062;transport=tls
+reg_identity=sip:pauline@sip.example.org
 reg_expires=3600
 reg_sendregister=1
 publish=0
 dial_escape_plus=0
 
-
-[rtp]
-audio_rtp_port=8090
-video_rtp_port=8092
-
-[video]
-display=0
-capture=0
-show_local=0
-size=vga
-enabled=0
-self_view=0
-automatically_initiate=0
-automatically_accept=0
-device=StaticImage: Static picture
-
-[sound]
-echocancellation=0 #to not overload cpu in case of VG

tester/pauline_wild_rc

@@ -1,42 +1,29 @@
 [sip]
-sip_port=5072
-sip_tcp_port=5072
-sip_tls_port=5073
+sip_tls_port=-1
 default_proxy=0
-ping_with_options=0
 register_only_when_network_is_up=0
 
 [auth_info_0]
 username=pauline
 userid=pauline
 passwd=secret
-realm="sip.wildcard.linphone.org"
+realm=sip.example.org
 
 
 [proxy_0]
-reg_proxy=sip2.linphone.org;transport=tls
-reg_route=sip2.linphone.org;transport=tls
-reg_identity=sip:pauline@sip.wildcard.linphone.org
+reg_proxy=sip.wildcard1.linphone.org;transport=tls
+reg_identity=sip:pauline@sip.example.org
 reg_expires=3600
 reg_sendregister=1
 publish=0
 dial_escape_plus=0
 
 
-[rtp]
-audio_rtp_port=8090
-video_rtp_port=8092
+[proxy_1]
+reg_proxy=altname.wildcard2.linphone.org:5062;transport=tls
+reg_identity=sip:pauline@sip.example.org
+reg_expires=3600
+reg_sendregister=1
+publish=0
+dial_escape_plus=0
 
-[video]
-display=0
-capture=0
-show_local=0
-size=vga
-enabled=0
-self_view=0
-automatically_initiate=0
-automatically_accept=0
-device=StaticImage: Static picture
-
-[sound]
-echocancellation=0 #to not overload cpu in case of VG

tester/register_tester.c

@@ -29,8 +29,6 @@ static LinphoneCoreManager* create_lcm_with_auth(unsigned int with_auth) {
 		mgr->lc->vtable.auth_info_requested=auth_info_requested;
 	}
 	
-	/* until we have good certificates on our test server... */
-	linphone_core_verify_server_certificates(mgr->lc,FALSE);
 	/*to allow testing with 127.0.0.1*/
 	linphone_core_set_network_reachable(mgr->lc,TRUE);
 	return mgr;
@@ -595,7 +593,7 @@ static void tls_wildcard_register(){
 	snprintf(rootcapath,sizeof(rootcapath), "%s/certificates/cacert.pem", liblinphone_tester_file_prefix);
 	linphone_core_set_root_ca(mgr->lc,rootcapath);
 	linphone_core_refresh_registers(mgr->lc);
-	CU_ASSERT_TRUE(wait_for(lc,lc,&mgr->stat.number_of_LinphoneRegistrationOk,1));
+	CU_ASSERT_TRUE(wait_for(lc,lc,&mgr->stat.number_of_LinphoneRegistrationOk,2));
 	CU_ASSERT_EQUAL(mgr->stat.number_of_LinphoneRegistrationFailed,0);
 	linphone_core_destroy(mgr->lc);
 }

tester/tester_hosts

@@ -1 +1 @@
-94.23.19.176	sip.example.org sipopen.example.org auth.example.org auth1.example.org auth2.example.org
+94.23.19.176	sip2.linphone.org sip.example.org sipopen.example.org auth.example.org auth1.example.org auth2.example.org altname.linphone.org sip.wildcard1.linphone.org altname.wildcard2.linphone.org