From 26850e521381cd0675af2da18bb6de9f2cf5ad0f Mon Sep 17 00:00:00 2001 From: Jehan Monnier Date: Tue, 24 Sep 2013 08:48:32 +0200 Subject: [PATCH] update certificate test, use mediastream stats/iterate --- coreapi/linphonecall.c | 12 +- mediastreamer2 | 2 +- oRTP | 2 +- tester/call_tester.c | 69 +++- tester/certificates/agent.pem | 137 ------- tester/certificates/altname/agent.pem | 76 ++++ tester/certificates/{ => altname}/cacert.pem | 0 .../certificates/altname/openssl-altname.cnf | 359 ++++++++++++++++++ tester/certificates/cn/agent.pem | 80 ++++ tester/certificates/cn/cacert.pem | 20 + tester/certificates/cn/openssl-cn.cnf | 357 +++++++++++++++++ tester/flexisip.conf | 9 +- tester/pauline_alt_rc | 30 +- tester/pauline_wild_rc | 35 +- tester/register_tester.c | 4 +- tester/tester_hosts | 2 +- 16 files changed, 987 insertions(+), 207 deletions(-) delete mode 100644 tester/certificates/agent.pem create mode 100644 tester/certificates/altname/agent.pem rename tester/certificates/{ => altname}/cacert.pem (100%) create mode 100644 tester/certificates/altname/openssl-altname.cnf create mode 100644 tester/certificates/cn/agent.pem create mode 100644 tester/certificates/cn/cacert.pem create mode 100644 tester/certificates/cn/openssl-cn.cnf diff --git a/coreapi/linphonecall.c b/coreapi/linphonecall.c index 335e49dc7..9b97ecc93 100644 --- a/coreapi/linphonecall.c +++ b/coreapi/linphonecall.c @@ -2245,11 +2245,11 @@ void linphone_call_stop_recording(LinphoneCall *call){ * @} **/ -static void report_bandwidth(LinphoneCall *call, RtpSession *as, RtpSession *vs){ - call->stats[LINPHONE_CALL_STATS_AUDIO].download_bandwidth=(as!=NULL) ? (rtp_session_compute_recv_bandwidth(as)*1e-3) : 0; - call->stats[LINPHONE_CALL_STATS_AUDIO].upload_bandwidth=(as!=NULL) ? (rtp_session_compute_send_bandwidth(as)*1e-3) : 0; - call->stats[LINPHONE_CALL_STATS_VIDEO].download_bandwidth=(vs!=NULL) ? (rtp_session_compute_recv_bandwidth(vs)*1e-3) : 0; - call->stats[LINPHONE_CALL_STATS_VIDEO].upload_bandwidth=(vs!=NULL) ? (rtp_session_compute_send_bandwidth(vs)*1e-3) : 0; +static void report_bandwidth(LinphoneCall *call, MediaStream *as, MediaStream *vs){ + call->stats[LINPHONE_CALL_STATS_AUDIO].download_bandwidth=(as!=NULL) ? (media_stream_get_down_bw(as)*1e-3) : 0; + call->stats[LINPHONE_CALL_STATS_AUDIO].upload_bandwidth=(as!=NULL) ? (media_stream_get_up_bw(as)*1e-3) : 0; + call->stats[LINPHONE_CALL_STATS_VIDEO].download_bandwidth=(vs!=NULL) ? (media_stream_get_down_bw(vs)*1e-3) : 0; + call->stats[LINPHONE_CALL_STATS_VIDEO].upload_bandwidth=(vs!=NULL) ? (media_stream_get_up_bw(vs)*1e-3) : 0; ms_message("bandwidth usage: audio=[d=%.1f,u=%.1f] video=[d=%.1f,u=%.1f] kbit/sec", call->stats[LINPHONE_CALL_STATS_AUDIO].download_bandwidth, call->stats[LINPHONE_CALL_STATS_AUDIO].upload_bandwidth , @@ -2364,7 +2364,7 @@ void linphone_call_background_tasks(LinphoneCall *call, bool_t one_second_elapse video_load=ms_ticker_get_average_load(call->videostream->ms.ticker); vs=call->videostream->ms.session; } - report_bandwidth(call,as,vs); + report_bandwidth(call,(MediaStream*)call->audiostream,(MediaStream*)call->videostream); ms_message("Thread processing load: audio=%f\tvideo=%f",audio_load,video_load); } diff --git a/mediastreamer2 b/mediastreamer2 index ac5233ae1..5b941cb16 160000 --- a/mediastreamer2 +++ b/mediastreamer2 @@ -1 +1 @@ -Subproject commit ac5233ae16394d59cf4d9783a229f2adc2111b12 +Subproject commit 5b941cb169940ae643de86e957daa86c31c25145 diff --git a/oRTP b/oRTP index 706f0b59f..ce8c19753 160000 --- a/oRTP +++ b/oRTP @@ -1 +1 @@ -Subproject commit 706f0b59f818a69c673053e831fa1f19a855f80b +Subproject commit ce8c19753495b4ad16a6c5df2bf2bf235443f762 diff --git a/tester/call_tester.c b/tester/call_tester.c index 74364fb66..18f7a2ec9 100644 --- a/tester/call_tester.c +++ b/tester/call_tester.c @@ -95,6 +95,35 @@ static void linphone_call_cb(LinphoneCall *call,void * user_data) { } #endif +static void check_rtcp(LinphoneCoreManager* caller, LinphoneCoreManager* callee) { + LinphoneCall *c1,*c2; + int i; + int dummy=0; + + c1=linphone_core_get_current_call(caller->lc); + c2=linphone_core_get_current_call(callee->lc); + + for (i=0; i<3; i++) { + if (linphone_call_get_audio_stats(c1)->round_trip_delay >0.0 + && linphone_call_get_audio_stats(c2)->round_trip_delay >0.0 + && (!linphone_call_get_video_stats(c1) || linphone_call_get_video_stats(c1)->round_trip_delay>0.0) + && (!linphone_call_get_video_stats(c1) || linphone_call_get_video_stats(c1)->round_trip_delay>0.0)) { + break; + } + wait_for(caller->lc,callee->lc,&dummy,1); + + } + CU_ASSERT_TRUE(linphone_call_get_audio_stats(c1)->round_trip_delay>0.0); + CU_ASSERT_TRUE(linphone_call_get_audio_stats(c2)->round_trip_delay>0.0); + if (linphone_call_log_video_enabled(linphone_call_get_call_log(c1))) { + CU_ASSERT_TRUE(linphone_call_get_video_stats(c1)->round_trip_delay>0.0); + } + if (linphone_call_log_video_enabled(linphone_call_get_call_log(c2))) { + CU_ASSERT_TRUE(linphone_call_get_video_stats(c2)->round_trip_delay>0.0); + } + +} + bool_t call_with_params(LinphoneCoreManager* caller_mgr ,LinphoneCoreManager* callee_mgr , const LinphoneCallParams *caller_params @@ -205,6 +234,9 @@ static void simple_call(void) { CU_ASSERT_TRUE(wait_for(lc_pauline,lc_marie,&stat_marie->number_of_LinphoneCallStreamsRunning,1)); /*just to sleep*/ wait_for(lc_pauline,lc_marie,&stat_marie->number_of_LinphoneCallStreamsRunning,3); + + check_rtcp(marie,pauline); + linphone_core_terminate_all_calls(lc_pauline); CU_ASSERT_TRUE(wait_for(lc_pauline,lc_marie,&stat_pauline->number_of_LinphoneCallEnd,1)); CU_ASSERT_TRUE(wait_for(lc_pauline,lc_marie,&stat_marie->number_of_LinphoneCallEnd,1)); @@ -325,9 +357,9 @@ static void call_with_dns_time_out(void) { static void early_cancelled_call(void) { LinphoneCoreManager* marie = linphone_core_manager_new( "marie_rc"); - LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_alt_rc"); + LinphoneCoreManager* pauline = linphone_core_manager_new2( "empty_rc",FALSE); - LinphoneCall* out_call = linphone_core_invite(pauline->lc,"sip:marie@sip.example.org"); + LinphoneCall* out_call = linphone_core_invite_address(pauline->lc,marie->identity); CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&pauline->stat.number_of_LinphoneCallOutgoingInit,1)); linphone_core_terminate_call(pauline->lc,out_call); @@ -398,7 +430,7 @@ static void call_declined(void) { LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_rc"); LinphoneCall* in_call; - LinphoneCall* out_call = linphone_core_invite(pauline->lc,"marie"); + LinphoneCall* out_call = linphone_core_invite_address(pauline->lc,marie->identity); linphone_call_ref(out_call); CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_LinphoneCallIncomingReceived,1)); CU_ASSERT_PTR_NOT_NULL(in_call=linphone_core_get_current_call(marie->lc)); @@ -471,6 +503,7 @@ static bool_t check_ice(LinphoneCoreManager* caller, LinphoneCoreManager* callee } return success; } + static void call_with_ice(void) { LinphoneCoreManager* marie = linphone_core_manager_new( "marie_rc"); LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_rc"); @@ -487,6 +520,9 @@ static void call_with_ice(void) { CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&pauline->stat.number_of_LinphoneCallStreamsRunning,2)); CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_LinphoneCallStreamsRunning,2)); + check_rtcp(marie,pauline); + + /*then close the call*/ linphone_core_terminate_all_calls(pauline->lc); CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&pauline->stat.number_of_LinphoneCallEnd,1)); @@ -645,6 +681,29 @@ static void call_with_video_added(void) { linphone_core_manager_destroy(pauline); } +static void call_with_media_relay(void) { + LinphoneCoreManager* marie = linphone_core_manager_new( "marie_rc"); + LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_rc"); + linphone_core_set_user_agent(marie->lc,"Natted Linphone",NULL); + linphone_core_set_user_agent(pauline->lc,"Natted Linphone",NULL); + CU_ASSERT_TRUE(call(pauline,marie)); + check_rtcp(pauline,marie); + +#ifdef VIDEO_ENABLED + CU_ASSERT_TRUE(add_video(pauline,marie)); + check_rtcp(pauline,marie); +#endif + + /*just to sleep*/ + linphone_core_terminate_all_calls(pauline->lc); + CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&pauline->stat.number_of_LinphoneCallEnd,1)); + CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_LinphoneCallEnd,1)); + + linphone_core_manager_destroy(marie); + linphone_core_manager_destroy(pauline); + +} + static void call_with_declined_video(void) { LinphoneCoreManager* marie = linphone_core_manager_new( "marie_rc"); LinphoneCoreManager* pauline = linphone_core_manager_new( "pauline_rc"); @@ -703,6 +762,8 @@ static void video_call(void) { linphone_call_send_vfu_request(marie_call); CU_ASSERT_TRUE( wait_for(marie->lc,pauline->lc,&marie->stat.number_of_IframeDecoded,1)); + check_rtcp(marie,pauline); + linphone_core_terminate_all_calls(pauline->lc); CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&pauline->stat.number_of_LinphoneCallEnd,1)); CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_LinphoneCallEnd,1)); @@ -901,6 +962,7 @@ static void srtp_ice_call(void) { add_video(pauline,marie); CU_ASSERT_TRUE(check_ice(pauline,marie,LinphoneIceStateHostConnection)); + check_rtcp(marie,pauline); #endif /*wait for ice to found the direct path*/ CU_ASSERT_TRUE(wait_for(pauline->lc,marie->lc,&marie->stat.number_of_IframeDecoded,1)); @@ -1156,6 +1218,7 @@ test_t call_tests[] = { { "Call with DNS timeout", call_with_dns_time_out }, { "Cancelled ringing call", cancelled_ringing_call }, { "Simple call", simple_call }, + { "Call with media relay", call_with_media_relay}, { "Simple call compatibility mode", simple_call_compatibility_mode }, { "Early-media call", early_media_call }, { "Call terminated by caller", call_terminated_by_caller }, diff --git a/tester/certificates/agent.pem b/tester/certificates/agent.pem deleted file mode 100644 index e3d88e21e..000000000 --- a/tester/certificates/agent.pem +++ /dev/null @@ -1,137 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDHZG78iwkkxJeq3ZPuQwY9DfdcNCvHXayW+5p5VUULV50ohJKt -JJzhp5ysq4VH7q/dmOnMnbYTACnqVSlph88zRdQJd/g0h6T4DyWa5Jxe+R1hwLWV -fgeSXstCK8m9SwxKqnqA5mPZxfARXg3r4XWkUK2A1lWIXCkZU3MMD4JJ4QIDAQAB -AoGAGgyi+1dmwGj2r5n3I5+aBwv2DxO5zHgOfkMssUFUneC6ZXq8duZboJd3Po/B -/93NGBRMJzFLgjv5PeYWXPUjOoJT7eg0aDJKX/uMKSvzhyIL/bUJPfyo2GCmkAr5 -CF5EBFFjlsui2kSFusxbQmyzZkkIl3OYdlTBdQFsmEROk8kCQQD3aW1ZPbDkSxsi -09VZBWVW95LojcxYQeqjPTs8EAB2jKmR4aw8KGKCz+yBGwiSdukDZ/p3IftuifHk -J+3a6kqnAkEAzlBKjM8xVWprTp/3p1DMYNA+KNsXuf08xGB/zegpU561FjUzK7U4 -QKyDSIaRgSv4WAJbIauwaZdydM6Q0DnANwJBAKEQGQeHiaiU3E2H6dPSF27OLO0H -ooeyIbWzHuSy5hpG5/z4FM/02myePzCtEJ+ImZiGEB+OF8iWNMp60/U3oPECQAoR -RPIGEkQ2wzG9AJq7iJ2Yy8+2kTvULajvhI0JrSqVbgS9Z9fUKgCN6oIZfvQsrxus -UcIc3KjqaP1mLw7aIpUCQH5S0B+GOwKa8+RbuRcgBvksqkRwRZn6jawoNJJSBCDn -gQJ5B9PvJXppTsbnulSD2srhUqCR1pzGfnl8bYV8b8Q= ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIDbTCCAtagAwIBAgIBADANBgkqhkiG9w0BAQUFADCBuzELMAkGA1UEBhMCRlIx -EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK -DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV -BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA -YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTMwNDMwMTQzMTE3WhcN -MTQwNDMwMTQzMTE3WjCBvzELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3Rh -dGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQKDBlCZWxsZWRvbm5lIENvbW11 -bmljYXRpb25zMQwwCgYDVQQLDANMQUIxGjAYBgNVBAMMEXNpcDIubGlucGhvbmUu -b3JnMTowOAYJKoZIhvcNAQkBFitqZWhhbi5tb25uaWVyQGJlbGxlZG9ubmUtY29t -bXVuaWNhdGlvbnMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHZG78 -iwkkxJeq3ZPuQwY9DfdcNCvHXayW+5p5VUULV50ohJKtJJzhp5ysq4VH7q/dmOnM -nbYTACnqVSlph88zRdQJd/g0h6T4DyWa5Jxe+R1hwLWVfgeSXstCK8m9SwxKqnqA -5mPZxfARXg3r4XWkUK2A1lWIXCkZU3MMD4JJ4QIDAQABo3sweTAJBgNVHRMEAjAA -MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd -BgNVHQ4EFgQUMhkW8N0sNI/+El1P4AzuxQbIsYwwHwYDVR0jBBgwFoAUBl9dxxav -YvgtbnEDiKDWHSsEf7owDQYJKoZIhvcNAQEFBQADgYEAkzT/wjLRg4JXAZDZ1uVR -uAXrftoKrsvTysRU7Lr+N5W9FPoWqBh35Kx5SnRN3LYf0OIaJ5hufC8v+SOIJ6Me -QpKMlMY05Fz7R2aXkSS3Ie1GUJNKnWmos2uRFIMgIpFpr2VAZqVlsjC6J7SKIdGw -JvmtefxJrjl8Tpzw5uRNC58= ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAxx5TlbzfmfCneIzofE09/4lr+hQk2ihrBAgZi+kVto5o/oW8 -xtvUfek6dOcF8lK6Ss6AvTQH/4SrK8Ico72eOaxTXjBxpdZuEvftmowawUqvr8DV -dwsleFcp7pmdNarG6WxW9d690ixE4TKpvSYAzoVv2z/0PxjGLNTALcfav8tCvjEv -804Pw4NuSmW6wjw+kRKTz/l4wYNlVXsAXt30xAuELkbHEVmcFBL5Al4CsgwF0su3 -oA8/IYE+eOIFu6ANZa8h2t9yHZSDlAwhe0yPRt0NDzp3RbsaG0oPudkmP3ithTJz -5Pmf7Oq46Ko2Wk3GfxykaoYpvjBTahkWOUoFowIDAQABAoIBABMZ/qy7rLuo0XgI -FHlwM4VjGn+oFQz0maeOW10HpDSaHspj7AMrrYvSpu/2BaUEeKiafNEpv6ashHsz -KOowU5B2zpyXix98nZymOh38WMi4MHhsyE2ePR75RaWFCQbP9jsIUKNPlegmpQjx -gkUJ80PcmyluTjELYF+GnVUG+h4x5y2RiUiQr+zTUXGTBDny3jKdtMrmctqkG9hQ -cgIV/RG+CaFGxdkTShHEAhpd+g0DIivHZctwrF7Q1WFJBj3zChe223a6JdF2ke4c -Rr79PkHkCWGwv6Rp/95XUnQKJ8/FPTNtFoGzR6bhKmWqh3q2qfZKRKtXw2LBwFJp -f8U5++kCgYEA8ieuaVqKmCZwm/WRWeimG+UHs+EtHLgmj18ylD1jKQaRetSDcZ4m -6ounfrxyBL7DBDym/CeWbq9OI9cQB2RGLK3To6vj1UbRQ6tKiRzDq933sYZoEcTs -kBzexW8oUsclAvqYbqEjxEoEQrgHTWvjuHYiTrNlOAo+eL0VV6trZMUCgYEA0oC8 -40I8quYILtlkSYT3+iMRX4Vy1BzzMOkzRrA9jFoJZIxcOnWitJWmfBcXgOckt9ka -XchsxOcYbNa9CuI7YKrJ5SNP9cjxcxsd/gieQXcN3J/nebFwlsQFN1e8mZIZj7ik -nDf+r0lyuighDR7dLjR00a39csLCx6dH0amb90cCgYB+9jEqya7q0RSvoJQh2Knm -7DEardASQ7br6tTBBmKMKwZxqSR1mJ780FX0S+dX95CWExrWEAd+ZumIPwUHaxqj -6EuTf9cHhobHfPKqautonAt3B2pfDqmdcZWXXI1+wSz1n9/1+QSgsNIFDSm+/Pc7 -Sqz4KHTEahKRCUo8WgMHpQKBgQCXeFdy2Bi7iKbev0Mwu+OMNGut5mLISsSbr1Jc -TTkcozUbCvzafAdGFmEj7aHV+X0sZaZZUX0i+n9S4fpJuJytZHe+z/gbjipff2XH -hAAMb1SkKtPvd0Ti185BEnr9rmmCR4T7fDdhfmJ1naaawFi7hLeCocY8K/TooXBG -Z9t4xQKBgQDCqZ5Gumy+pvyUqLXtgrCmWlbr03ONBKb9n662thWeBWpCKb2e0RUA -oxTZvVsTQz88Ageoh55QHIe85//iT2wDtjUFcc80aoWDDhQuwxnu7jtEyj1wytl9 -SIsjG4JDTK1tBAVZFxyS5sMLZ2nonzynAyHPN0j1UCHF2T2Hk7/vEQ== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIIEFzCCA4CgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBuzELMAkGA1UEBhMCRlIx -EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK -DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV -BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA -YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTMwNzE1MTQzNDQ3WhcN -MTYwNzE0MTQzNDQ3WjCBnTELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEi -MCAGA1UECgwZQmVsbGVkb25uZSBDb21tdW5pY2F0aW9uczEMMAoGA1UECwwDTEFC -MRUwEwYDVQQDDAx1c2VsZXNzLm5hbWUxNDAyBgkqhkiG9w0BCQEWJWNvbnRhY3RA -YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQDHHlOVvN+Z8Kd4jOh8TT3/iWv6FCTaKGsECBmL6RW2jmj+ -hbzG29R96Tp05wXyUrpKzoC9NAf/hKsrwhyjvZ45rFNeMHGl1m4S9+2ajBrBSq+v -wNV3CyV4VynumZ01qsbpbFb13r3SLEThMqm9JgDOhW/bP/Q/GMYs1MAtx9q/y0K+ -MS/zTg/Dg25KZbrCPD6REpPP+XjBg2VVewBe3fTEC4QuRscRWZwUEvkCXgKyDAXS -y7egDz8hgT544gW7oA1lryHa33IdlIOUDCF7TI9G3Q0POndFuxobSg+52SY/eK2F -MnPk+Z/s6rjoqjZaTcZ/HKRqhim+MFNqGRY5SgWjAgMBAAGjgcIwgb8wCQYDVR0T -BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNh -dGUwHQYDVR0OBBYEFFTLqxYKaMQ+dgVPEwvjWt0QWh2uMB8GA1UdIwQYMBaAFAZf -XccWr2L4LW5xA4ig1h0rBH+6MAsGA1UdDwQEAwIF4DA3BgNVHREEMDAughVhbHRu -YW1lMS5saW5waG9uZS5vcmeCFWFsdG5hbWUyLmxpbnBob25lLm9yZzANBgkqhkiG -9w0BAQUFAAOBgQBZ8yk7MMp+wyiEH/4HF/MTobAmNJxgnVGvz3lnGGNXCrE9hJiA -xNdh0jfQfLMVJN5MtkpcM6Md9wowXkIMakpDIiTwnl+ve6GPOypZv2TXrm68sYid -SXlvHqN5G12HMUP577NNQxgpod6+d0jW6oPYWx1a7kCa8hOlKTRvajMyjQ== ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAxGYHUVdxtkJCtFbaFd31aflHq7px9Yz/QhJUuivf30UNfgwT -k7n8UQG4G7F+LXno04uNR0B4mPPLRcfibLCKzDgMwHKReqnwtS35r2Pvfva3vvdB -ZOA7HkFIEpcp8R8XxK3Lcmcn1yYAravYKawM6QwkQv1FdM0TeRNTXXSqc4/Ty1Sd -WjoJxyEbGb8N44MRIfi6fePYlpKKI7/nQ8Y+E1f87OhOcBV+33b0hBXDLBY9XqsR -7JaZDpwlMBRsTTFU6+ApF4q4RmGFoACA2ZO4GkE8OdIbRLhPa8DPVzfo52sJhmSM -gPw8JN3TRYxbmEF+KhVejdmGxtAKNEBzEwbnwwIDAQABAoIBAQCbhdP7pMxGMLhT -yIcQU+C4F4+avJzrfsjP0GZJut6gFjV2ACgsjlXw6/SX8XjimCw4AMVSjAozzLLG -Ql/aA/8VcrkeWFs9kH8tagfTzMZlewfMcE3XjP0jmzxwhEXRS/btZ1a49FkHNW/K -F0+oyDa9AUFhzuAGezMVaKlWU0F7GiGciGWRTUqt9CxtbagVdCo6Oilo1pEVpf8S -aEM0Eyl7VnkjPBWZ/wZwEhetvrFl/Wb0k31d0TkmcNpIGHd+nAbBhoJkZ0MISC64 -TmJaDW982xIV30FlGmm/tKGO4a5xTEwlw5E3k8ReubLGS8RkHLXNZKmxQK5fA1BJ -mcwa5ue5AoGBAOg40SDdLYzL8fpASBVXi15s3muAOODO9hVGzIUp/2OVxQ6SGK2P -tEI2UJwjKJtgVHgs/dN4uHhmYN+n6DPOWMt0x7UigFlskr0qjKfAEfi1hb6S1ZPR -hCWPe1NnOMKkNnasMVETkfS7FKxQ4DfhU+I0geXfKXCY7HZZRz/4Fg+XAoGBANiC -LlCzeTzkdY1+Es1MyBApyZCHWUK1aJbHhA5BYr+aojIl9t/962ioBcFQ3j4krq4x -OcQqcbu7lUSR/YdDSLkRxMH7AEfbKwwJUa4NrxAjSRkvbWVyNVGLa5B9eXj9zS3Q -AV23BKwjuWOmSCg70EsxeSyKEwvdvdrGfKWMfW61AoGAIC5PfNhpyYsxu1ZRJvP8 -0lcP86HPQAguPgCTsxiA1dIZfs1sMhEqD8rrHNgadn3A9u51NmsSVU0Ku7PPD+7W -i0thqY5gbwQGycQtvcl2NBsjr6c1hciRIYtiscoqKX8MNSHjq7KklV+fm8mRaO0G -7OAN6EcmvP3UNwpkP08n730CgYEAhtcM4VXle/cM/0I1k4buUqKz1j91aAZzTPSV -Wgt+5LX5riHWz0nlAxkh/HPQ9gMCh5pAz9tfWfxJyprhuww8joZydB1O33GwLZ7g -L/Z1wSc4r2bKSxQGAPND2olKzf/DeXTCZQtG7a6SF23IIsadwzbcsNCNbCZ9x3M2 -ziPhOsECgYB9BU7vYn5LMTtA7FIx+Fv//aepoBT/+pC8AUCA7EX5vEIf3cxEwesm -CkHknaKWlxhlK379OKQryYrUsRxjxwFd0DNK5tT+jx6m8VVKe1Bz/8uYZDNCtJr0 -zoqngR61r5jCYZLYcggcTimVoHMJXxcdsReBX8P7u3JNU2CulGvX7w== ------END RSA PRIVATE KEY----- ------BEGIN CERTIFICATE----- -MIID6DCCA1GgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBuzELMAkGA1UEBhMCRlIx -EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK -DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV -BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA -YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTMwNzE1MTQ0MDM4WhcN -MTYwNzE0MTQ0MDM4WjCBpzELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEi -MCAGA1UECgwZQmVsbGVkb25uZSBDb21tdW5pY2F0aW9uczEMMAoGA1UECwwDTEFC -MR8wHQYDVQQDDBYqLndpbGRjYXJkLmxpbnBob25lLmZyMTQwMgYJKoZIhvcNAQkB -FiVjb250YWN0QGJlbGxlZG9ubmUtY29tbXVuaWNhdGlvbnMuY29tMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGYHUVdxtkJCtFbaFd31aflHq7px9Yz/ -QhJUuivf30UNfgwTk7n8UQG4G7F+LXno04uNR0B4mPPLRcfibLCKzDgMwHKReqnw -tS35r2Pvfva3vvdBZOA7HkFIEpcp8R8XxK3Lcmcn1yYAravYKawM6QwkQv1FdM0T -eRNTXXSqc4/Ty1SdWjoJxyEbGb8N44MRIfi6fePYlpKKI7/nQ8Y+E1f87OhOcBV+ -33b0hBXDLBY9XqsR7JaZDpwlMBRsTTFU6+ApF4q4RmGFoACA2ZO4GkE8OdIbRLhP -a8DPVzfo52sJhmSMgPw8JN3TRYxbmEF+KhVejdmGxtAKNEBzEwbnwwIDAQABo4GJ -MIGGMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVk -IENlcnRpZmljYXRlMB0GA1UdDgQWBBRJAgxmoZo5VCDjeR/tR5XZtE2NtzAfBgNV -HSMEGDAWgBQGX13HFq9i+C1ucQOIoNYdKwR/ujALBgNVHQ8EBAMCBeAwDQYJKoZI -hvcNAQEFBQADgYEAXxtgbwO3/ilkEx3jW8wlBN4dg++EBCsw0RkhhiNyWLwF7OOf -xttppVNF4HW3xiOAs7FUSIgiNwHd+j8N3LpJxBpd7ePSaKy/U1EWoj38u8q5Q1gU -d3Lu+D0XaQvZyVW7xoYwTLa9CmRItow4GIkExoUhyrurbOmJ/3q9/SRGWF8= ------END CERTIFICATE----- diff --git a/tester/certificates/altname/agent.pem b/tester/certificates/altname/agent.pem new file mode 100644 index 000000000..c75085728 --- /dev/null +++ b/tester/certificates/altname/agent.pem @@ -0,0 +1,76 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDHZG78iwkkxJeq3ZPuQwY9DfdcNCvHXayW+5p5VUULV50ohJKt +JJzhp5ysq4VH7q/dmOnMnbYTACnqVSlph88zRdQJd/g0h6T4DyWa5Jxe+R1hwLWV +fgeSXstCK8m9SwxKqnqA5mPZxfARXg3r4XWkUK2A1lWIXCkZU3MMD4JJ4QIDAQAB +AoGAGgyi+1dmwGj2r5n3I5+aBwv2DxO5zHgOfkMssUFUneC6ZXq8duZboJd3Po/B +/93NGBRMJzFLgjv5PeYWXPUjOoJT7eg0aDJKX/uMKSvzhyIL/bUJPfyo2GCmkAr5 +CF5EBFFjlsui2kSFusxbQmyzZkkIl3OYdlTBdQFsmEROk8kCQQD3aW1ZPbDkSxsi +09VZBWVW95LojcxYQeqjPTs8EAB2jKmR4aw8KGKCz+yBGwiSdukDZ/p3IftuifHk +J+3a6kqnAkEAzlBKjM8xVWprTp/3p1DMYNA+KNsXuf08xGB/zegpU561FjUzK7U4 +QKyDSIaRgSv4WAJbIauwaZdydM6Q0DnANwJBAKEQGQeHiaiU3E2H6dPSF27OLO0H +ooeyIbWzHuSy5hpG5/z4FM/02myePzCtEJ+ImZiGEB+OF8iWNMp60/U3oPECQAoR +RPIGEkQ2wzG9AJq7iJ2Yy8+2kTvULajvhI0JrSqVbgS9Z9fUKgCN6oIZfvQsrxus +UcIc3KjqaP1mLw7aIpUCQH5S0B+GOwKa8+RbuRcgBvksqkRwRZn6jawoNJJSBCDn +gQJ5B9PvJXppTsbnulSD2srhUqCR1pzGfnl8bYV8b8Q= +-----END RSA PRIVATE KEY----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com + Validity + Not Before: Sep 23 15:58:58 2013 GMT + Not After : Sep 23 15:58:58 2014 GMT + Subject: C=FR, ST=France, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=See altname for DNS name/emailAddress=jehan.monnier@belledonne-communications.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c7:64:6e:fc:8b:09:24:c4:97:aa:dd:93:ee:43: + 06:3d:0d:f7:5c:34:2b:c7:5d:ac:96:fb:9a:79:55: + 45:0b:57:9d:28:84:92:ad:24:9c:e1:a7:9c:ac:ab: + 85:47:ee:af:dd:98:e9:cc:9d:b6:13:00:29:ea:55: + 29:69:87:cf:33:45:d4:09:77:f8:34:87:a4:f8:0f: + 25:9a:e4:9c:5e:f9:1d:61:c0:b5:95:7e:07:92:5e: + cb:42:2b:c9:bd:4b:0c:4a:aa:7a:80:e6:63:d9:c5: + f0:11:5e:0d:eb:e1:75:a4:50:ad:80:d6:55:88:5c: + 29:19:53:73:0c:0f:82:49:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Subject Alternative Name: + DNS:altname.linphone.org, DNS:*.wildcard2.linphone.org + Signature Algorithm: sha1WithRSAEncryption + 21:05:d3:36:82:5d:f4:f4:70:71:17:ac:06:12:49:0c:d6:c3: + 21:07:9c:2f:79:c8:14:da:e5:3a:92:04:22:5b:74:cf:53:3c: + 95:33:51:93:66:04:59:c6:3d:dd:22:cf:3f:f8:0e:24:93:6b: + 2a:02:f7:bf:ba:89:1b:72:9a:d4:1b:bf:22:3d:08:51:13:a4: + bf:43:d2:89:a1:c5:f2:e3:04:24:1e:d4:33:64:06:83:2d:b6: + 66:34:16:a9:f4:8d:6f:3f:71:86:ab:73:19:36:ae:43:29:7e: + 9d:6c:35:3a:75:f4:22:8b:c5:e3:1e:ee:c1:0d:d7:63:cc:95: + 4a:6a +-----BEGIN CERTIFICATE----- +MIIDSjCCArOgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBuzELMAkGA1UEBhMCRlIx +EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK +DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV +BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA +YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTMwOTIzMTU1ODU4WhcN +MTQwOTIzMTU1ODU4WjCBwjELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTER +MA8GA1UEBwwIR3Jlbm9ibGUxIjAgBgNVBAoMGUJlbGxlZG9ubmUgQ29tbXVuaWNh +dGlvbnMxDDAKBgNVBAsMA0xBQjEhMB8GA1UEAwwYU2VlIGFsdG5hbWUgZm9yIERO +UyBuYW1lMTowOAYJKoZIhvcNAQkBFitqZWhhbi5tb25uaWVyQGJlbGxlZG9ubmUt +Y29tbXVuaWNhdGlvbnMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH +ZG78iwkkxJeq3ZPuQwY9DfdcNCvHXayW+5p5VUULV50ohJKtJJzhp5ysq4VH7q/d +mOnMnbYTACnqVSlph88zRdQJd/g0h6T4DyWa5Jxe+R1hwLWVfgeSXstCK8m9SwxK +qnqA5mPZxfARXg3r4XWkUK2A1lWIXCkZU3MMD4JJ4QIDAQABo1UwUzAJBgNVHRME +AjAAMAsGA1UdDwQEAwIF4DA5BgNVHREEMjAwghRhbHRuYW1lLmxpbnBob25lLm9y +Z4IYKi53aWxkY2FyZDIubGlucGhvbmUub3JnMA0GCSqGSIb3DQEBBQUAA4GBACEF +0zaCXfT0cHEXrAYSSQzWwyEHnC95yBTa5TqSBCJbdM9TPJUzUZNmBFnGPd0izz/4 +DiSTayoC97+6iRtymtQbvyI9CFETpL9D0omhxfLjBCQe1DNkBoMttmY0Fqn0jW8/ +cYarcxk2rkMpfp1sNTp19CKLxeMe7sEN12PMlUpq +-----END CERTIFICATE----- diff --git a/tester/certificates/cacert.pem b/tester/certificates/altname/cacert.pem similarity index 100% rename from tester/certificates/cacert.pem rename to tester/certificates/altname/cacert.pem diff --git a/tester/certificates/altname/openssl-altname.cnf b/tester/certificates/altname/openssl-altname.cnf new file mode 100644 index 000000000..c4edb6c7d --- /dev/null +++ b/tester/certificates/altname/openssl-altname.cnf @@ -0,0 +1,359 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + + req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = FR +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = France + +localityName = Locality Name (eg, city) +localityName_default = Grenoble + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Belledonne Communications + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = LAB +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 +commonName_default = See altname for DNS name + +emailAddress = Email Address +emailAddress_max = 64 +emailAddress_default = jehan.monnier@belledonne-communications.com + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = altname.linphone.org +DNS.2 = *.wildcard2.linphone.org + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) diff --git a/tester/certificates/cn/agent.pem b/tester/certificates/cn/agent.pem new file mode 100644 index 000000000..978221639 --- /dev/null +++ b/tester/certificates/cn/agent.pem @@ -0,0 +1,80 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDHZG78iwkkxJeq3ZPuQwY9DfdcNCvHXayW+5p5VUULV50ohJKt +JJzhp5ysq4VH7q/dmOnMnbYTACnqVSlph88zRdQJd/g0h6T4DyWa5Jxe+R1hwLWV +fgeSXstCK8m9SwxKqnqA5mPZxfARXg3r4XWkUK2A1lWIXCkZU3MMD4JJ4QIDAQAB +AoGAGgyi+1dmwGj2r5n3I5+aBwv2DxO5zHgOfkMssUFUneC6ZXq8duZboJd3Po/B +/93NGBRMJzFLgjv5PeYWXPUjOoJT7eg0aDJKX/uMKSvzhyIL/bUJPfyo2GCmkAr5 +CF5EBFFjlsui2kSFusxbQmyzZkkIl3OYdlTBdQFsmEROk8kCQQD3aW1ZPbDkSxsi +09VZBWVW95LojcxYQeqjPTs8EAB2jKmR4aw8KGKCz+yBGwiSdukDZ/p3IftuifHk +J+3a6kqnAkEAzlBKjM8xVWprTp/3p1DMYNA+KNsXuf08xGB/zegpU561FjUzK7U4 +QKyDSIaRgSv4WAJbIauwaZdydM6Q0DnANwJBAKEQGQeHiaiU3E2H6dPSF27OLO0H +ooeyIbWzHuSy5hpG5/z4FM/02myePzCtEJ+ImZiGEB+OF8iWNMp60/U3oPECQAoR +RPIGEkQ2wzG9AJq7iJ2Yy8+2kTvULajvhI0JrSqVbgS9Z9fUKgCN6oIZfvQsrxus +UcIc3KjqaP1mLw7aIpUCQH5S0B+GOwKa8+RbuRcgBvksqkRwRZn6jawoNJJSBCDn +gQJ5B9PvJXppTsbnulSD2srhUqCR1pzGfnl8bYV8b8Q= +-----END RSA PRIVATE KEY----- + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com + Validity + Not Before: Sep 23 16:13:11 2013 GMT + Not After : Sep 21 16:13:11 2023 GMT + Subject: C=FR, ST=France, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=sip2.linphone.org, CN=*.wildcard1.linphone.org/emailAddress=jehan.monnier@belledonne-communications.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c7:64:6e:fc:8b:09:24:c4:97:aa:dd:93:ee:43: + 06:3d:0d:f7:5c:34:2b:c7:5d:ac:96:fb:9a:79:55: + 45:0b:57:9d:28:84:92:ad:24:9c:e1:a7:9c:ac:ab: + 85:47:ee:af:dd:98:e9:cc:9d:b6:13:00:29:ea:55: + 29:69:87:cf:33:45:d4:09:77:f8:34:87:a4:f8:0f: + 25:9a:e4:9c:5e:f9:1d:61:c0:b5:95:7e:07:92:5e: + cb:42:2b:c9:bd:4b:0c:4a:aa:7a:80:e6:63:d9:c5: + f0:11:5e:0d:eb:e1:75:a4:50:ad:80:d6:55:88:5c: + 29:19:53:73:0c:0f:82:49:e1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 32:19:16:F0:DD:2C:34:8F:FE:12:5D:4F:E0:0C:EE:C5:06:C8:B1:8C + X509v3 Authority Key Identifier: + keyid:06:5F:5D:C7:16:AF:62:F8:2D:6E:71:03:88:A0:D6:1D:2B:04:7F:BA + + Signature Algorithm: sha1WithRSAEncryption + af:2e:d2:9a:b9:e0:ca:c8:e3:25:eb:30:0b:5e:02:e9:43:2d: + 84:09:11:d1:be:8e:a4:86:bf:c7:19:aa:18:c3:55:b2:07:c5: + 68:ff:c6:39:f7:2b:da:27:85:34:8b:7b:6c:92:8f:ba:aa:9d: + 44:f3:0c:47:88:7a:0c:b1:e0:c7:6f:eb:af:d2:ab:d0:6d:25: + d5:ff:40:37:69:2b:bd:f2:6e:4a:42:32:29:98:27:c7:ec:34: + 25:eb:22:6f:83:50:82:1c:08:88:77:ec:31:82:c2:0c:77:b1: + 2b:c9:7d:6c:ff:95:d0:10:cf:8e:9f:2e:eb:a1:a6:40:fc:c0: + ec:83 +-----BEGIN CERTIFICATE----- +MIIDjDCCAvWgAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBuzELMAkGA1UEBhMCRlIx +EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK +DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV +BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA +YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTMwOTIzMTYxMzExWhcN +MjMwOTIxMTYxMzExWjCB3jELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTER +MA8GA1UEBwwIR3Jlbm9ibGUxIjAgBgNVBAoMGUJlbGxlZG9ubmUgQ29tbXVuaWNh +dGlvbnMxDDAKBgNVBAsMA0xBQjEaMBgGA1UEAwwRc2lwMi5saW5waG9uZS5vcmcx +ITAfBgNVBAMMGCoud2lsZGNhcmQxLmxpbnBob25lLm9yZzE6MDgGCSqGSIb3DQEJ +ARYramVoYW4ubW9ubmllckBiZWxsZWRvbm5lLWNvbW11bmljYXRpb25zLmNvbTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx2Ru/IsJJMSXqt2T7kMGPQ33XDQr +x12slvuaeVVFC1edKISSrSSc4aecrKuFR+6v3ZjpzJ22EwAp6lUpaYfPM0XUCXf4 +NIek+A8lmuScXvkdYcC1lX4Hkl7LQivJvUsMSqp6gOZj2cXwEV4N6+F1pFCtgNZV +iFwpGVNzDA+CSeECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd +T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFDIZFvDdLDSP +/hJdT+AM7sUGyLGMMB8GA1UdIwQYMBaAFAZfXccWr2L4LW5xA4ig1h0rBH+6MA0G +CSqGSIb3DQEBBQUAA4GBAK8u0pq54MrI4yXrMAteAulDLYQJEdG+jqSGv8cZqhjD +VbIHxWj/xjn3K9onhTSLe2ySj7qqnUTzDEeIegyx4Mdv66/Sq9BtJdX/QDdpK73y +bkpCMimYJ8fsNCXrIm+DUIIcCIh37DGCwgx3sSvJfWz/ldAQz46fLuuhpkD8wOyD +-----END CERTIFICATE----- diff --git a/tester/certificates/cn/cacert.pem b/tester/certificates/cn/cacert.pem new file mode 100644 index 000000000..2fd957d39 --- /dev/null +++ b/tester/certificates/cn/cacert.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRjCCAq+gAwIBAgIJAJ3nFcA7qFrOMA0GCSqGSIb3DQEBBQUAMIG7MQswCQYD +VQQGEwJGUjETMBEGA1UECAwKU29tZS1TdGF0ZTERMA8GA1UEBwwIR3Jlbm9ibGUx +IjAgBgNVBAoMGUJlbGxlZG9ubmUgQ29tbXVuaWNhdGlvbnMxDDAKBgNVBAsMA0xB +QjEWMBQGA1UEAwwNSmVoYW4gTW9ubmllcjE6MDgGCSqGSIb3DQEJARYramVoYW4u +bW9ubmllckBiZWxsZWRvbm5lLWNvbW11bmljYXRpb25zLmNvbTAeFw0xMzA0MzAx +MzMwMThaFw0yMzA0MjgxMzMwMThaMIG7MQswCQYDVQQGEwJGUjETMBEGA1UECAwK +U29tZS1TdGF0ZTERMA8GA1UEBwwIR3Jlbm9ibGUxIjAgBgNVBAoMGUJlbGxlZG9u +bmUgQ29tbXVuaWNhdGlvbnMxDDAKBgNVBAsMA0xBQjEWMBQGA1UEAwwNSmVoYW4g +TW9ubmllcjE6MDgGCSqGSIb3DQEJARYramVoYW4ubW9ubmllckBiZWxsZWRvbm5l +LWNvbW11bmljYXRpb25zLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +z5F8mMh3SUr6NUd7tq2uW2Kdn22Zn3kNpLYb78AQK4IoQMOLGXbBdyoXvz1fublg +bxtLYsiGhICd7Ul9zLGc3edn85LbD3Skb7ERx6MakRnYep3FzagZJhn14QEaZCx6 +3Qs0Ir4rSP7hmlpYt8VO/zqqNR3tsA59O0D9c7bpQ7UCAwEAAaNQME4wHQYDVR0O +BBYEFAZfXccWr2L4LW5xA4ig1h0rBH+6MB8GA1UdIwQYMBaAFAZfXccWr2L4LW5x +A4ig1h0rBH+6MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAKvmt2m1o +axGKc0DjiJPypU/NsAf4Yu0nOnY8pHqJJCB0AWVoAPM7vGYPWpeH7LSdGZLuT9eK +FUWGJhPnkrnklmBdVB0l7qXYjR5uf766HDkoDxuLhNifow3IYvsS+L2Y6puRQb9w +HLMDE29mBDl0WyoX3h0yR0EiAO15V9A7I10= +-----END CERTIFICATE----- diff --git a/tester/certificates/cn/openssl-cn.cnf b/tester/certificates/cn/openssl-cn.cnf new file mode 100644 index 000000000..c6262db31 --- /dev/null +++ b/tester/certificates/cn/openssl-cn.cnf @@ -0,0 +1,357 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = FR +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = France + +localityName = Locality Name (eg, city) +localityName_default = Grenoble + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Belledonne Communications + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName_default = LAB +#organizationalUnitName_default = + +0.commonName = Common Name (e.g. server FQDN or YOUR name) +0.commonName_max = 64 +0.commonName_default = sip2.linphone.org + +1.commonName = Common Name (e.g. server FQDN or YOUR name) +1.commonName_max = 64 +1.commonName_default = *.wildcard1.linphone.org + +emailAddress = Email Address +emailAddress_max = 64 +emailAddress_default = jehan.monnier@belledonne-communications.com + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) diff --git a/tester/flexisip.conf b/tester/flexisip.conf index 28ab406a5..e5bb5389f 100755 --- a/tester/flexisip.conf +++ b/tester/flexisip.conf @@ -37,8 +37,7 @@ aliases=localhost sipopen.example.org sip.example.org auth.example.org auth1.exa # transports=sips:sip.linphone.org:6060;maddr=192.168.0.29 # Default value: sip:* #transports=sip:192.168.56.101:5060 sips:192.168.56.101:5061 -transports=sip:127.0.0.1:5060 sips:127.0.0.1:5061 - +transports=sip:127.0.0.1:5060 sips:127.0.0.1:5061;tls-certificates-dir=/Users/jehanmonnier/workspaces/workspace-macosx/linphone/tester/certificates/cn sips:127.0.0.1:5062;tls-certificates-dir=/Users/jehanmonnier/workspaces/workspace-macosx/linphone/tester/certificates/altname # An absolute path of a directory where TLS server certificate and # private key can be found, concatenated inside an 'agent.pem' file. # Default value: /etc/flexisip/tls @@ -444,14 +443,14 @@ routes= [module::MediaRelay] # Indicate whether the module is activated. # Default value: true -enabled=false +enabled=true # A request/response enters module if the boolean filter evaluates # to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain # in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') -# && (user-agent == 'Linphone v2') +# && (:q # Default value: -filter= +filter= (user-agent contains 'Natted Linphone') # SDP attribute set by the first proxy to forbid subsequent proxies # to provide relay. diff --git a/tester/pauline_alt_rc b/tester/pauline_alt_rc index 3a7114d4f..7c1fe55ac 100644 --- a/tester/pauline_alt_rc +++ b/tester/pauline_alt_rc @@ -1,42 +1,20 @@ [sip] -sip_port=5072 -sip_tcp_port=5072 -sip_tls_port=5073 +sip_tls_port=-1 default_proxy=0 -ping_with_options=0 register_only_when_network_is_up=0 [auth_info_0] username=pauline userid=pauline passwd=secret -realm="altname2.linphone.org" +realm=sip.example.org [proxy_0] -reg_proxy=sip2.linphone.org;transport=tls -reg_route=sip2.linphone.org;transport=tls -reg_identity=sip:pauline@altname2.linphone.org +reg_proxy=altname.linphone.org:5062;transport=tls +reg_identity=sip:pauline@sip.example.org reg_expires=3600 reg_sendregister=1 publish=0 dial_escape_plus=0 - -[rtp] -audio_rtp_port=8090 -video_rtp_port=8092 - -[video] -display=0 -capture=0 -show_local=0 -size=vga -enabled=0 -self_view=0 -automatically_initiate=0 -automatically_accept=0 -device=StaticImage: Static picture - -[sound] -echocancellation=0 #to not overload cpu in case of VG diff --git a/tester/pauline_wild_rc b/tester/pauline_wild_rc index a9b07ed93..d828c807d 100644 --- a/tester/pauline_wild_rc +++ b/tester/pauline_wild_rc @@ -1,42 +1,29 @@ [sip] -sip_port=5072 -sip_tcp_port=5072 -sip_tls_port=5073 +sip_tls_port=-1 default_proxy=0 -ping_with_options=0 register_only_when_network_is_up=0 [auth_info_0] username=pauline userid=pauline passwd=secret -realm="sip.wildcard.linphone.org" +realm=sip.example.org [proxy_0] -reg_proxy=sip2.linphone.org;transport=tls -reg_route=sip2.linphone.org;transport=tls -reg_identity=sip:pauline@sip.wildcard.linphone.org +reg_proxy=sip.wildcard1.linphone.org;transport=tls +reg_identity=sip:pauline@sip.example.org reg_expires=3600 reg_sendregister=1 publish=0 dial_escape_plus=0 -[rtp] -audio_rtp_port=8090 -video_rtp_port=8092 +[proxy_1] +reg_proxy=altname.wildcard2.linphone.org:5062;transport=tls +reg_identity=sip:pauline@sip.example.org +reg_expires=3600 +reg_sendregister=1 +publish=0 +dial_escape_plus=0 -[video] -display=0 -capture=0 -show_local=0 -size=vga -enabled=0 -self_view=0 -automatically_initiate=0 -automatically_accept=0 -device=StaticImage: Static picture - -[sound] -echocancellation=0 #to not overload cpu in case of VG diff --git a/tester/register_tester.c b/tester/register_tester.c index 94c8461eb..c899403be 100644 --- a/tester/register_tester.c +++ b/tester/register_tester.c @@ -29,8 +29,6 @@ static LinphoneCoreManager* create_lcm_with_auth(unsigned int with_auth) { mgr->lc->vtable.auth_info_requested=auth_info_requested; } - /* until we have good certificates on our test server... */ - linphone_core_verify_server_certificates(mgr->lc,FALSE); /*to allow testing with 127.0.0.1*/ linphone_core_set_network_reachable(mgr->lc,TRUE); return mgr; @@ -595,7 +593,7 @@ static void tls_wildcard_register(){ snprintf(rootcapath,sizeof(rootcapath), "%s/certificates/cacert.pem", liblinphone_tester_file_prefix); linphone_core_set_root_ca(mgr->lc,rootcapath); linphone_core_refresh_registers(mgr->lc); - CU_ASSERT_TRUE(wait_for(lc,lc,&mgr->stat.number_of_LinphoneRegistrationOk,1)); + CU_ASSERT_TRUE(wait_for(lc,lc,&mgr->stat.number_of_LinphoneRegistrationOk,2)); CU_ASSERT_EQUAL(mgr->stat.number_of_LinphoneRegistrationFailed,0); linphone_core_destroy(mgr->lc); } diff --git a/tester/tester_hosts b/tester/tester_hosts index 39b811654..b7056b863 100644 --- a/tester/tester_hosts +++ b/tester/tester_hosts @@ -1 +1 @@ -94.23.19.176 sip.example.org sipopen.example.org auth.example.org auth1.example.org auth2.example.org +94.23.19.176 sip2.linphone.org sip.example.org sipopen.example.org auth.example.org auth1.example.org auth2.example.org altname.linphone.org sip.wildcard1.linphone.org altname.wildcard2.linphone.org