mirror of
https://gitlab.linphone.org/BC/public/linphone-iphone.git
synced 2026-02-07 14:18:25 +00:00
Added API to set RootCA by buffer instead of file
This commit is contained in:
Sylvain Berfini
parent
38ad727c61
commit
2af5925e6f
7 changed files with 83 additions and 9 deletions
|
|
@ -596,6 +596,7 @@ void sal_uninit(Sal* sal){
|
|||
bctbx_list_free_with_data(sal->supported_tags,ms_free);
|
||||
if (sal->uuid) ms_free(sal->uuid);
|
||||
if (sal->root_ca) ms_free(sal->root_ca);
|
||||
if (sal->root_ca_data) ms_free(sal->root_ca_data);
|
||||
ms_free(sal);
|
||||
};
|
||||
|
||||
|
|
@ -761,21 +762,33 @@ static void set_tls_properties(Sal *ctx){
|
|||
else if (!ctx->tls_verify_cn) verify_exceptions = BELLE_TLS_VERIFY_CN_MISMATCH;
|
||||
belle_tls_crypto_config_set_verify_exceptions(crypto_config, verify_exceptions);
|
||||
if (ctx->root_ca != NULL) belle_tls_crypto_config_set_root_ca(crypto_config, ctx->root_ca);
|
||||
if (ctx->root_ca_data != NULL) belle_tls_crypto_config_set_root_ca_data(crypto_config, ctx->root_ca_data);
|
||||
if (ctx->ssl_config != NULL) belle_tls_crypto_config_set_ssl_config(crypto_config, ctx->ssl_config);
|
||||
belle_sip_tls_listening_point_set_crypto_config(tlp, crypto_config);
|
||||
belle_sip_object_unref(crypto_config);
|
||||
}
|
||||
}
|
||||
|
||||
void sal_set_root_ca(Sal* ctx, const char* rootCa){
|
||||
if (ctx->root_ca){
|
||||
void sal_set_root_ca(Sal* ctx, const char* rootCa) {
|
||||
if (ctx->root_ca) {
|
||||
ms_free(ctx->root_ca);
|
||||
ctx->root_ca=NULL;
|
||||
ctx->root_ca = NULL;
|
||||
}
|
||||
if (rootCa)
|
||||
ctx->root_ca=ms_strdup(rootCa);
|
||||
ctx->root_ca = ms_strdup(rootCa);
|
||||
set_tls_properties(ctx);
|
||||
return ;
|
||||
return;
|
||||
}
|
||||
|
||||
void sal_set_root_ca_data(Sal* ctx, const char* data) {
|
||||
if (ctx->root_ca_data) {
|
||||
ms_free(ctx->root_ca_data);
|
||||
ctx->root_ca_data = NULL;
|
||||
}
|
||||
if (data)
|
||||
ctx->root_ca_data = ms_strdup(data);
|
||||
set_tls_properties(ctx);
|
||||
return;
|
||||
}
|
||||
|
||||
void sal_verify_server_certificates(Sal *ctx, bool_t verify){
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ struct Sal{
|
|||
int session_expires;
|
||||
unsigned int keep_alive;
|
||||
char *root_ca;
|
||||
char *root_ca_data;
|
||||
char *uuid;
|
||||
int refresher_retry_after; /*retry after value for refresher*/
|
||||
MSList *supported_tags;/*list of char * */
|
||||
|
|
|
|||
|
|
@ -4931,12 +4931,20 @@ const char *linphone_core_get_ring(const LinphoneCore *lc){
|
|||
*
|
||||
* @ingroup initializing
|
||||
**/
|
||||
void linphone_core_set_root_ca(LinphoneCore *lc,const char *path){
|
||||
void linphone_core_set_root_ca(LinphoneCore *lc, const char *path) {
|
||||
sal_set_root_ca(lc->sal, path);
|
||||
if (lc->http_crypto_config){
|
||||
belle_tls_crypto_config_set_root_ca(lc->http_crypto_config,path);
|
||||
if (lc->http_crypto_config) {
|
||||
belle_tls_crypto_config_set_root_ca(lc->http_crypto_config, path);
|
||||
}
|
||||
lp_config_set_string(lc->config,"sip", "root_ca", path);
|
||||
}
|
||||
|
||||
void linphone_core_set_root_ca_data(LinphoneCore *lc, const char *data) {
|
||||
sal_set_root_ca(lc->sal, NULL);
|
||||
sal_set_root_ca_data(lc->sal, data);
|
||||
if (lc->http_crypto_config) {
|
||||
belle_tls_crypto_config_set_root_ca_data(lc->http_crypto_config, data);
|
||||
}
|
||||
lp_config_set_string(lc->config,"sip","root_ca",path);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -3385,6 +3385,7 @@ LINPHONE_PUBLIC const char *linphone_core_get_ring(const LinphoneCore *lc);
|
|||
LINPHONE_PUBLIC void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno);
|
||||
LINPHONE_PUBLIC void linphone_core_verify_server_cn(LinphoneCore *lc, bool_t yesno);
|
||||
LINPHONE_PUBLIC void linphone_core_set_root_ca(LinphoneCore *lc, const char *path);
|
||||
LINPHONE_PUBLIC void linphone_core_set_root_ca_data(LinphoneCore *lc, const char *data);
|
||||
/**
|
||||
* @internal
|
||||
* Set the pointer to an externally provided ssl configuration for the crypto library
|
||||
|
|
|
|||
|
|
@ -645,6 +645,7 @@ void sal_use_one_matching_codec_policy(Sal *ctx, bool_t one_matching_codec);
|
|||
void sal_use_rport(Sal *ctx, bool_t use_rports);
|
||||
void sal_enable_auto_contacts(Sal *ctx, bool_t enabled);
|
||||
void sal_set_root_ca(Sal* ctx, const char* rootCa);
|
||||
void sal_set_root_ca_data(Sal* ctx, const char* data);
|
||||
const char *sal_get_root_ca(Sal* ctx);
|
||||
void sal_verify_server_certificates(Sal *ctx, bool_t verify);
|
||||
void sal_verify_server_cn(Sal *ctx, bool_t verify);
|
||||
|
|
|
|||
|
|
@ -827,6 +827,54 @@ static void tls_certificate_failure(void){
|
|||
}
|
||||
}
|
||||
|
||||
char *read_file(const char *path) {
|
||||
long numbytes = 0;
|
||||
size_t readbytes;
|
||||
char *buffer = NULL;
|
||||
FILE *infile = fopen(path, "rb");
|
||||
|
||||
BC_ASSERT_PTR_NOT_NULL(infile);
|
||||
if (infile) {
|
||||
fseek(infile, 0L, SEEK_END);
|
||||
numbytes = ftell(infile);
|
||||
fseek(infile, 0L, SEEK_SET);
|
||||
buffer = (char*)ms_malloc((numbytes + 1) * sizeof(char));
|
||||
readbytes = fread(buffer, sizeof(char), numbytes, infile);
|
||||
fclose(infile);
|
||||
buffer[readbytes] = '\0';
|
||||
}
|
||||
return buffer;
|
||||
}
|
||||
|
||||
static void tls_certificate_data(void) {
|
||||
if (transport_supported(LinphoneTransportTls)) {
|
||||
LinphoneCoreManager* lcm;
|
||||
LinphoneCore *lc;
|
||||
char *rootcapath = bc_tester_res("certificates/cn/agent.pem"); /*bad root ca*/
|
||||
char *data = read_file(rootcapath);
|
||||
|
||||
lcm = linphone_core_manager_new2("pauline_rc",FALSE);
|
||||
lc = lcm->lc;
|
||||
linphone_core_set_root_ca_data(lcm->lc, data);
|
||||
linphone_core_set_network_reachable(lc, TRUE);
|
||||
BC_ASSERT_TRUE(wait_for(lcm->lc, lcm->lc, &lcm->stat.number_of_LinphoneRegistrationFailed, 1));
|
||||
linphone_core_set_root_ca_data(lcm->lc, NULL); /*no root ca*/
|
||||
linphone_core_refresh_registers(lcm->lc);
|
||||
BC_ASSERT_TRUE(wait_for(lc, lc, &lcm->stat.number_of_LinphoneRegistrationFailed, 2));
|
||||
ms_free(rootcapath);
|
||||
ms_free(data);
|
||||
rootcapath = bc_tester_res("certificates/cn/cafile.pem"); /*good root ca*/
|
||||
data = read_file(rootcapath);
|
||||
linphone_core_set_root_ca_data(lcm->lc, data);
|
||||
linphone_core_refresh_registers(lcm->lc);
|
||||
BC_ASSERT_TRUE(wait_for(lc, lc, &lcm->stat.number_of_LinphoneRegistrationOk, 1));
|
||||
BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed, 2, int, "%d");
|
||||
linphone_core_manager_destroy(lcm);
|
||||
ms_free(rootcapath);
|
||||
ms_free(data);
|
||||
}
|
||||
}
|
||||
|
||||
/*the purpose of this test is to check that will not block the proxy config during SSL handshake for entire life in case of mistaken configuration*/
|
||||
static void tls_with_non_tls_server(void){
|
||||
if (transport_supported(LinphoneTransportTls)) {
|
||||
|
|
@ -909,6 +957,7 @@ test_t register_tests[] = {
|
|||
TEST_NO_TAG("TLS register with alt. name certificate", tls_alt_name_register),
|
||||
TEST_NO_TAG("TLS register with wildcard certificate", tls_wildcard_register),
|
||||
TEST_NO_TAG("TLS certificate not verified",tls_certificate_failure),
|
||||
TEST_NO_TAG("TLS certificate given by string instead of file",tls_certificate_data),
|
||||
TEST_NO_TAG("TLS with non tls server",tls_with_non_tls_server),
|
||||
TEST_NO_TAG("Simple authenticated register", simple_authenticated_register),
|
||||
TEST_NO_TAG("Ha1 authenticated register", ha1_authenticated_register),
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include "linphonecore.h"
|
||||
#include "private.h"
|
||||
#include "liblinphone_tester.h"
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue