diff --git a/coreapi/bellesip_sal/sal_impl.c b/coreapi/bellesip_sal/sal_impl.c index 04a3e093d..c0340e56a 100644 --- a/coreapi/bellesip_sal/sal_impl.c +++ b/coreapi/bellesip_sal/sal_impl.c @@ -552,7 +552,7 @@ int sal_add_listen_port(Sal *ctx, SalAddress* addr){ if (lp) { belle_sip_listening_point_set_keep_alive(lp,ctx->keep_alive); result = belle_sip_provider_add_listening_point(ctx->prov,lp); - set_tls_properties(ctx); + if (sal_address_get_transport(addr)==SalTransportTLS) set_tls_properties(ctx); } else { return -1; } diff --git a/coreapi/linphonecore.c b/coreapi/linphonecore.c index 69680e9d2..e5eaea9ca 100644 --- a/coreapi/linphonecore.c +++ b/coreapi/linphonecore.c @@ -615,11 +615,13 @@ static void sound_config_read(LinphoneCore *lc) static void certificates_config_read(LinphoneCore *lc) { + const char *rootca; #ifdef __linux - sal_set_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", "/etc/ssl/certs")); + rootca=lp_config_get_string(lc->config,"sip","root_ca", "/etc/ssl/certs"); #else - sal_set_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", ROOT_CA_FILE)); + rootca=lp_config_get_string(lc->config,"sip","root_ca", ROOT_CA_FILE); #endif + linphone_core_set_root_ca(lc,rootca); linphone_core_verify_server_certificates(lc,lp_config_get_int(lc->config,"sip","verify_server_certs",TRUE)); linphone_core_verify_server_cn(lc,lp_config_get_int(lc->config,"sip","verify_server_cn",TRUE)); } @@ -1369,6 +1371,8 @@ static void linphone_core_init(LinphoneCore * lc, const LinphoneCoreVTable *vtab lc->network_last_status = FALSE; lc->http_provider = belle_sip_stack_create_http_provider(sal_get_belle_sip_stack(lc->sal), "0.0.0.0"); + lc->http_verify_policy = belle_tls_verify_policy_new(); + belle_http_provider_set_tls_verify_policy(lc->http_provider,lc->http_verify_policy); certificates_config_read(lc); @@ -4347,6 +4351,10 @@ const char *linphone_core_get_ring(const LinphoneCore *lc){ **/ void linphone_core_set_root_ca(LinphoneCore *lc,const char *path){ sal_set_root_ca(lc->sal, path); + if (lc->http_verify_policy){ + belle_tls_verify_policy_set_root_ca(lc->http_verify_policy,path); + } + lp_config_set_string(lc->config,"sip","root_ca",path); } /** @@ -4357,7 +4365,7 @@ void linphone_core_set_root_ca(LinphoneCore *lc,const char *path){ * @ingroup initializing **/ const char *linphone_core_get_root_ca(LinphoneCore *lc){ - return sal_get_root_ca(lc->sal); + return lp_config_get_string(lc->config,"sip","root_ca",NULL); } /** @@ -4367,6 +4375,10 @@ const char *linphone_core_get_root_ca(LinphoneCore *lc){ **/ void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno){ sal_verify_server_certificates(lc->sal,yesno); + if (lc->http_verify_policy){ + belle_tls_verify_policy_set_exceptions(lc->http_verify_policy, yesno ? 0 : BELLE_TLS_VERIFY_ANY_REASON); + } + lp_config_set_int(lc->config,"sip","verify_server_certs",yesno); } /** @@ -4375,6 +4387,10 @@ void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno){ **/ void linphone_core_verify_server_cn(LinphoneCore *lc, bool_t yesno){ sal_verify_server_cn(lc->sal,yesno); + if (lc->http_verify_policy){ + belle_tls_verify_policy_set_exceptions(lc->http_verify_policy, yesno ? 0 : BELLE_TLS_VERIFY_CN_MISMATCH); + } + lp_config_set_int(lc->config,"sip","verify_server_cn",yesno); } static void notify_end_of_ring(void *ud, MSFilter *f, unsigned int event, void *arg){ @@ -5613,6 +5629,11 @@ void net_config_uninit(LinphoneCore *lc) if (lc->http_provider) { belle_sip_object_unref(lc->http_provider); + lc->http_provider=NULL; + } + if (lc->http_verify_policy){ + belle_sip_object_unref(lc->http_verify_policy); + lc->http_verify_policy=NULL; } if (config->stun_server!=NULL){ ms_free(config->stun_server); diff --git a/coreapi/lpconfig.c b/coreapi/lpconfig.c index feaff8cd1..8df196df2 100644 --- a/coreapi/lpconfig.c +++ b/coreapi/lpconfig.c @@ -324,8 +324,9 @@ int lp_config_read_file(LpConfig *lpconfig, const char *filename){ } void lp_item_set_value(LpItem *item, const char *value){ - ortp_free(item->value); + char *prev_value=item->value; item->value=ortp_strdup(value); + ortp_free(prev_value); } diff --git a/coreapi/private.h b/coreapi/private.h index a9bd1f0bf..6f421e95e 100644 --- a/coreapi/private.h +++ b/coreapi/private.h @@ -680,6 +680,7 @@ struct _LinphoneCore UpnpContext *upnp; #endif //BUILD_UPNP belle_http_provider_t *http_provider; + belle_tls_verify_policy_t *http_verify_policy; MSList *tones; LinphoneReason chat_deny_code; };