Add common name certificate verification function in sal

Add eXosip sal wrapper to eXosip_tls_verify_cn

coreapi/linphonecore.c

@@ -567,6 +567,7 @@ static void sip_config_read(LinphoneCore *lc)
 	sal_set_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", ROOT_CA_FILE));
 #endif
 	linphone_core_verify_server_certificates(lc,lp_config_get_int(lc->config,"sip","verify_server_certs",TRUE));
+	linphone_core_verify_server_cn(lc,lp_config_get_int(lc->config,"sip","verify_server_cn",TRUE));
 	/*setting the dscp must be done before starting the transports, otherwise it is not taken into effect*/
 	sal_set_dscp(lc->sal,linphone_core_get_sip_dscp(lc));
 	/*start listening on ports*/
@@ -3701,6 +3702,13 @@ void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno){
 	sal_verify_server_certificates(lc->sal,yesno);
 }
 
+/**
+ * Specify whether the tls server certificate common name must be verified when connecting to a SIP/TLS server.
+**/
+void linphone_core_verify_server_cn(LinphoneCore *lc, bool_t yesno){
+	sal_verify_server_cn(lc->sal,yesno);
+}
+
 static void notify_end_of_ring(void *ud, MSFilter *f, unsigned int event, void *arg){
 	LinphoneCore *lc=(LinphoneCore*)ud;
 	lc->preview_finished=1;

coreapi/linphonecore.h

@@ -1209,6 +1209,7 @@ void linphone_core_set_sound_source(LinphoneCore *lc, char source);
 void linphone_core_set_ring(LinphoneCore *lc, const char *path);
 const char *linphone_core_get_ring(const LinphoneCore *lc);
 void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno);
+void linphone_core_verify_server_cn(LinphoneCore *lc, bool_t yesno);
 void linphone_core_set_root_ca(LinphoneCore *lc, const char *path);
 const char *linphone_core_get_root_ca(LinphoneCore *lc);
 void linphone_core_set_ringback(LinphoneCore *lc, const char *path);

coreapi/sal.h

@@ -359,6 +359,7 @@ void sal_use_101(Sal *ctx, bool_t use_101);
 void sal_set_root_ca(Sal* ctx, const char* rootCa);
 const char *sal_get_root_ca(Sal* ctx);
 void sal_verify_server_certificates(Sal *ctx, bool_t verify);
+void sal_verify_server_cn(Sal *ctx, bool_t verify);
 
 int sal_iterate(Sal *sal);
 MSList * sal_get_pending_auths(Sal *sal);

coreapi/sal_eXosip2.c

@@ -282,6 +282,7 @@ Sal * sal_init(){
 	sal->reuse_authorization=FALSE;
 	sal->rootCa = 0;
 	sal->verify_server_certs=TRUE;
+	sal->verify_server_cn=TRUE;
 	sal->expire_old_contact=FALSE;
 	sal->add_dates=FALSE;
 	sal->dscp=-1;
@@ -378,6 +379,9 @@ static void set_tls_options(Sal *ctx){
 #ifdef HAVE_EXOSIP_TLS_VERIFY_CERTIFICATE
 	eXosip_tls_verify_certificate(ctx->verify_server_certs);
 #endif
+#ifdef HAVE_EXOSIP_TLS_VERIFY_CN
+	eXosip_tls_verify_cn(ctx->verify_server_cn);
+#endif
 }
 
 void sal_set_dscp(Sal *ctx, int dscp){
@@ -499,6 +503,13 @@ void sal_verify_server_certificates(Sal *ctx, bool_t verify){
 #endif
 }
 
+void sal_verify_server_cn(Sal *ctx, bool_t verify){
+	ctx->verify_server_cn=verify;
+#ifdef HAVE_EXOSIP_TLS_VERIFY_CN
+	eXosip_tls_verify_cn(verify);
+#endif
+}
+
 static int extract_received_rport(osip_message_t *msg, const char **received, int *rportval,SalTransport* transport){
 	osip_via_t *via=NULL;
 	osip_generic_param_t *param=NULL;

coreapi/sal_eXosip2.h

@@ -48,6 +48,7 @@ struct Sal{
 	bool_t use_101;
 	bool_t reuse_authorization;
 	bool_t verify_server_certs;
+	bool_t verify_server_cn;
 	bool_t expire_old_contact;
 	bool_t add_dates;
 };

m4/exosip.m4

@@ -40,6 +40,10 @@ AC_CHECK_LIB([eXosip2],[eXosip_tls_verify_certificate],
 	[AC_DEFINE([HAVE_EXOSIP_TLS_VERIFY_CERTIFICATE],[1],[Defined when eXosip_tls_verify_certificate is available])],
 	[AC_MSG_WARN([Could not find eXosip_tls_verify_certificate in eXosip2 !])],
 	[-losipparser2 -losip2 ])
+AC_CHECK_LIB([eXosip2],[eXosip_tls_verify_cn],
+	[AC_DEFINE([HAVE_EXOSIP_TLS_VERIFY_CN],[1],[Defined when eXosip_tls_verify_certificate is available])],
+	[AC_MSG_WARN([Could not find eXosip_tls_verify_cn in eXosip2 !])],
+	[-losipparser2 -losip2 ])
 AC_CHECK_LIB([eXosip2],[eXosip_trylock],
 	[AC_DEFINE([HAVE_EXOSIP_TRYLOCK],[1],[Defined when eXosip_get_socket is available])],
 	[],