diff --git a/coreapi/linphonecore.c b/coreapi/linphonecore.c index 37beeddd7..da64b4b00 100644 --- a/coreapi/linphonecore.c +++ b/coreapi/linphonecore.c @@ -2251,7 +2251,7 @@ void linphone_core_set_rtp_no_xmit_on_audio_mute(LinphoneCore *lc,bool_t rtp_no_ /** * Sets the UDP port used for audio streaming. - * A value if -1 will request the system to allocate the local port randomly. + * A value of -1 will request the system to allocate the local port randomly. * This is recommended in order to avoid firewall warnings. * * @ingroup network_parameters @@ -2273,7 +2273,7 @@ void linphone_core_set_audio_port_range(LinphoneCore *lc, int min_port, int max_ /** * Sets the UDP port used for video streaming. - * A value if -1 will request the system to allocate the local port randomly. + * A value of -1 will request the system to allocate the local port randomly. * This is recommended in order to avoid firewall warnings. * * @ingroup network_parameters diff --git a/tester/certificates/client/cert2-signed-by-other-ca.pem b/tester/certificates/client/cert2-signed-by-other-ca.pem new file mode 100644 index 000000000..d440d14cd --- /dev/null +++ b/tester/certificates/client/cert2-signed-by-other-ca.pem @@ -0,0 +1,90 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 4096 (0x1000) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FR, ST=France, L=Grenoble, O=Belledonne Communications, CN=Belledonne Communications unofficial rootca + Validity + Not Before: Nov 17 11:33:46 2016 GMT + Not After : Nov 27 11:33:46 2017 GMT + Subject: C=FR, ST=Some-State, L=Lorien, O=Internet Widgits Pty Ltd, CN=sip:galadrielle@sip.example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ae:3c:ab:f2:34:4b:dd:3e:96:b4:0f:76:61:5f: + 59:dd:d0:93:6f:05:04:a2:2e:f7:f5:2f:65:35:02: + f5:6f:ed:dd:46:bb:72:3e:7c:47:b5:37:15:1d:1d: + 90:a7:dc:0f:bf:cc:a8:58:43:86:fb:b8:c7:7e:13: + 7f:05:09:47:6b:bf:a1:d1:76:7d:7a:d3:09:3a:46: + 78:22:08:49:cd:02:8d:80:10:ee:d1:18:3c:e4:df: + 50:be:05:80:88:56:c3:d4:36:2c:05:5d:57:07:9a: + 4a:13:99:7f:46:d9:0b:dd:81:51:29:bd:8e:3a:55: + b2:33:f2:e6:3e:1c:ce:f9:2f:80:68:ca:5a:78:c5: + e1:27:4a:b4:0b:65:9b:24:ee:df:8c:16:f0:74:dc: + fe:a5:9f:52:5a:a1:f9:09:1d:47:00:d9:8a:84:72: + e2:19:7b:cb:cd:62:b3:44:e3:4f:cf:9b:1c:a1:bc: + 70:d3:e0:10:8b:f2:51:28:91:84:61:92:56:03:3a: + 2c:bf:11:8d:b6:4b:c8:4f:1c:e7:75:54:b9:cd:f3: + d5:be:6b:af:6e:9f:ca:77:45:44:5c:55:6a:23:49: + e0:52:fc:30:3d:a9:a8:66:f1:d8:d0:a8:5b:97:3c: + a7:de:70:db:7b:85:c1:f5:8e:54:3c:f8:0f:3a:9f: + 36:2d + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 4a:f6:1f:8c:a8:fa:f6:ed:85:14:2c:12:14:69:7c:ec:ff:17: + 57:e5:bd:a6:e1:50:7e:38:01:d7:a9:92:7c:e2:43:03:f7:7f: + 53:f9:6a:de:bf:55:7b:62:45:fc:55:35:20:8f:6c:b5:83:a6: + 30:56:84:ba:b0:cb:df:1e:6f:e2:ca:8a:9c:94:96:5a:c0:fa: + 18:67:b4:e3:6b:87:09:2a:8e:e2:d3:69:cc:67:9d:ba:e3:48: + f7:1c:81:72:90:c8:8c:24:ff:90:be:14:50:6a:f4:1f:5b:66: + 91:5c:06:ff:fc:5a:53:22:e8:fe:86:38:92:82:18:87:2d:0c: + 78:90:4a:7a:92:3e:48:43:28:20:83:fa:6f:35:e3:b8:54:e9: + f7:a7:91:fd:63:fa:13:0b:31:45:5c:69:33:56:c3:7e:f9:b5: + 57:f4:b9:3a:cb:7c:71:1f:dd:a1:0c:77:fc:f9:69:34:a1:7e: + 2b:a6:05:cd:b9:c9:bb:68:f0:c6:72:54:34:42:94:4d:3f:c6: + d7:86:8b:da:d5:2a:31:28:80:6c:84:3b:60:ce:e4:4d:5a:53: + 4d:b7:31:df:98:d0:d6:7c:c0:36:f3:fd:7c:a0:da:12:ee:9c: + 1a:83:c9:62:22:ad:5b:92:7c:70:c2:49:92:05:87:ee:02:f9: + 23:a7:55:86:65:86:96:53:7e:91:8a:2c:0f:18:9a:34:0f:29: + 8c:0d:0e:4d:28:62:7b:65:ed:62:b8:d0:bf:13:5f:e6:a9:4f: + d6:9c:20:73:2c:b6:28:90:10:c3:20:30:15:14:68:27:64:ee: + 74:2a:01:9d:ea:17:b8:f0:d9:d0:ee:61:f2:de:37:a4:c8:24: + 96:3f:60:6a:51:9c:03:9a:12:c4:d1:72:0e:40:46:2e:82:a7: + 7d:51:df:8e:3b:dd:73:83:31:cd:93:4e:64:ca:9b:6a:e8:2f: + b5:6c:3f:e5:b1:6a:d8:fd:26:7b:4c:84:64:56:11:de:7a:de: + d2:77:7f:ce:98:eb:04:58:4b:15:9b:29:5a:71:fa:a8:50:72: + b7:28:70:a2:77:20:ad:56:34:ab:69:27:47:87:09:67:f6:e1: + a3:66:d8:fc:4f:00:7c:8e:c1:65:c3:c5:8c:ef:2b:d1:a4:90: + ef:ea:5e:9a:ca:8b:95:44:92:60:a1:f8:0e:e8:2d:ca:b1:07: + 57:23:b5:c6:e6:09:00:ac:7b:6f:fa:23:da:35:29:5f:26:78: + b1:04:64:0c:c6:96:41:4e:da:82:fd:2c:dd:5b:43:24:e0:ef: + 1f:a0:8e:41:7d:b6:71:49:96:29:8e:67:aa:53:30:f6:4e:10: + 56:26:43:72:fd:06:27:fb +-----BEGIN CERTIFICATE----- +MIIEgjCCAmoCAhAAMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJGUjEPMA0G +A1UECAwGRnJhbmNlMREwDwYDVQQHDAhHcmVub2JsZTEiMCAGA1UECgwZQmVsbGVk +b25uZSBDb21tdW5pY2F0aW9uczE0MDIGA1UEAwwrQmVsbGVkb25uZSBDb21tdW5p +Y2F0aW9ucyB1bm9mZmljaWFsIHJvb3RjYTAeFw0xNjExMTcxMTMzNDZaFw0xNzEx +MjcxMTMzNDZaMIGAMQswCQYDVQQGEwJGUjETMBEGA1UECAwKU29tZS1TdGF0ZTEP +MA0GA1UEBwwGTG9yaWVuMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBM +dGQxKDAmBgNVBAMMH3NpcDpnYWxhZHJpZWxsZUBzaXAuZXhhbXBsZS5vcmcwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuPKvyNEvdPpa0D3ZhX1nd0JNv +BQSiLvf1L2U1AvVv7d1Gu3I+fEe1NxUdHZCn3A+/zKhYQ4b7uMd+E38FCUdrv6HR +dn160wk6RngiCEnNAo2AEO7RGDzk31C+BYCIVsPUNiwFXVcHmkoTmX9G2QvdgVEp +vY46VbIz8uY+HM75L4Boylp4xeEnSrQLZZsk7t+MFvB03P6ln1JaofkJHUcA2YqE +cuIZe8vNYrNE40/PmxyhvHDT4BCL8lEokYRhklYDOiy/EY22S8hPHOd1VLnN89W+ +a69un8p3RURcVWojSeBS/DA9qahm8djQqFuXPKfecNt7hcH1jlQ8+A86nzYtAgMB +AAEwDQYJKoZIhvcNAQELBQADggIBAEr2H4yo+vbthRQsEhRpfOz/F1flvabhUH44 +AdepknziQwP3f1P5at6/VXtiRfxVNSCPbLWDpjBWhLqwy98eb+LKipyUllrA+hhn +tONrhwkqjuLTacxnnbrjSPccgXKQyIwk/5C+FFBq9B9bZpFcBv/8WlMi6P6GOJKC +GIctDHiQSnqSPkhDKCCD+m8147hU6fenkf1j+hMLMUVcaTNWw375tVf0uTrLfHEf +3aEMd/z5aTShfiumBc25ybto8MZyVDRClE0/xteGi9rVKjEogGyEO2DO5E1aU023 +Md+Y0NZ8wDbz/Xyg2hLunBqDyWIirVuSfHDCSZIFh+4C+SOnVYZlhpZTfpGKLA8Y +mjQPKYwNDk0oYntl7WK40L8TX+apT9acIHMstiiQEMMgMBUUaCdk7nQqAZ3qF7jw +2dDuYfLeN6TIJJY/YGpRnAOaEsTRcg5ARi6Cp31R34473XODMc2TTmTKm2roL7Vs +P+Wxatj9JntMhGRWEd563tJ3f86Y6wRYSxWbKVpx+qhQcrcocKJ3IK1WNKtpJ0eH +CWf24aNm2PxPAHyOwWXDxYzvK9GkkO/qXprKi5VEkmCh+A7oLcqxB1cjtcbmCQCs +e2/6I9o1KV8meLEEZAzGlkFO2oL9LN1bQyTg7x+gjkF9tnFJlimOZ6pTMPZOEFYm +Q3L9Bif7 +-----END CERTIFICATE----- diff --git a/tester/certificates/client/cert2.pem b/tester/certificates/client/cert2.pem new file mode 100644 index 000000000..dc359d851 --- /dev/null +++ b/tester/certificates/client/cert2.pem @@ -0,0 +1,74 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13 (0xd) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FR, ST=Some-State, L=Grenoble, O=Belledonne Communications, OU=LAB, CN=Jehan Monnier/emailAddress=jehan.monnier@belledonne-communications.com + Validity + Not Before: Nov 17 11:09:48 2016 GMT + Not After : Nov 17 11:09:48 2017 GMT + Subject: C=FR, ST=Some-State, L=Lorien, O=Internet Widgits Pty Ltd, CN=sip:galadrielle@sip.example.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ae:3c:ab:f2:34:4b:dd:3e:96:b4:0f:76:61:5f: + 59:dd:d0:93:6f:05:04:a2:2e:f7:f5:2f:65:35:02: + f5:6f:ed:dd:46:bb:72:3e:7c:47:b5:37:15:1d:1d: + 90:a7:dc:0f:bf:cc:a8:58:43:86:fb:b8:c7:7e:13: + 7f:05:09:47:6b:bf:a1:d1:76:7d:7a:d3:09:3a:46: + 78:22:08:49:cd:02:8d:80:10:ee:d1:18:3c:e4:df: + 50:be:05:80:88:56:c3:d4:36:2c:05:5d:57:07:9a: + 4a:13:99:7f:46:d9:0b:dd:81:51:29:bd:8e:3a:55: + b2:33:f2:e6:3e:1c:ce:f9:2f:80:68:ca:5a:78:c5: + e1:27:4a:b4:0b:65:9b:24:ee:df:8c:16:f0:74:dc: + fe:a5:9f:52:5a:a1:f9:09:1d:47:00:d9:8a:84:72: + e2:19:7b:cb:cd:62:b3:44:e3:4f:cf:9b:1c:a1:bc: + 70:d3:e0:10:8b:f2:51:28:91:84:61:92:56:03:3a: + 2c:bf:11:8d:b6:4b:c8:4f:1c:e7:75:54:b9:cd:f3: + d5:be:6b:af:6e:9f:ca:77:45:44:5c:55:6a:23:49: + e0:52:fc:30:3d:a9:a8:66:f1:d8:d0:a8:5b:97:3c: + a7:de:70:db:7b:85:c1:f5:8e:54:3c:f8:0f:3a:9f: + 36:2d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 33:D0:36:5B:62:9B:1C:4D:31:47:9E:C0:91:41:E3:AE:29:61:AB:DB + X509v3 Authority Key Identifier: + keyid:06:5F:5D:C7:16:AF:62:F8:2D:6E:71:03:88:A0:D6:1D:2B:04:7F:BA + + Signature Algorithm: sha256WithRSAEncryption + ba:a1:0a:7e:8e:a6:1e:e8:3d:5f:da:28:a6:57:3e:cb:50:79: + 06:8f:19:1b:df:b0:d2:e6:12:1f:ef:a2:bd:de:40:07:e2:5d: + 3d:64:41:34:10:24:3c:85:62:8e:69:0c:99:89:b7:ce:a4:f6: + 08:6d:37:8a:51:98:bd:46:b7:1b:dd:b2:ba:f7:f4:2f:47:d5: + 74:3f:c5:fe:95:60:b3:42:51:4f:d1:ac:ed:a4:c6:f6:16:f3: + 49:b6:8d:64:7f:76:e1:95:5e:ef:eb:46:4b:d7:a5:59:1d:0d: + ba:c5:07:5f:c3:db:2e:40:aa:6e:34:0c:1a:1d:4b:72:e3:ac: + 61:b5 +-----BEGIN CERTIFICATE----- +MIIDsjCCAxugAwIBAgIBDTANBgkqhkiG9w0BAQsFADCBuzELMAkGA1UEBhMCRlIx +EzARBgNVBAgMClNvbWUtU3RhdGUxETAPBgNVBAcMCEdyZW5vYmxlMSIwIAYDVQQK +DBlCZWxsZWRvbm5lIENvbW11bmljYXRpb25zMQwwCgYDVQQLDANMQUIxFjAUBgNV +BAMMDUplaGFuIE1vbm5pZXIxOjA4BgkqhkiG9w0BCQEWK2plaGFuLm1vbm5pZXJA +YmVsbGVkb25uZS1jb21tdW5pY2F0aW9ucy5jb20wHhcNMTYxMTE3MTEwOTQ4WhcN +MTcxMTE3MTEwOTQ4WjCBgDELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3Rh +dGUxDzANBgNVBAcMBkxvcmllbjEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMSgwJgYDVQQDDB9zaXA6Z2FsYWRyaWVsbGVAc2lwLmV4YW1wbGUub3Jn +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjyr8jRL3T6WtA92YV9Z +3dCTbwUEoi739S9lNQL1b+3dRrtyPnxHtTcVHR2Qp9wPv8yoWEOG+7jHfhN/BQlH +a7+h0XZ9etMJOkZ4IghJzQKNgBDu0Rg85N9QvgWAiFbD1DYsBV1XB5pKE5l/RtkL +3YFRKb2OOlWyM/LmPhzO+S+AaMpaeMXhJ0q0C2WbJO7fjBbwdNz+pZ9SWqH5CR1H +ANmKhHLiGXvLzWKzRONPz5scobxw0+AQi/JRKJGEYZJWAzosvxGNtkvITxzndVS5 +zfPVvmuvbp/Kd0VEXFVqI0ngUvwwPamoZvHY0Khblzyn3nDbe4XB9Y5UPPgPOp82 +LQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl +bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUM9A2W2KbHE0xR57AkUHjrilh +q9swHwYDVR0jBBgwFoAUBl9dxxavYvgtbnEDiKDWHSsEf7owDQYJKoZIhvcNAQEL +BQADgYEAuqEKfo6mHug9X9ooplc+y1B5Bo8ZG9+w0uYSH++ivd5AB+JdPWRBNBAk +PIVijmkMmYm3zqT2CG03ilGYvUa3G92yuvf0L0fVdD/F/pVgs0JRT9Gs7aTG9hbz +SbaNZH924ZVe7+tGS9elWR0NusUHX8PbLkCqbjQMGh1LcuOsYbU= +-----END CERTIFICATE----- diff --git a/tester/certificates/client/key2.pem b/tester/certificates/client/key2.pem new file mode 100644 index 000000000..d6eab8da5 --- /dev/null +++ b/tester/certificates/client/key2.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCuPKvyNEvdPpa0 +D3ZhX1nd0JNvBQSiLvf1L2U1AvVv7d1Gu3I+fEe1NxUdHZCn3A+/zKhYQ4b7uMd+ +E38FCUdrv6HRdn160wk6RngiCEnNAo2AEO7RGDzk31C+BYCIVsPUNiwFXVcHmkoT +mX9G2QvdgVEpvY46VbIz8uY+HM75L4Boylp4xeEnSrQLZZsk7t+MFvB03P6ln1Ja +ofkJHUcA2YqEcuIZe8vNYrNE40/PmxyhvHDT4BCL8lEokYRhklYDOiy/EY22S8hP +HOd1VLnN89W+a69un8p3RURcVWojSeBS/DA9qahm8djQqFuXPKfecNt7hcH1jlQ8 ++A86nzYtAgMBAAECggEAHyf8O0A8vKA/hI0rRvgs8qwkYPrNvE6XykEiYNtZlh07 +rzU/lYrVq8LgxKcPweRo8IwhIj9Y+NQu4A2ObhEds1e+EN2WTItGICSPwM4onD8z +nE3q1nr2EJsaLhB/zmFtfRn+vyrUsChXzK9rAfk31PEV2VfrAeVnC0EJCNxP6mDX +gAjTNN/+Elqzr8Cr7aofthaMnCWnI6JBJ0MCqaozDBreyfGkaFC+RkRxUpZQerqN +tvcurKn0C/Q5ZcfIugvnEFa4nL/V4s+j4Kv1SWgvfi2z4eR7wyiZVT+mStMiHvg5 +JCLNli4GtFyhYzsTqUnd3S2t0unEdaFLEzJakHGjQQKBgQDdjw9UN354QS2Aiqoe +Gu5e9nc3gi3e/dHmPyk4jKPC/cqrQ3AVrXILLjU/FHpT7OrkwoQNvI0qG39r1Akq +hnztTqDw0HVskuWJmPmUxfdl6DIOUln7pEX4yZMreDwdEjxx/oZzbu7bhU3k7zNV +zKv54deN78AmtVI5KzrEdvKfnQKBgQDJUnAtvDeuwE44XUU0mBoH3XdLULLaVeAl +4vovM/8U283+wiBkASXamFimboBKe34TGH/v10hmKxBHyPCgl9ps6o9iFbPRNzOB +kmGrTTojSOJ6u9EXvQ+wTYjzl2n/RlivIsOZRC0YXmk3n+mRPa0TGwnpxH13cEFV +RnEUnYdT0QKBgBZXw/L5Oa7E2+LXmPo6OwmmjzUw0pFnRVCT1ANY43bZgyOsRFRb +TmHkQghfd0qZXMK+/vQnrJCvfzUPh/Ea6ORBhqdiTkUpty4eGCUxpZZISSv6kAp5 +cXj6UvYSRPWljiTsxwBDEqFemxFYMfQYFMu5Q7STlewRYv5S5rVDTYpdAoGAG77I +xwTRh7vpC8uO5hiwPbU/45lTjNOY+J+3axn3ZaCFWz7Vx/KAjQfB7+36sEkkru0J +dLxuteXpcHs47mj/KVOKPzJOfd7lsk3COCGEiahZziBkSKk9qEaHQUr0yMGhJ0Hb +QxwqOtmIFqprPiEJ4UAwtY7m27cUyfPTUcwEAoECgYBEoCn8kmRXuBoDVNPK1IPh +vQcD0RDdtGhOrM36Pmmbky6oS37c3AV4sXOhw7aTYs4GejpeH0tX7F0hiwaZ/SqG +WxliyHCpUxpl+LsGzdfqCa9nEPn4B27/jFYHVCiSheOfVEwjGavkO+VIZbuHXAP4 +V8rXqdmFIbiVb43P6yoMhg== +-----END PRIVATE KEY----- diff --git a/tester/flexisip/README b/tester/flexisip/README new file mode 100644 index 000000000..b2799db77 --- /dev/null +++ b/tester/flexisip/README @@ -0,0 +1,3 @@ +flexisip.conf : is the configuration of the flexisip running on sip2.linphone.org. It has lots of IP addresses hardcoded because this machine is running multiple instances on different IP addresses. +flexisip-generic.conf : is the same configuration without any IP address hardcoded and relative paths. It can be run on any machine from the "tester" directory of linphone. + diff --git a/tester/flexisip/flexisip-generic.conf b/tester/flexisip/flexisip-generic.conf new file mode 100644 index 000000000..52a6423ff --- /dev/null +++ b/tester/flexisip/flexisip-generic.conf @@ -0,0 +1,625 @@ +## +## This is the default Flexisip configuration file +## + +## +## Some global settings of the flexisip proxy. +## +[global] +# Outputs very detailed logs +# Default value: false +debug=1 + +# Automatically respawn flexisip in case of abnormal termination +# (crashes) +# Default value: true +auto-respawn=true + +# List of white space separated host names pointing to this machine. +# This is to prevent loops while routing SIP messages. +# Default value: localhost +aliases=localhost sip2.linphone.org sipopen.example.org sip.example.org auth.example.org auth1.example.org auth2.example.org client.example.org sipv4.example.org sipv4-nat64.example.org + +# List of white space separated SIP uris where the proxy must listen.Wildcard +# (*) can be used to mean 'all local ip addresses'. If 'transport' +# prameter is unspecified, it will listen to both udp and tcp. An +# local address to bind can be indicated in the 'maddr' parameter, +# while the domain part of the uris are used as public domain or +# ip address. Here some examples to understand: +# * listen on all local interfaces for udp and tcp, on standart +# port: +# transports=sip:* +# * listen on all local interfaces for udp,tcp and tls, on standart +# ports: +# transports=sip:* sips:* +# * listen on 192.168.0.29:6060 with tls, but public hostname is +# 'sip.linphone.org' used in SIP messages. Bind address won't appear: +# transports=sips:sip.linphone.org:6060;maddr=192.168.0.29 +# Default value: sip:* +#transports=sip:192.168.56.101:5060 sips:192.168.56.101:5061 + +#note: the ip addresses are explicitely specified here because the machine has several interfaces. In a simple case, using '*' instead of the explicit ip address is sufficient, +#and there is no need to specify the ipv6 transport addresses. +transports=sip:* sips:*;tls-certificates-dir=certificates/cn sips:*:5062;tls-certificates-dir=certificates/altname sips:*:5063;tls-verify-incoming=1 sip:*:5064 + + +# An absolute path of a directory where TLS server certificate and +# private key can be found, concatenated inside an 'agent.pem' file. +# Default value: /etc/flexisip/tls +tls-certificates-dir=/etc/flexisip/tls/certificates/cn +#tls-certificates-dir=/media/sf_workspaces/workspace-macosx/flexisip + +## +## STUN server parameters. +## +[stun-server] +# Enable or disable stun server. +# Default value: true +enabled=true + +# Local ip address where to bind the socket. +# Default value: 0.0.0.0 +bind-address=0.0.0.0 + +# STUN server port number. +# Default value: 3478 +port=3478 + + + +## +## The NatHelper module executes small tasks to make SIP work smoothly +## despite firewalls.It corrects the Contact headers that contain +## obviously inconsistent addresses, and adds a Record-Route to ensure +## subsequent requests are routed also by the proxy, through the +## UDP or TCP channel each client opened to the proxy. +## +[module::NatHelper] +# Indicate whether the module is activated. +# Default value: true +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# Internal URI parameter added to response contact by first proxy +# and cleaned by last one. +# Default value: verified +contact-verified-param=verified + +## +## The authentication module challenges SIP requests according to +## a user/password database. +## +[module::Authentication] +# Indicate whether the module is activated. +# Default value: false +enabled=true + + +no-403=user-agent contains 'tester-no-403' + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= from.uri.domain contains 'sip.example.org' || from.uri.domain contains 'auth.example.org' || from.uri.domain contains 'auth1.example.org' || from.uri.domain contains 'auth2.example.org' || from.uri.domain contains 'anonymous.invalid' + +# List of whitespace separated domain names to challenge. Others +# are denied. +# Default value: +auth-domains= sip.example.org auth.example.org auth1.example.org auth2.example.org + + + +# List of whitespace separated IP which will not be challenged. +# Default value: +trusted-hosts=127.0.0.1 94.23.19.176 + +# Database backend implementation [odbc, file]. +# Default value: odbc +db-implementation=file + +# Odbc connection string to use for connecting to database. ex1: +# DSN=myodbc3; where 'myodbc3' is the datasource name. ex2: DRIVER={MySQL};SERVER=host;DATABASE=db;USER=user;PASSWORD=pass;OPTION=3; +# for a DSN-less connection. ex3: /etc/flexisip/passwd; for a file +# containing one 'user@domain password' by line. +# Default value: +datasource=/etc/flexisip/userdb.conf + +# Odbc SQL request to execute to obtain the password +# . Named parameters are :id (the user found in the from header), +# :domain (the authorization realm) and :authid (the authorization +# username). The use of the :id parameter is mandatory. +# Default value: select password from accounts where id = :id and domain = :domain and authid=:authid +request=select password from accounts where id = :id and domain = :domain and authid=:authid + + +# Use pooling in odbc +# Default value: true +odbc-pooling=true + + +# Duration of the validity of the credentials added to the cache +# in seconds. +# Default value: 1800 +cache-expire=1800 + + +# True if retrieved passwords from the database are hashed. HA1=MD5(A1) +# = MD5(username:realm:pass). +# Default value: false +hashed-passwords=false + +# When receiving a proxy authenticate challenge, generate a new +# challenge for this proxy. +# Default value: false +new-auth-on-407=false + +enable-test-accounts-creation=true + +## +## ... +## +[module::GatewayAdapter] +# Indicate whether the module is activated. +# Default value: false +enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# A gateway uri where to send all requests, as a SIP url (eg 'sip:gateway.example.net') +# Default value: +gateway= + +# Modify the from and to domains of incoming register +# Default value: +gateway-domain= + +# The gateway will be added to the incoming register contacts. +# Default value: true +fork-to-gateway=true + +# Send a REGISTER to the gateway using this server as a contact +# in order to be notified on incoming calls by the gateway. +# Default value: true +register-on-gateway=true + +# Parameter name hosting the incoming domain that will be sent in +# the register to the gateway. +# Default value: routing-domain +routing-param=routing-domain + +[module::Router] + +# Store and retrieve contacts without using the domain. +# Default value: false +use-global-domain=false + +# Fork messages to all registered devices +# Default value: true +fork=true + +# Force forking and thus the creation of an outgoing transaction +# even when only one contact found +# Default value: true +stateful=true + +# Fork invites to late registers +# Default value: false +fork-late=true + +call-fork-timeout=20 + + + +# All the forked have to decline in order to decline the caller +# invite +# Default value: false +fork-no-global-decline=false + +# Maximum duration for delivering a message (text) +# Default value: 3600 +message-delivery-timeout=60 +## +## The Registrar module accepts REGISTERs for domains it manages, +## and store the address of record in order to route other requests +## destinated to the client who registered. +## +[module::Registrar] +# Indicate whether the module is activated. +# Default value: true +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# List of whitelist separated domain names to be managed by the +# registrar. +# Default value: localhost +reg-domains=localhost sip.example.org sipopen.example.org auth1.example.org sip2.linphone.org client.example.org + +# Maximum number of registered contacts of an address of record. +# Default value: 15 +max-contacts-by-aor=15 + +# List of contact uri parameters that can be used to identify a +# user's device. +# Default value: +sip.instance +#unique-id-parameters= + +# Maximum expire time for a REGISTER, in seconds. +# Default value: 86400 +max-expires=60 + +# Minimum expire time for a REGISTER, in seconds. +# Default value: 60 +min-expires=1 + +# File containing the static records to add to database at startup. +# Format: one 'sip_uri contact_header' by line. Example: +# , +# Default value: +static-records-file= + +# Timeout in seconds after which the static records file is re-read +# and the contacts updated. +# Default value: 600 +static-records-timeout=600 + +# Implementation used for storing address of records contact uris. +# [redis-async, redis-sync, internal] +# Default value: internal +db-implementation=internal + + + + + + + + +# Generate a contact from the TO header and route it to the above +# destination. [sip:host:port] +# Default value: +generated-contact-route= + +# Require presence of authorization header for specified realm. +# [Realm] +# Default value: +generated-contact-expected-realm= + + +[module::ContactRouteInserter] +# Indicate whether the module is activated. +# Default value: true +enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# Hack for workarounding Nortel CS2k gateways bug. +# Default value: false +masquerade-contacts-for-invites=false + +## +## This module performs load balancing between a set of configured +## destination proxies. +## +[module::LoadBalancer] +# Indicate whether the module is activated. +# Default value: false +enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# Whitespace separated list of sip routes to balance the requests. +# Example: +# Default value: +routes= + +## +## The MediaRelay module masquerades SDP message so that all RTP +## and RTCP streams go through the proxy. The RTP and RTCP streams +## are then routed so that each client receives the stream of the +## other. MediaRelay makes sure that RTP is ALWAYS established, even +## with uncooperative firewalls. +## +[module::MediaRelay] +# Indicate whether the module is activated. +# Default value: true +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (:q +# Default value: +filter= (user-agent contains 'Natted Linphone') + +# SDP attribute set by the first proxy to forbid subsequent proxies +# to provide relay. +# Default value: nortpproxy +nortpproxy=nortpproxy + +# Set the RTP direction during early media state (duplex, forward) +# Default value: duplex +#early-media-rtp-dir=duplex + +# The minimal value of SDP port range +# Default value: 1024 +sdp-port-range-min=1024 + +# The maximal value of SDP port range +# Default value: 65535 +sdp-port-range-max=65535 + +# Enable I-frame only filtering for video H264 for clients annoucing +# a total bandwith below this value expressed in kbit/s. Use 0 to +# disable the feature +# Default value: 0 +#h264-filtering-bandwidth=0 + +# When above option is activated, keep one I frame over this number. +# Default value: 1 +#h264-iframe-decim=1 + +# Sends a ACK and BYE to 200 Ok for INVITEs not belonging to any established call. +bye-orphan-dialogs=true + + +## +## The purpose of the Transcoder module is to transparently transcode +## from one audio codec to another to make the communication possible +## between clients that do not share the same set of supported codecs. +## Concretely it adds all missing codecs into the INVITEs it receives, +## and adds codecs matching the original INVITE into the 200Ok. Rtp +## ports and addresses are masqueraded so that the streams can be +## processed by the proxy. The transcoding job is done in the background +## by the mediastreamer2 library, as consequence the set of supported +## codecs is exactly the the same as the codec set supported by mediastreamer2, +## including the possible plugins you may installed to extend mediastreamer2. +## WARNING: this module can conflict with the MediaRelay module as +## both are changin the SDP. Make sure to configure them with different +## to-domains or from-domains filter if you want to enable both of +## them. +## +[module::Transcoder] +# Indicate whether the module is activated. +# Default value: false +enabled=false + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# Nominal size of RTP jitter buffer, in milliseconds. A value of +# 0 means no jitter buffer (packet processing). +# Default value: 0 +jb-nom-size=0 + +# Whitespace separated list of user-agent strings for which audio +# rate control is performed. +# Default value: +rc-user-agents= + +# Whitespace seprated list of audio codecs, in order of preference. +# Default value: speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 +audio-codecs=speex/8000 amr/8000 iLBC/8000 gsm/8000 pcmu/8000 pcma/8000 + +# If true, retransmissions of INVITEs will be blocked. The purpose +# of this option is to limit bandwidth usage and server load on +# reliable networks. +# Default value: false +block-retransmissions=false + +## +## This module executes the basic routing task of SIP requests and +## pass them to the transport layer. It must always be enabled. +## +[module::Forward] +# Indicate whether the module is activated. +# Default value: true +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# A sip uri where to send all requests +# Default value: +route= + +# Rewrite request-uri's host and port according to above route +# Default value: false +rewrite-req-uri=false + +[module::Redirect] +enabled=true +filter = (user-agent contains 'redirect') && !(request.uri.params contains 'redirected') +contact= + +## +## The purpose of the StatisticsCollector module is to collect call +## statistics (RFC 6035) and store them on the server. +## +[module::StatisticsCollector] +# Indicate whether the module is activated. +# Default value: false +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# SIP URI of the statistics collector. Note that the messages destinated +# to this address will be deleted by this module and thus not be +# delivered. +# Default value: +collector-address=sip:sip.example.org + +## +## This module performs push notifications to mobile phone notification +## systems: apple, android, windows, as well as a generic http get/post +## to a custom server to which actual sending of the notification +## is delegated. The push notification is sent when an INVITE or +## MESSAGE request is not answered by the destination of the request +## within a certain period of time, configurable hereunder as 'timeout' +## parameter. +## + + + +[module::PushNotification] +# Indicate whether the module is activated. +# Default value: false +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# Number of second to wait before sending a push notification to +# device(if <=0 then disabled) +# Default value: 5 +timeout=5 + +# Maximum number of notifications queued for each client +# Default value: 10 +max-queue-size=10 + +# Enable push notification for apple devices +# Default value: true +apple=false + +# Path to directory where to find Apple Push Notification service +# certificates. They should bear the appid of the application, suffixed +# by the release mode and .pem extension. For example: org.linphone.dev.pem +# org.linphone.prod.pem com.somephone.dev.pem etc... The files should +# be .pem format, and made of certificate followed by private key. +# Default value: /etc/flexisip/apn +apple-certificate-dir=/etc/flexisip/apn + +# Enable push notification for android devices +# Default value: true +google=false + +# List of couples projectId:ApiKey for each android project that +# supports push notifications +# Default value: +google-projects-api-keys= + +# Enable push notification for windows phone 8 devices +# Default value: true +windowsphone=false + +# Set the badge value to 0 for apple push +# Default value: false +no-badge=false + +# Instead of having Flexisip sending the push notification directly +# to the Google/Apple/Microsoft push servers, send an http request +# to an http server with all required information encoded in URL, +# to which the actual sending of the push notification is delegated. +# The following arguments can be substitued in the http request +# uri, with the following values: +# - $type : apple, google, wp +# - $event : call, message +# - $from-name : the display name in the from header +# - $from-uri : the sip uri of the from header +# - $from-tag : the tag of the from header +# - $call-id : the call-id of the INVITE or MESSAGE request +# - $to-uri : the sip uri of the to header +# - $api-key : the api key to use (google only) +# - $msgid : the message id to put in the notification +# - $sound : the sound file to play with the notification +# + The content of the text message is put in the body of the http +# request as text/plain, if any. +# Example: http://192.168.0.2/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri +# Default value: +external-push-uri=http://127.0.0.1:80/$type/$event?from-uri=$from-uri&tag=$from-tag&callid=$callid&to=$to-uri + +# Method for reaching external-push-uri, typically GET or POST +# Default value: GET +external-push-method=GET + +## +## This module bans user when they are sending too much packets on +## a given timelapseTo see the list of currently banned ips/ports, +## use iptables -LYou can also check the queue of unban commands +## using atq +## +[module::DoSProtection] + +# Indicate whether the module is activated. +# Default value: true +enabled=true + +# A request/response enters module if the boolean filter evaluates +# to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain +# in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') +# && (user-agent == 'Linphone v2') +# Default value: +filter= + +# Number of milliseconds to consider to compute the packet rate +# Default value: 3000 +time-period=15000 + +# Maximum packet rate received in [time-period] millisecond(s) to +# consider it as a DoS attack. +# Default value: 20 +packet-rate-limit=10 + +# Number of minutes to ban the ip/port using iptables (might be +# less because it justs uses the minutes of the clock, not the seconds. +# So if the unban command is queued at 13:11:56 and scheduled and +# the ban time is 1 minute, it will be executed at 13:12:00) +# Default value: 2 +ban-time=1 + +[module::Presence] +enabled=true +presence-server = +only-list-subscription = !(user-agent contains 'full-presence-support') + +[presence-server] +expires = 600 +transports = sip:127.0.0.1:5065;transport=tcp + diff --git a/tester/flexisip/flexisip.conf b/tester/flexisip/flexisip.conf index 5c29e9e7f..0f33b15b0 100644 --- a/tester/flexisip/flexisip.conf +++ b/tester/flexisip/flexisip.conf @@ -40,7 +40,7 @@ aliases=localhost sip2.linphone.org sipopen.example.org sip.example.org auth.exa #note: the ip addresses are explicitely specified here because the machine has several interfaces. In a simple case, using '*' instead of the explicit ip address is sufficient, #and there is no need to specify the ipv6 transport addresses. -transports=sip:94.23.19.176:5060 sips:94.23.19.176:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:94.23.19.176:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:94.23.19.176:5063;require-peer-certificate=1 sip:94.23.19.176:5064 sip:[2001:41d0:2:14b0::1]:5060 sips:[2001:41d0:2:14b0::1]:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:[2001:41d0:2:14b0::1]:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:[2001:41d0:2:14b0::1]:5063;require-peer-certificate=1 sip:[2001:41d0:2:14b0::1]:5064 +transports=sip:94.23.19.176:5060 sips:94.23.19.176:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:94.23.19.176:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:94.23.19.176:5063;tls-verify-incoming=1 sip:94.23.19.176:5064 sip:[2001:41d0:2:14b0::1]:5060 sips:[2001:41d0:2:14b0::1]:5061;tls-certificates-dir=/etc/flexisip/tls/certificates/cn sips:[2001:41d0:2:14b0::1]:5062;tls-certificates-dir=/etc/flexisip/tls/certificates/altname sips:[2001:41d0:2:14b0::1]:5063;tls-verify-incoming=1 sip:[2001:41d0:2:14b0::1]:5064 # An absolute path of a directory where TLS server certificate and diff --git a/tester/flexisip_tester.c b/tester/flexisip_tester.c index 19d28be65..d74fb969e 100644 --- a/tester/flexisip_tester.c +++ b/tester/flexisip_tester.c @@ -1195,7 +1195,7 @@ static void test_list_subscribe_wrong_body(void) { } -static void publish_subscribe(void) { +static void redis_publish_subscribe(void) { LinphoneCoreManager* marie = linphone_core_manager_new("marie_rc"); LinphoneCoreManager* pauline = linphone_core_manager_new(transport_supported(LinphoneTransportTls) ? "pauline_rc" : "pauline_tcp_rc"); LinphoneCoreManager* marie2 = NULL; @@ -1215,6 +1215,87 @@ static void publish_subscribe(void) { linphone_core_manager_destroy(marie2); } + +static void tls_authentication_requested_good(LinphoneCore *lc, LinphoneAuthInfo *auth_info, LinphoneAuthMethod method) { + if (method == LinphoneAuthTls){ + + char *cert = bc_tester_res("certificates/client/cert2.pem"); + char *key = bc_tester_res("certificates/client/key2.pem"); + + linphone_auth_info_set_tls_cert_path(auth_info, cert); + linphone_auth_info_set_tls_key_path(auth_info, key); + linphone_core_add_auth_info(lc, auth_info); + bc_free(cert); + ms_free(key); + } +} + +static void tls_authentication_requested_bad(LinphoneCore *lc, LinphoneAuthInfo *auth_info, LinphoneAuthMethod method) { + if (method == LinphoneAuthTls){ + + char *cert = bc_tester_res("certificates/client/cert2-signed-by-other-ca.pem"); + char *key = bc_tester_res("certificates/client/key2.pem"); + + linphone_auth_info_set_tls_cert_path(auth_info, cert); + linphone_auth_info_set_tls_key_path(auth_info, key); + linphone_core_add_auth_info(lc, auth_info); + bc_free(cert); + bc_free(key); + } +} + +static void tls_client_auth_try_register(const char *identity, bool_t with_good_cert, bool_t must_work){ + LinphoneCoreManager *lcm; + LinphoneCoreVTable* vtable = linphone_core_v_table_new(); + LinphoneProxyConfig *cfg; + + lcm = linphone_core_manager_new(NULL); + + vtable->authentication_requested= with_good_cert ? tls_authentication_requested_good : tls_authentication_requested_bad; + linphone_core_add_listener(lcm->lc,vtable); + cfg = linphone_core_create_proxy_config(lcm->lc); + + linphone_proxy_config_set_server_addr(cfg, "sip:sip2.linphone.org:5063;transport=tls"); + linphone_proxy_config_enable_register(cfg, TRUE); + linphone_proxy_config_set_identity(cfg, identity); + linphone_core_add_proxy_config(lcm->lc, cfg); + if (must_work){ + BC_ASSERT_TRUE(wait_for(lcm->lc, NULL, &lcm->stat.number_of_LinphoneRegistrationOk, 1)); + BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed,0, int, "%d"); + BC_ASSERT_EQUAL(lcm->stat.number_of_auth_info_requested,1, int, "%d"); + }else{ + BC_ASSERT_TRUE(wait_for(lcm->lc, NULL, &lcm->stat.number_of_LinphoneRegistrationFailed, 1)); + BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationOk,0, int, "%d"); + /*we should expect 2 "auth_requested": one for the TLS certificate, another one because the server rejects the REGISTER with 401.*/ + /*If the certificate isn't recognized at all, the connection will not happen and no SIP response will be received from server.*/ + if (with_good_cert) BC_ASSERT_EQUAL(lcm->stat.number_of_auth_info_requested,2, int, "%d"); + else BC_ASSERT_EQUAL(lcm->stat.number_of_auth_info_requested,1, int, "%d"); + } + + linphone_proxy_config_unref(cfg); + linphone_core_manager_destroy(lcm); + linphone_core_v_table_destroy(vtable); +} + +void tls_client_auth_bad_certificate_cn(void) { + if (transport_supported(LinphoneTransportTls)) { + /*first register to the proxy with galadrielle's identity, and authenticate by supplying galadrielle's certificate. + * It must work.*/ + tls_client_auth_try_register("sip:galadrielle@sip.example.org", TRUE, TRUE); + /*now do the same thing, but trying to register as "Arwen". It must fail.*/ + tls_client_auth_try_register("sip:arwen@sip.example.org", TRUE, FALSE); + } +} + +void tls_client_auth_bad_certificate(void) { + if (transport_supported(LinphoneTransportTls)) { + /*first register to the proxy with galadrielle's identity, and authenticate by supplying galadrielle's certificate. + * It must work.*/ + tls_client_auth_try_register("sip:galadrielle@sip.example.org", FALSE, FALSE); + } +} + + test_t flexisip_tests[] = { TEST_ONE_TAG("Subscribe forking", subscribe_forking, "LeaksMemory"), TEST_NO_TAG("Message forking", message_forking), @@ -1248,8 +1329,11 @@ test_t flexisip_tests[] = { #if HAVE_SIPP TEST_NO_TAG("Subscribe on wrong dialog", test_subscribe_on_wrong_dialog), #endif - TEST_ONE_TAG("Publish/subscribe", publish_subscribe, "Skip") + TEST_ONE_TAG("Redis Publish/subscribe", redis_publish_subscribe, "Skip"), + TEST_NO_TAG("TLS authentication - client rejected due to CN mismatch", tls_client_auth_bad_certificate_cn), + TEST_NO_TAG("TLS authentication - client rejected due to unrecognized certificate chain", tls_client_auth_bad_certificate) }; + test_suite_t flexisip_test_suite = {"Flexisip", NULL, NULL, liblinphone_tester_before_each, liblinphone_tester_after_each, sizeof(flexisip_tests) / sizeof(flexisip_tests[0]), flexisip_tests}; diff --git a/tester/register_tester.c b/tester/register_tester.c index 714314ae2..6c4781cfa 100644 --- a/tester/register_tester.c +++ b/tester/register_tester.c @@ -138,7 +138,7 @@ static void register_with_refresh_base_3(LinphoneCore* lc } else /*checking to be done outside this functions*/ BC_ASSERT_EQUAL(counters->number_of_LinphoneRegistrationCleared,0, int, "%d"); - linphone_proxy_config_destroy(proxy_cfg); + linphone_proxy_config_unref(proxy_cfg); } static void register_with_refresh_base_2(LinphoneCore* lc @@ -860,14 +860,14 @@ static void tls_certificate_failure(void){ linphone_core_set_root_ca(lcm->lc,NULL); /*no root ca*/ linphone_core_refresh_registers(lcm->lc); BC_ASSERT_TRUE(wait_for(lc,lc,&lcm->stat.number_of_LinphoneRegistrationFailed,2)); - ms_free(rootcapath); + bc_free(rootcapath); rootcapath = bc_tester_res("certificates/cn/cafile.pem"); /*good root ca*/ linphone_core_set_root_ca(lcm->lc,rootcapath); linphone_core_refresh_registers(lcm->lc); BC_ASSERT_TRUE(wait_for(lc,lc,&lcm->stat.number_of_LinphoneRegistrationOk,1)); BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed,2, int, "%d"); linphone_core_manager_destroy(lcm); - ms_free(rootcapath); + bc_free(rootcapath); } } @@ -905,7 +905,7 @@ static void tls_certificate_data(void) { linphone_core_set_root_ca_data(lcm->lc, NULL); /*no root ca*/ linphone_core_refresh_registers(lcm->lc); BC_ASSERT_TRUE(wait_for(lc, lc, &lcm->stat.number_of_LinphoneRegistrationFailed, 2)); - ms_free(rootcapath); + bc_free(rootcapath); ms_free(data); rootcapath = bc_tester_res("certificates/cn/cafile.pem"); /*good root ca*/ data = read_file(rootcapath); @@ -914,7 +914,7 @@ static void tls_certificate_data(void) { BC_ASSERT_TRUE(wait_for(lc, lc, &lcm->stat.number_of_LinphoneRegistrationOk, 1)); BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed, 2, int, "%d"); linphone_core_manager_destroy(lcm); - ms_free(rootcapath); + bc_free(rootcapath); ms_free(data); } } @@ -957,7 +957,7 @@ static void tls_alt_name_register(void){ BC_ASSERT_TRUE(wait_for(lc,lc,&lcm->stat.number_of_LinphoneRegistrationOk,1)); BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed,0, int, "%d"); linphone_core_manager_destroy(lcm); - ms_free(rootcapath); + bc_free(rootcapath); } } @@ -974,7 +974,7 @@ static void tls_wildcard_register(void){ BC_ASSERT_TRUE(wait_for(lc,lc,&lcm->stat.number_of_LinphoneRegistrationOk,2)); BC_ASSERT_EQUAL(lcm->stat.number_of_LinphoneRegistrationFailed,0, int, "%d"); linphone_core_manager_destroy(lcm); - ms_free(rootcapath); + bc_free(rootcapath); } } @@ -1003,8 +1003,8 @@ static void tls_auth_global_client_cert(void) { lp_config_set_string(lpc, "sip", "client_cert_key", key_path); linphone_core_manager_start(manager, TRUE); linphone_core_manager_destroy(manager); - ms_free(cert_path); - ms_free(key_path); + bc_free(cert_path); + bc_free(key_path); } } @@ -1022,8 +1022,8 @@ static void tls_auth_global_client_cert_api(void) { linphone_core_manager_destroy(pauline); ms_free(cert); ms_free(key); - ms_free(cert_path); - ms_free(key_path); + bc_free(cert_path); + bc_free(key_path); } } @@ -1037,8 +1037,8 @@ static void tls_auth_global_client_cert_api_path(void) { linphone_core_set_tls_key_path(lc, key); BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1)); linphone_core_manager_destroy(pauline); - ms_free(cert); - ms_free(key); + bc_free(cert); + bc_free(key); } } @@ -1057,8 +1057,8 @@ static void tls_auth_info_client_cert_api(void) { linphone_core_manager_destroy(pauline); ms_free(cert); ms_free(key); - ms_free(cert_path); - ms_free(key_path); + bc_free(cert_path); + bc_free(key_path); } } @@ -1073,8 +1073,8 @@ static void tls_auth_info_client_cert_api_path(void) { linphone_auth_info_set_tls_key_path(authInfo, key); BC_ASSERT_TRUE(wait_for(lc, lc, &pauline->stat.number_of_LinphoneRegistrationOk, 1)); linphone_core_manager_destroy(pauline); - ms_free(cert); - ms_free(key); + bc_free(cert); + bc_free(key); } } @@ -1085,8 +1085,8 @@ static void authentication_requested_2(LinphoneCore *lc, LinphoneAuthInfo *auth_ linphone_auth_info_set_tls_cert_path(auth_info, cert); linphone_auth_info_set_tls_key_path(auth_info, key); linphone_core_add_auth_info(lc, auth_info); - ms_free(cert); - ms_free(key); + bc_free(cert); + bc_free(key); } static void tls_auth_info_client_cert_cb(void) { @@ -1119,8 +1119,8 @@ static void authentication_requested_3(LinphoneCore *lc, LinphoneAuthInfo *auth_ linphone_core_add_auth_info(lc, auth_info); ms_free(cert); ms_free(key); - ms_free(cert_path); - ms_free(key_path); + bc_free(cert_path); + bc_free(key_path); } static void tls_auth_info_client_cert_cb_2(void) { @@ -1142,6 +1142,7 @@ static void tls_auth_info_client_cert_cb_2(void) { } } + test_t register_tests[] = { TEST_NO_TAG("Simple register", simple_register), TEST_NO_TAG("Simple register unregister", simple_unregister),