mirror of
https://gitlab.linphone.org/BC/public/linphone-iphone.git
synced 2026-01-21 13:08:08 +00:00
Add configuration option allowing to specify trusted CA certificates.
This option can contain either : - a single file path; this file can contain several concatenated CA PEM files - a folder path containing several CA PEM files
This commit is contained in:
Pierre-Eric Pelloux-Prayer
parent
11aeb96df5
commit
b0e75d9d78
7 changed files with 51 additions and 1 deletions
|
|
@ -514,6 +514,8 @@ static void sip_config_read(LinphoneCore *lc)
|
|||
ms_free(contact);
|
||||
}
|
||||
|
||||
sal_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", "/etc/ssl/certs"));
|
||||
|
||||
tmp=lp_config_get_int(lc->config,"sip","guess_hostname",1);
|
||||
linphone_core_set_guess_hostname(lc,tmp);
|
||||
|
||||
|
|
@ -2898,6 +2900,18 @@ const char *linphone_core_get_ring(const LinphoneCore *lc){
|
|||
return lc->sound_conf.local_ring;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the path to a file or folder containing trusted root CAs (PEM format)
|
||||
*
|
||||
* @param path
|
||||
* @param lc The LinphoneCore object
|
||||
*
|
||||
* @ingroup media_parameters
|
||||
**/
|
||||
void linphone_core_set_root_ca(LinphoneCore *lc,const char *path){
|
||||
sal_root_ca(lc->sal, path);
|
||||
}
|
||||
|
||||
static void notify_end_of_ring(void *ud, MSFilter *f, unsigned int event, void *arg){
|
||||
LinphoneCore *lc=(LinphoneCore*)ud;
|
||||
lc->preview_finished=1;
|
||||
|
|
|
|||
|
|
@ -857,6 +857,7 @@ char linphone_core_get_sound_source(LinphoneCore *lc);
|
|||
void linphone_core_set_sound_source(LinphoneCore *lc, char source);
|
||||
void linphone_core_set_ring(LinphoneCore *lc, const char *path);
|
||||
const char *linphone_core_get_ring(const LinphoneCore *lc);
|
||||
void linphone_core_set_root_ca(LinphoneCore *lc, const char *path);
|
||||
void linphone_core_set_ringback(LinphoneCore *lc, const char *path);
|
||||
const char * linphone_core_get_ringback(const LinphoneCore *lc);
|
||||
|
||||
|
|
|
|||
|
|
@ -698,6 +698,14 @@ extern "C" jstring Java_org_linphone_core_LinphoneCoreImpl_getRing(JNIEnv* env
|
|||
return NULL;
|
||||
}
|
||||
}
|
||||
extern "C" void Java_org_linphone_core_LinphoneCoreImpl_setRootCA(JNIEnv* env
|
||||
,jobject thiz
|
||||
,jlong lc
|
||||
,jstring jpath) {
|
||||
const char* path = jpath?env->GetStringUTFChars(jpath, NULL):NULL;
|
||||
linphone_core_set_root_ca((LinphoneCore*)lc,path);
|
||||
if (path) env->ReleaseStringUTFChars(jpath, path);
|
||||
}
|
||||
extern "C" void Java_org_linphone_core_LinphoneCoreImpl_enableKeepAlive(JNIEnv* env
|
||||
,jobject thiz
|
||||
,jlong lc
|
||||
|
|
|
|||
|
|
@ -276,6 +276,7 @@ void sal_reuse_authorization(Sal *ctx, bool_t enabled);
|
|||
void sal_use_one_matching_codec_policy(Sal *ctx, bool_t one_matching_codec);
|
||||
void sal_use_rport(Sal *ctx, bool_t use_rports);
|
||||
void sal_use_101(Sal *ctx, bool_t use_101);
|
||||
void sal_root_ca(Sal* ctx, const char* rootCa);
|
||||
|
||||
int sal_iterate(Sal *sal);
|
||||
MSList * sal_get_pending_auths(Sal *sal);
|
||||
|
|
|
|||
|
|
@ -281,11 +281,14 @@ Sal * sal_init(){
|
|||
sal->use_rports=TRUE;
|
||||
sal->use_101=TRUE;
|
||||
sal->reuse_authorization=FALSE;
|
||||
sal->rootCa = 0;
|
||||
return sal;
|
||||
}
|
||||
|
||||
void sal_uninit(Sal* sal){
|
||||
eXosip_quit();
|
||||
if (sal->rootCa)
|
||||
ms_free(sal->rootCa);
|
||||
ms_free(sal);
|
||||
}
|
||||
|
||||
|
|
@ -365,7 +368,14 @@ int sal_listen_port(Sal *ctx, const char *addr, int port, SalTransport tr, int i
|
|||
case SalTransportTLS:
|
||||
proto= IPPROTO_TCP;
|
||||
keepalive=-1;
|
||||
eXosip_set_option (EXOSIP_OPT_UDP_KEEP_ALIVE,&keepalive);
|
||||
eXosip_set_option (EXOSIP_OPT_UDP_KEEP_ALIVE,&keepalive);
|
||||
|
||||
if (ctx->rootCa) {
|
||||
eXosip_tls_ctx_t tlsCtx;
|
||||
memset(&tlsCtx, 0, sizeof(tlsCtx));
|
||||
snprintf(tlsCtx.root_ca_cert, sizeof(tlsCtx.client.cert), "%s", ctx->rootCa);
|
||||
eXosip_set_tls_ctx(&tlsCtx);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
ms_warning("unexpected proto, using datagram");
|
||||
|
|
@ -432,6 +442,13 @@ void sal_use_101(Sal *ctx, bool_t use_101){
|
|||
ctx->use_101=use_101;
|
||||
}
|
||||
|
||||
void sal_root_ca(Sal* ctx, const char* rootCa) {
|
||||
if (ctx->rootCa)
|
||||
ms_free(ctx->rootCa);
|
||||
ctx->rootCa = ms_strdup(rootCa);
|
||||
ms_error("YIPI : %s == %s\n", rootCa, ctx->rootCa);
|
||||
}
|
||||
|
||||
static int extract_received_rport(osip_message_t *msg, const char **received, int *rportval,SalTransport* transport){
|
||||
osip_via_t *via=NULL;
|
||||
osip_generic_param_t *param=NULL;
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ struct Sal{
|
|||
bool_t use_rports;
|
||||
bool_t use_101;
|
||||
bool_t reuse_authorization;
|
||||
char* rootCa; /* File _or_ folder containing root CA */
|
||||
};
|
||||
|
||||
struct SalOp{
|
||||
|
|
|
|||
|
|
@ -528,6 +528,14 @@ public interface LinphoneCore {
|
|||
* @param null if not set
|
||||
*/
|
||||
String getRing();
|
||||
|
||||
/**
|
||||
* Sets file or folder containing trusted root CAs
|
||||
*
|
||||
* @param path path to file with multiple PEM certif or to folder with multiple PEM files
|
||||
*/
|
||||
void setRootCA(String path);
|
||||
|
||||
void setUploadBandwidth(int bw);
|
||||
|
||||
void setDownloadBandwidth(int bw);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue