Merge branch 'master' of git.linphone.org:linphone into upnp

[linphone] / coreapi / linphonecore.c

diff --git a/coreapi/linphonecore.c b/coreapi/linphonecore.c
index b1b6e6c6bbb0e917c2fe764e297b14022e6e7dbc..9545af23ffc2cdfec817f7769838e70c1360133d 100644 (file)
--- a/coreapi/linphonecore.c
+++ b/coreapi/linphonecore.c
@@ -65,6 +65,7 @@ static void linphone_core_run_hooks(LinphoneCore *lc);
 static void linphone_core_free_hooks(LinphoneCore *lc);
 
 #include "enum.h"
+
 const char *linphone_core_get_nat_address_resolved(LinphoneCore *lc);
 static void toggle_video_preview(LinphoneCore *lc, bool_t val);
 
@@ -565,6 +566,7 @@ static void sip_config_read(LinphoneCore *lc)
        sal_set_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", ROOT_CA_FILE));
 #endif
        linphone_core_verify_server_certificates(lc,lp_config_get_int(lc->config,"sip","verify_server_certs",TRUE));
+       linphone_core_verify_server_cn(lc,lp_config_get_int(lc->config,"sip","verify_server_cn",TRUE));
        /*setting the dscp must be done before starting the transports, otherwise it is not taken into effect*/
        sal_set_dscp(lc->sal,linphone_core_get_sip_dscp(lc));
        /*start listening on ports*/
@@ -2585,6 +2587,19 @@ bool_t linphone_core_inc_invite_pending(LinphoneCore*lc){
        return FALSE;
 }
 
+bool_t linphone_core_incompatible_security(LinphoneCore *lc, SalMediaDescription *md){
+       if (linphone_core_is_media_encryption_mandatory(lc) && linphone_core_get_media_encryption(lc)==LinphoneMediaEncryptionSRTP){
+               int i;
+               for(i=0;i<md->nstreams;i++){
+                       SalStreamDescription *sd=&md->streams[i];
+                       if (sd->proto!=SalProtoRtpSavp){
+                               return TRUE;
+                       }
+               }
+       }
+       return FALSE;
+}
+
 void linphone_core_notify_incoming_call(LinphoneCore *lc, LinphoneCall *call){
        char *barmesg;
        char *tmp;
@@ -2596,10 +2611,12 @@ void linphone_core_notify_incoming_call(LinphoneCore *lc, LinphoneCall *call){
        linphone_call_make_local_media_description(lc,call);
        sal_call_set_local_media_description(call->op,call->localdesc);
        md=sal_call_get_final_media_description(call->op);
-       if (md && sal_media_description_empty(md)){
-               sal_call_decline(call->op,SalReasonMedia,NULL);
-               linphone_call_unref(call);
-               return;
+       if (md){
+               if (sal_media_description_empty(md) || linphone_core_incompatible_security(lc,md)){
+                       sal_call_decline(call->op,SalReasonMedia,NULL);
+                       linphone_call_unref(call);
+                       return;
+               }
        }
 
        from_parsed=linphone_address_new(sal_op_get_from(call->op));
@@ -3802,6 +3819,13 @@ void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno){
        sal_verify_server_certificates(lc->sal,yesno);
 }
 
+/**
+ * Specify whether the tls server certificate common name must be verified when connecting to a SIP/TLS server.
+**/
+void linphone_core_verify_server_cn(LinphoneCore *lc, bool_t yesno){
+       sal_verify_server_cn(lc->sal,yesno);
+}
+
 static void notify_end_of_ring(void *ud, MSFilter *f, unsigned int event, void *arg){
        LinphoneCore *lc=(LinphoneCore*)ud;
        lc->preview_finished=1;