} else {
tr.tls_port=lp_config_get_int(lc->config,"sip","sip_tls_port",0);
}
+
+#ifdef __linux
+ sal_set_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", "/etc/ssl/certs"));
+#else
+ sal_set_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", ROOT_CA_FILE));
+#endif
+ linphone_core_verify_server_certificates(lc,lp_config_get_int(lc->config,"sip","verify_server_certs",TRUE));
/*start listening on ports*/
linphone_core_set_sip_transports(lc,&tr);
ms_free(contact);
}
-#ifdef __linux
- sal_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", "/etc/ssl/certs"));
-#else
- sal_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", ROOT_CA_FILE));
-#endif
-
tmp=lp_config_get_int(lc->config,"sip","guess_hostname",1);
linphone_core_set_guess_hostname(lc,tmp);
const char *anyaddr;
LCSipTransports *tr=&lc->sip_conf.transports;
+ /*first of all invalidate all current registrations so that we can register again with new transports*/
+ __linphone_core_invalidate_registers(lc);
+
if (lc->sip_conf.ipv6_enabled)
anyaddr="::0";
else
anyaddr="0.0.0.0";
- sal_unlisten_ports (sal);
+ sal_unlisten_ports(sal);
if (tr->udp_port>0){
if (sal_listen_port (sal,anyaddr,tr->udp_port,SalTransportUDP,FALSE)!=0){
transport_error(lc,"udp",tr->udp_port);
* @ingroup media_parameters
**/
void linphone_core_set_root_ca(LinphoneCore *lc,const char *path){
- sal_root_ca(lc->sal, path);
+ sal_set_root_ca(lc->sal, path);
+}
+
+/**
+ * Specify whether the tls server certificate must be verified when connecting to a SIP/TLS server.
+**/
+void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno){
+ sal_verify_server_certificates(lc->sal,yesno);
}
static void notify_end_of_ring(void *ud, MSFilter *f, unsigned int event, void *arg){
}
}
+
void linphone_core_refresh_registers(LinphoneCore* lc) {
const MSList *elem=linphone_core_get_proxy_config_list(lc);
for(;elem!=NULL;elem=elem->next){
}
}
+void __linphone_core_invalidate_registers(LinphoneCore* lc){
+ const MSList *elem=linphone_core_get_proxy_config_list(lc);
+ for(;elem!=NULL;elem=elem->next){
+ LinphoneProxyConfig *cfg=(LinphoneProxyConfig*)elem->data;
+ if (linphone_proxy_config_register_enabled(cfg) ) {
+ linphone_proxy_config_edit(cfg);
+ linphone_proxy_config_done(cfg);
+ }
+ }
+}
+
void linphone_core_set_network_reachable(LinphoneCore* lc,bool_t isReachable) {
//first disable automatic mode
if (lc->auto_net_state_mon) {
void sal_use_one_matching_codec_policy(Sal *ctx, bool_t one_matching_codec);
void sal_use_rport(Sal *ctx, bool_t use_rports);
void sal_use_101(Sal *ctx, bool_t use_101);
-void sal_root_ca(Sal* ctx, const char* rootCa);
+void sal_set_root_ca(Sal* ctx, const char* rootCa);
+void sal_verify_server_certificates(Sal *ctx, bool_t verify);
int sal_iterate(Sal *sal);
MSList * sal_get_pending_auths(Sal *sal);
sal->use_101=TRUE;
sal->reuse_authorization=FALSE;
sal->rootCa = 0;
+ sal->verify_server_certs=TRUE;
return sal;
}
snprintf(tlsCtx.root_ca_cert, sizeof(tlsCtx.client.cert), "%s", ctx->rootCa);
eXosip_set_tls_ctx(&tlsCtx);
}
+ eXosip_tls_verify_certificate(ctx->verify_server_certs);
break;
default:
ms_warning("unexpected proto, using datagram");
ctx->use_101=use_101;
}
-void sal_root_ca(Sal* ctx, const char* rootCa) {
+void sal_set_root_ca(Sal* ctx, const char* rootCa) {
if (ctx->rootCa)
ms_free(ctx->rootCa);
ctx->rootCa = ms_strdup(rootCa);
}
+void sal_verify_server_certificates(Sal *ctx, bool_t verify){
+ ctx->verify_server_certs=verify;
+ eXosip_tls_verify_certificate(verify);
+}
+
static int extract_received_rport(osip_message_t *msg, const char **received, int *rportval,SalTransport* transport){
osip_via_t *via=NULL;
osip_generic_param_t *param=NULL;