sal_set_root_ca(lc->sal, lp_config_get_string(lc->config,"sip","root_ca", ROOT_CA_FILE));
#endif
linphone_core_verify_server_certificates(lc,lp_config_get_int(lc->config,"sip","verify_server_certs",TRUE));
+ linphone_core_verify_server_cn(lc,lp_config_get_int(lc->config,"sip","verify_server_cn",TRUE));
/*setting the dscp must be done before starting the transports, otherwise it is not taken into effect*/
sal_set_dscp(lc->sal,linphone_core_get_sip_dscp(lc));
/*start listening on ports*/
sal_verify_server_certificates(lc->sal,yesno);
}
+/**
+ * Specify whether the tls server certificate common name must be verified when connecting to a SIP/TLS server.
+**/
+void linphone_core_verify_server_cn(LinphoneCore *lc, bool_t yesno){
+ sal_verify_server_cn(lc->sal,yesno);
+}
+
static void notify_end_of_ring(void *ud, MSFilter *f, unsigned int event, void *arg){
LinphoneCore *lc=(LinphoneCore*)ud;
lc->preview_finished=1;
void linphone_core_set_ring(LinphoneCore *lc, const char *path);
const char *linphone_core_get_ring(const LinphoneCore *lc);
void linphone_core_verify_server_certificates(LinphoneCore *lc, bool_t yesno);
+void linphone_core_verify_server_cn(LinphoneCore *lc, bool_t yesno);
void linphone_core_set_root_ca(LinphoneCore *lc, const char *path);
const char *linphone_core_get_root_ca(LinphoneCore *lc);
void linphone_core_set_ringback(LinphoneCore *lc, const char *path);
void sal_set_root_ca(Sal* ctx, const char* rootCa);
const char *sal_get_root_ca(Sal* ctx);
void sal_verify_server_certificates(Sal *ctx, bool_t verify);
+void sal_verify_server_cn(Sal *ctx, bool_t verify);
int sal_iterate(Sal *sal);
MSList * sal_get_pending_auths(Sal *sal);
sal->reuse_authorization=FALSE;
sal->rootCa = 0;
sal->verify_server_certs=TRUE;
+ sal->verify_server_cn=TRUE;
sal->expire_old_contact=FALSE;
sal->add_dates=FALSE;
sal->dscp=-1;
#ifdef HAVE_EXOSIP_TLS_VERIFY_CERTIFICATE
eXosip_tls_verify_certificate(ctx->verify_server_certs);
#endif
+#ifdef HAVE_EXOSIP_TLS_VERIFY_CN
+ eXosip_tls_verify_cn(ctx->verify_server_cn);
+#endif
}
void sal_set_dscp(Sal *ctx, int dscp){
#endif
}
+void sal_verify_server_cn(Sal *ctx, bool_t verify){
+ ctx->verify_server_cn=verify;
+#ifdef HAVE_EXOSIP_TLS_VERIFY_CN
+ eXosip_tls_verify_cn(verify);
+#endif
+}
+
static int extract_received_rport(osip_message_t *msg, const char **received, int *rportval,SalTransport* transport){
osip_via_t *via=NULL;
osip_generic_param_t *param=NULL;
bool_t use_101;
bool_t reuse_authorization;
bool_t verify_server_certs;
+ bool_t verify_server_cn;
bool_t expire_old_contact;
bool_t add_dates;
};
[AC_DEFINE([HAVE_EXOSIP_TLS_VERIFY_CERTIFICATE],[1],[Defined when eXosip_tls_verify_certificate is available])],
[AC_MSG_WARN([Could not find eXosip_tls_verify_certificate in eXosip2 !])],
[-losipparser2 -losip2 ])
+AC_CHECK_LIB([eXosip2],[eXosip_tls_verify_cn],
+ [AC_DEFINE([HAVE_EXOSIP_TLS_VERIFY_CN],[1],[Defined when eXosip_tls_verify_certificate is available])],
+ [AC_MSG_WARN([Could not find eXosip_tls_verify_cn in eXosip2 !])],
+ [-losipparser2 -losip2 ])
AC_CHECK_LIB([eXosip2],[eXosip_trylock],
[AC_DEFINE([HAVE_EXOSIP_TRYLOCK],[1],[Defined when eXosip_get_socket is available])],
[],