From 79088865e94eb0adfec0a0f3a23e8f9dcc95e7cf Mon Sep 17 00:00:00 2001
From: Praveen Kumar D <praveen-10261@linux.csez.zohocorpin.com>
Date: Fri, 12 May 2023 16:36:20 +0530
Subject: [PATCH] dtls peer certificate verfication

---
 src/switch_rtp.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index 614d79bf78..6f00d29afa 100644
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -3074,8 +3074,12 @@ static int dtls_state_setup(switch_rtp_t *rtp_session, switch_dtls_t *dtls)
 	if ((dtls->type & DTLS_TYPE_SERVER)) {
 		r = 1;
 	} else if ((cert = SSL_get_peer_certificate(dtls->ssl))) {
-		switch_core_cert_extract_fingerprint(cert, dtls->remote_fp);
-		r = switch_core_cert_verify(dtls->remote_fp);
+		dtls_fingerprint_t fp;
+		fp->type = dtls->remote_fp->type;
+
+		switch_core_cert_extract_fingerprint(cert, &fp);
+		r = !memcmp(fp.str,dtls->remote_fp->str,MAX_FPLEN);
+
 		X509_free(cert);
 	}
 
@@ -3269,10 +3273,12 @@ static int cb_verify_peer(int preverify_ok, X509_STORE_CTX *ctx)
 	}
 
 	if ((cert = SSL_get_peer_certificate(dtls->ssl))) {
-		switch_core_cert_extract_fingerprint(cert, dtls->remote_fp);
-
-		r = switch_core_cert_verify(dtls->remote_fp);
+		dtls_fingerprint_t fp;
+		fp->type = dtls->remote_fp->type;
 
+		switch_core_cert_extract_fingerprint(cert, &fp);
+		r = !memcmp(fp.str,dtls->remote_fp->str,MAX_FPLEN);
+		
 		X509_free(cert);
 	} else {
 		switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(dtls->rtp_session->session), SWITCH_LOG_ERROR, "%s CERT ERR!\n", rtp_type(dtls->rtp_session));