kenmirrors/freeswitch
1
0
Fork 0
mirror of https://github.com/signalwire/freeswitch.git synced 2025-07-12 10:07:26 +00:00
Code Issues Projects Releases Wiki Activity

dtls peer certificate verfication

Browse Source
This commit is contained in:
Praveen Kumar D 2023-05-12 16:36:20 +05:30
parent f377a0ff57
commit 79088865e9
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/switch_rtp.c
View File

@ -3074,8 +3074,12 @@ static int dtls_state_setup(switch_rtp_t *rtp_session, switch_dtls_t *dtls)
if ((dtls->type & DTLS_TYPE_SERVER)) { if ((dtls->type & DTLS_TYPE_SERVER)) {
r = 1; r = 1;
} else if ((cert = SSL_get_peer_certificate(dtls->ssl))) { } else if ((cert = SSL_get_peer_certificate(dtls->ssl))) {
switch_core_cert_extract_fingerprint(cert, dtls->remote_fp); dtls_fingerprint_t fp;
r = switch_core_cert_verify(dtls->remote_fp); fp->type = dtls->remote_fp->type;
switch_core_cert_extract_fingerprint(cert, &fp);
r = !memcmp(fp.str,dtls->remote_fp->str,MAX_FPLEN);
X509_free(cert); X509_free(cert);
} }
@ -3269,10 +3273,12 @@ static int cb_verify_peer(int preverify_ok, X509_STORE_CTX *ctx)
} }
if ((cert = SSL_get_peer_certificate(dtls->ssl))) { if ((cert = SSL_get_peer_certificate(dtls->ssl))) {
switch_core_cert_extract_fingerprint(cert, dtls->remote_fp); dtls_fingerprint_t fp;
fp->type = dtls->remote_fp->type;
r = switch_core_cert_verify(dtls->remote_fp);
switch_core_cert_extract_fingerprint(cert, &fp);
r = !memcmp(fp.str,dtls->remote_fp->str,MAX_FPLEN);
X509_free(cert); X509_free(cert);
} else { } else {
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(dtls->rtp_session->session), SWITCH_LOG_ERROR, "%s CERT ERR!\n", rtp_type(dtls->rtp_session)); switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(dtls->rtp_session->session), SWITCH_LOG_ERROR, "%s CERT ERR!\n", rtp_type(dtls->rtp_session));