dtls peer certificate verfication

2025-07-12 10:07:26 +00:00 · 2023-05-12 16:36:20 +05:30 · 2023-05-12 16:36:20 +05:30 · 79088865e9
commit 79088865e9
parent f377a0ff57
1 changed files with 11 additions and 5 deletions
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@ -3074,8 +3074,12 @@ static int dtls_state_setup(switch_rtp_t *rtp_session, switch_dtls_t *dtls)
 	if ((dtls->type & DTLS_TYPE_SERVER)) {
 		r = 1;
 	} else if ((cert = SSL_get_peer_certificate(dtls->ssl))) {
-		switch_core_cert_extract_fingerprint(cert, dtls->remote_fp);
-		r = switch_core_cert_verify(dtls->remote_fp);
+		dtls_fingerprint_t fp;
+		fp->type = dtls->remote_fp->type;
+
+		switch_core_cert_extract_fingerprint(cert, &fp);
+		r = !memcmp(fp.str,dtls->remote_fp->str,MAX_FPLEN);
+
 		X509_free(cert);
 	}

@ -3269,9 +3273,11 @@ static int cb_verify_peer(int preverify_ok, X509_STORE_CTX *ctx)
 	}

 	if ((cert = SSL_get_peer_certificate(dtls->ssl))) {
-		switch_core_cert_extract_fingerprint(cert, dtls->remote_fp);
+		dtls_fingerprint_t fp;
+		fp->type = dtls->remote_fp->type;

-		r = switch_core_cert_verify(dtls->remote_fp);
+		switch_core_cert_extract_fingerprint(cert, &fp);
+		r = !memcmp(fp.str,dtls->remote_fp->str,MAX_FPLEN);
 		
 		X509_free(cert);
 	} else {