Always set the ZRTP SAS verified flag on our side
When we're terminating ZRTP to an IVR or to a leg which is not ZRTP-capable, there's no way for us to make an intelligent decision about whether this flag should be set. For a client to consider the SAS as verified, however, both sides need to set this flag. By always setting this flag on our side, we leave the decision completely in the hands of the client where we hope there is a careful human. Signed-off-by: Travis Cross <tc@traviscross.com>
This commit is contained in:
parent
ecb84bd126
commit
ad53499b42
|
@ -772,9 +772,7 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
|
|||
switch_channel_set_variable_name_printf(channel, "true", "zrtp_secure_media_confirmed_%s", type);
|
||||
switch_channel_set_variable_name_printf(channel, stream->session->sas1.buffer, "zrtp_sas1_string_%s", type);
|
||||
switch_channel_set_variable_name_printf(channel, stream->session->sas2.buffer, "zrtp_sas2_string", type);
|
||||
|
||||
zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
|
||||
|
||||
zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)1);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -832,12 +830,6 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
|
|||
{
|
||||
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "User already enrolled!\n");
|
||||
switch_channel_set_variable_name_printf(channel, "true", "zrtp_already_enrolled_%s", type);
|
||||
|
||||
if (zrtp_status_ok == zrtp_session_get(stream->session, &zrtp_session_info)) {
|
||||
if (zrtp_session_info.sas_is_ready) {
|
||||
zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
|
@ -845,12 +837,6 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
|
|||
{
|
||||
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "New user enrolled!\n");
|
||||
switch_channel_set_variable_name_printf(channel, "true", "zrtp_new_user_enrolled_%s", type);
|
||||
|
||||
if (zrtp_status_ok == zrtp_session_get(stream->session, &zrtp_session_info)) {
|
||||
if (zrtp_session_info.sas_is_ready) {
|
||||
zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
|
@ -858,12 +844,6 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
|
|||
{
|
||||
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "User unenrolled!\n");
|
||||
switch_channel_set_variable_name_printf(channel, "true", "zrtp_user_unenrolled_%s", type);
|
||||
|
||||
if (zrtp_status_ok == zrtp_session_get(stream->session, &zrtp_session_info)) {
|
||||
if (zrtp_session_info.sas_is_ready) {
|
||||
zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
|
@ -3939,8 +3919,6 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_zerocopy_read_frame(switch_rtp_t *rtp
|
|||
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
|
||||
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
|
||||
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
|
||||
zrtp_verified_set(zrtp_global, &rtp_session->zrtp_session->zid,
|
||||
&rtp_session->zrtp_session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
|
||||
rtp_session->zrtp_mitm_tries++;
|
||||
}
|
||||
}
|
||||
|
@ -4509,8 +4487,6 @@ SWITCH_DECLARE(int) switch_rtp_write_frame(switch_rtp_t *rtp_session, switch_fra
|
|||
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
|
||||
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
|
||||
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
|
||||
zrtp_verified_set(zrtp_global, &rtp_session->zrtp_session->zid,
|
||||
&rtp_session->zrtp_session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
|
||||
rtp_session->zrtp_mitm_tries++;
|
||||
}
|
||||
rtp_session->zrtp_mitm_tries++;
|
||||
|
|
Loading…
Reference in New Issue