]> git.ipfire.org Git - thirdparty/freeswitch.git/commitdiff
FS-3071 Small fix on default value, and renaming the no-verify-date to verify-date.
authorMarc Olivier Chouinard <mochouinard@moctel.com>
Sun, 18 Dec 2011 17:08:17 +0000 (12:08 -0500)
committerMarc Olivier Chouinard <mochouinard@moctel.com>
Sun, 18 Dec 2011 17:08:17 +0000 (12:08 -0500)
conf/sip_profiles/external.xml
conf/sip_profiles/internal.xml
src/mod/endpoints/mod_sofia/mod_sofia.h
src/mod/endpoints/mod_sofia/sofia.c

index 4cd28365560c6adaca7415f6092c190a45fbd4b4..a709cbb94c562d92e5aa36e42a7eb143f8b66bd9 100644 (file)
@@ -79,8 +79,8 @@
     <param name="tls-cert-dir" value="$${external_ssl_dir}"/>
     <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
     <param name="tls-passphrase" value=""/>
-    <!-- Don't verify the date on TLS certificates -->
-    <param name="tls-no-verify-date" value="false"/>
+    <!-- Verify the date on TLS certificates -->
+    <param name="tls-verify-date" value="true"/>
     <!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
     <!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
     <param name="tls-verify-policy" value="none"/>
index 49bfcc960aadadb882320d4d25ec31b0561249e9..daec3643c518ae7acf541b7d3e4fb18bbe4f185b 100644 (file)
     <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
     <param name="tls-passphrase" value=""/>
     <!-- Don't verify the date on TLS certificates -->
-    <param name="tls-no-verify-date" value="false"/>
+    <param name="tls-verify-date" value="true"/>
     <!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
     <!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
     <param name="tls-verify-policy" value="none"/>
index f148d99fddb92c1d632666528b1ad59fb6940c28..db5265b338877eb45e27aa31ef983f75ea8d1d45 100644 (file)
@@ -641,7 +641,7 @@ struct sofia_profile {
        uint32_t queued_events;
        uint32_t cseq_base;
        int tls_only;
-       int tls_no_verify_date;
+       int tls_verify_date;
        enum tport_tls_verify_policy tls_verify_policy;
        int tls_verify_depth;
        char *tls_passphrase;
index c02c4789e46dd5b8169a49299b0d350ada573495..3628c7bcf8202c9a12645d222d9fd5e7aeccd762 100644 (file)
@@ -1882,7 +1882,7 @@ void *SWITCH_THREAD_FUNC sofia_profile_thread_run(switch_thread_t *thread, void
                                                          TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
                                                                         TPTAG_TLS_VERIFY_DEPTH(profile->tls_verify_depth)),
                                                          TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
-                                                                        TPTAG_TLS_VERIFY_DATE(! profile->tls_no_verify_date)),
+                                                                        TPTAG_TLS_VERIFY_DATE(profile->tls_verify_date)),
                                                          TAG_IF(sofia_test_pflag(profile, PFLAG_TLS) && profile->tls_verify_in_subjects,
                                                                          TPTAG_TLS_VERIFY_SUBJECTS(profile->tls_verify_in_subjects)),
                                                          TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
@@ -3478,9 +3478,6 @@ switch_status_t reconfig_sofia(sofia_profile_t *profile)
                                                }
                                        }
                                }
-                               profile->tls_verify_policy = TPTLS_VERIFY_NONE;
-                               /* lib default */
-                               profile->tls_verify_depth = 2;
 
                                switch_event_destroy(&xml_params);
                        }
@@ -3687,6 +3684,11 @@ switch_status_t config_sofia(int reload, char *profile_name)
                                profile->ndlb |= PFLAG_NDLB_ALLOW_NONDUP_SDP;
                                profile->te = 101;
 
+                                profile->tls_verify_policy = TPTLS_VERIFY_NONE;
+                                /* lib default */
+                                profile->tls_verify_depth = 2;
+                               profile->tls_verify_date = SWITCH_TRUE;
+
                                for (param = switch_xml_child(settings, "param"); param; param = param->next) {
                                        char *var = (char *) switch_xml_attr_soft(param, "name");
                                        char *val = (char *) switch_xml_attr_soft(param, "value");
@@ -4422,8 +4424,8 @@ switch_status_t config_sofia(int reload, char *profile_name)
                                                profile->tls_bind_params = switch_core_strdup(profile->pool, val);
                                        } else if (!strcasecmp(var, "tls-only")) {
                                                profile->tls_only = switch_true(val);
-                                       } else if (!strcasecmp(var, "tls-no-verify-date")) {
-                                               profile->tls_no_verify_date = switch_true(val);
+                                       } else if (!strcasecmp(var, "tls-verify-date")) {
+                                               profile->tls_verify_date = switch_true(val);
                                        } else if (!strcasecmp(var, "tls-verify-depth")) {
                                                profile->tls_verify_depth = atoi(val);
                                        } else if (!strcasecmp(var, "tls-verify-policy")) {