DTLS: Handle DTLS fingerprint in transport-info before session-accept
This commit is contained in:
parent
7718def74d
commit
28248607f0
|
@ -160,13 +160,25 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private bool bytes_equal(uint8[] a1, uint8[] a2) {
|
||||||
|
return a1.length == a2.length && Memory.cmp(a1, a2, a1.length) == 0;
|
||||||
|
}
|
||||||
|
|
||||||
public override void handle_transport_accept(StanzaNode transport) throws Jingle.IqError {
|
public override void handle_transport_accept(StanzaNode transport) throws Jingle.IqError {
|
||||||
debug("on_transport_accept from %s", peer_full_jid.to_string());
|
debug("on_transport_accept from %s", peer_full_jid.to_string());
|
||||||
base.handle_transport_accept(transport);
|
base.handle_transport_accept(transport);
|
||||||
|
|
||||||
if (dtls_srtp_handler != null && peer_fingerprint != null) {
|
if (dtls_srtp_handler != null && peer_fingerprint != null) {
|
||||||
dtls_srtp_handler.peer_fingerprint = peer_fingerprint;
|
if (dtls_srtp_handler.peer_fingerprint != null) {
|
||||||
dtls_srtp_handler.peer_fp_algo = peer_fp_algo;
|
if (!bytes_equal(dtls_srtp_handler.peer_fingerprint, peer_fingerprint)) {
|
||||||
|
warning("Tried to replace certificate fingerprint mid use. We don't allow that.");
|
||||||
|
peer_fingerprint = dtls_srtp_handler.peer_fingerprint;
|
||||||
|
peer_fp_algo = dtls_srtp_handler.peer_fp_algo;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
dtls_srtp_handler.peer_fingerprint = peer_fingerprint;
|
||||||
|
dtls_srtp_handler.peer_fp_algo = peer_fp_algo;
|
||||||
|
}
|
||||||
if (peer_setup == "passive") {
|
if (peer_setup == "passive") {
|
||||||
dtls_srtp_handler.mode = DtlsSrtp.Mode.CLIENT;
|
dtls_srtp_handler.mode = DtlsSrtp.Mode.CLIENT;
|
||||||
dtls_srtp_handler.stop_dtls_connection();
|
dtls_srtp_handler.stop_dtls_connection();
|
||||||
|
@ -186,6 +198,19 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
|
||||||
debug("on_transport_info from %s", peer_full_jid.to_string());
|
debug("on_transport_info from %s", peer_full_jid.to_string());
|
||||||
base.handle_transport_info(transport);
|
base.handle_transport_info(transport);
|
||||||
|
|
||||||
|
if (dtls_srtp_handler != null && peer_fingerprint != null) {
|
||||||
|
if (dtls_srtp_handler.peer_fingerprint != null) {
|
||||||
|
if (!bytes_equal(dtls_srtp_handler.peer_fingerprint, peer_fingerprint)) {
|
||||||
|
warning("Tried to replace certificate fingerprint mid use. We don't allow that.");
|
||||||
|
peer_fingerprint = dtls_srtp_handler.peer_fingerprint;
|
||||||
|
peer_fp_algo = dtls_srtp_handler.peer_fp_algo;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
dtls_srtp_handler.peer_fingerprint = peer_fingerprint;
|
||||||
|
dtls_srtp_handler.peer_fp_algo = peer_fp_algo;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (!we_want_connection) return;
|
if (!we_want_connection) return;
|
||||||
|
|
||||||
if (remote_ufrag != null && remote_pwd != null && !remote_credentials_set) {
|
if (remote_ufrag != null && remote_pwd != null && !remote_credentials_set) {
|
||||||
|
|
|
@ -317,7 +317,7 @@ public class Dino.Plugins.Rtp.Stream : Xmpp.Xep.JingleRtp.Stream {
|
||||||
rtp_buffer.unmap();
|
rtp_buffer.unmap();
|
||||||
}
|
}
|
||||||
if (our_ssrc != buffer_ssrc) {
|
if (our_ssrc != buffer_ssrc) {
|
||||||
warning("Sending RTP %s buffer seq %u with SSRC %u when our ssrc is %u", media, buffer_seq, buffer_ssrc, our_ssrc);
|
warning_once("Sending RTP %s buffer seq %u with SSRC %u when our ssrc is %u", media, buffer_seq, buffer_ssrc, our_ssrc);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -119,6 +119,13 @@ public abstract class Xmpp.Xep.JingleIceUdp.IceUdpTransportParameters : Jingle.T
|
||||||
foreach (StanzaNode candidateNode in node.get_subnodes("candidate")) {
|
foreach (StanzaNode candidateNode in node.get_subnodes("candidate")) {
|
||||||
remote_candidates.add(Candidate.parse(candidateNode));
|
remote_candidates.add(Candidate.parse(candidateNode));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
StanzaNode? fingerprint_node = node.get_subnode("fingerprint", DTLS_NS_URI);
|
||||||
|
if (fingerprint_node != null) {
|
||||||
|
peer_fingerprint = fingerprint_to_bytes(fingerprint_node.get_string_content());
|
||||||
|
peer_fp_algo = fingerprint_node.get_attribute("hash");
|
||||||
|
peer_setup = fingerprint_node.get_attribute("setup");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public virtual void create_transport_connection(XmppStream stream, Jingle.Content content) {
|
public virtual void create_transport_connection(XmppStream stream, Jingle.Content content) {
|
||||||
|
|
Loading…
Reference in a new issue