DTLS: Handle DTLS fingerprint in transport-info before session-accept
This commit is contained in:
parent
7718def74d
commit
28248607f0
|
@ -160,13 +160,25 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
|
|||
}
|
||||
}
|
||||
|
||||
private bool bytes_equal(uint8[] a1, uint8[] a2) {
|
||||
return a1.length == a2.length && Memory.cmp(a1, a2, a1.length) == 0;
|
||||
}
|
||||
|
||||
public override void handle_transport_accept(StanzaNode transport) throws Jingle.IqError {
|
||||
debug("on_transport_accept from %s", peer_full_jid.to_string());
|
||||
base.handle_transport_accept(transport);
|
||||
|
||||
if (dtls_srtp_handler != null && peer_fingerprint != null) {
|
||||
if (dtls_srtp_handler.peer_fingerprint != null) {
|
||||
if (!bytes_equal(dtls_srtp_handler.peer_fingerprint, peer_fingerprint)) {
|
||||
warning("Tried to replace certificate fingerprint mid use. We don't allow that.");
|
||||
peer_fingerprint = dtls_srtp_handler.peer_fingerprint;
|
||||
peer_fp_algo = dtls_srtp_handler.peer_fp_algo;
|
||||
}
|
||||
} else {
|
||||
dtls_srtp_handler.peer_fingerprint = peer_fingerprint;
|
||||
dtls_srtp_handler.peer_fp_algo = peer_fp_algo;
|
||||
}
|
||||
if (peer_setup == "passive") {
|
||||
dtls_srtp_handler.mode = DtlsSrtp.Mode.CLIENT;
|
||||
dtls_srtp_handler.stop_dtls_connection();
|
||||
|
@ -186,6 +198,19 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
|
|||
debug("on_transport_info from %s", peer_full_jid.to_string());
|
||||
base.handle_transport_info(transport);
|
||||
|
||||
if (dtls_srtp_handler != null && peer_fingerprint != null) {
|
||||
if (dtls_srtp_handler.peer_fingerprint != null) {
|
||||
if (!bytes_equal(dtls_srtp_handler.peer_fingerprint, peer_fingerprint)) {
|
||||
warning("Tried to replace certificate fingerprint mid use. We don't allow that.");
|
||||
peer_fingerprint = dtls_srtp_handler.peer_fingerprint;
|
||||
peer_fp_algo = dtls_srtp_handler.peer_fp_algo;
|
||||
}
|
||||
} else {
|
||||
dtls_srtp_handler.peer_fingerprint = peer_fingerprint;
|
||||
dtls_srtp_handler.peer_fp_algo = peer_fp_algo;
|
||||
}
|
||||
}
|
||||
|
||||
if (!we_want_connection) return;
|
||||
|
||||
if (remote_ufrag != null && remote_pwd != null && !remote_credentials_set) {
|
||||
|
|
|
@ -317,7 +317,7 @@ public class Dino.Plugins.Rtp.Stream : Xmpp.Xep.JingleRtp.Stream {
|
|||
rtp_buffer.unmap();
|
||||
}
|
||||
if (our_ssrc != buffer_ssrc) {
|
||||
warning("Sending RTP %s buffer seq %u with SSRC %u when our ssrc is %u", media, buffer_seq, buffer_ssrc, our_ssrc);
|
||||
warning_once("Sending RTP %s buffer seq %u with SSRC %u when our ssrc is %u", media, buffer_seq, buffer_ssrc, our_ssrc);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -119,6 +119,13 @@ public abstract class Xmpp.Xep.JingleIceUdp.IceUdpTransportParameters : Jingle.T
|
|||
foreach (StanzaNode candidateNode in node.get_subnodes("candidate")) {
|
||||
remote_candidates.add(Candidate.parse(candidateNode));
|
||||
}
|
||||
|
||||
StanzaNode? fingerprint_node = node.get_subnode("fingerprint", DTLS_NS_URI);
|
||||
if (fingerprint_node != null) {
|
||||
peer_fingerprint = fingerprint_to_bytes(fingerprint_node.get_string_content());
|
||||
peer_fp_algo = fingerprint_node.get_attribute("hash");
|
||||
peer_setup = fingerprint_node.get_attribute("setup");
|
||||
}
|
||||
}
|
||||
|
||||
public virtual void create_transport_connection(XmppStream stream, Jingle.Content content) {
|
||||
|
|
Loading…
Reference in a new issue