Preston_PLB/freeswitch
1
0
Fork 0
forked from Mirrors/freeswitch
Code Pull Requests Activity

Always set the ZRTP SAS verified flag on our side

Browse Source 
When we're terminating ZRTP to an IVR or to a leg which is not
ZRTP-capable, there's no way for us to make an intelligent decision
about whether this flag should be set.  For a client to consider the
SAS as verified, however, both sides need to set this flag.  By always
setting this flag on our side, we leave the decision completely in the
hands of the client where we hope there is a careful human.

Signed-off-by: Travis Cross <tc@traviscross.com>
This commit is contained in:
Travis Cross 2012-06-22 13:25:40 +00:00
parent ecb84bd126
commit ad53499b42
No known key found for this signature in database
GPG Key ID: F12EA662F29911FC
1 changed files with 1 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/switch_rtp.c
View File

@ -772,9 +772,7 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
switch_channel_set_variable_name_printf(channel, "true", "zrtp_secure_media_confirmed_%s", type);
switch_channel_set_variable_name_printf(channel, stream->session->sas1.buffer, "zrtp_sas1_string_%s", type);
switch_channel_set_variable_name_printf(channel, stream->session->sas2.buffer, "zrtp_sas2_string", type);
zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)1);
}
}
@ -832,12 +830,6 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
{
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "User already enrolled!\n");
switch_channel_set_variable_name_printf(channel, "true", "zrtp_already_enrolled_%s", type);
if (zrtp_status_ok == zrtp_session_get(stream->session, &zrtp_session_info)) {
if (zrtp_session_info.sas_is_ready) {
zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
}
}
}
break;
@ -845,12 +837,6 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
{
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "New user enrolled!\n");
switch_channel_set_variable_name_printf(channel, "true", "zrtp_new_user_enrolled_%s", type);
if (zrtp_status_ok == zrtp_session_get(stream->session, &zrtp_session_info)) {
if (zrtp_session_info.sas_is_ready) {
zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
}
}
}
break;
@ -858,12 +844,6 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event)
{
switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "User unenrolled!\n");
switch_channel_set_variable_name_printf(channel, "true", "zrtp_user_unenrolled_%s", type);
if (zrtp_status_ok == zrtp_session_get(stream->session, &zrtp_session_info)) {
if (zrtp_session_info.sas_is_ready) {
zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
}
}
}
break;
@ -3939,8 +3919,6 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_zerocopy_read_frame(switch_rtp_t *rtp
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
zrtp_verified_set(zrtp_global, &rtp_session->zrtp_session->zid,
&rtp_session->zrtp_session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
rtp_session->zrtp_mitm_tries++;
}
}
@ -4509,8 +4487,6 @@ SWITCH_DECLARE(int) switch_rtp_write_frame(switch_rtp_t *rtp_session, switch_fra
switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV);
switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND);
zrtp_verified_set(zrtp_global, &rtp_session->zrtp_session->zid,
&rtp_session->zrtp_session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1));
rtp_session->zrtp_mitm_tries++;
}
rtp_session->zrtp_mitm_tries++;