From ad53499b42892322f7cb6da7d0abb6be3acc64ad Mon Sep 17 00:00:00 2001 From: Travis Cross Date: Fri, 22 Jun 2012 13:25:40 +0000 Subject: [PATCH] Always set the ZRTP SAS verified flag on our side When we're terminating ZRTP to an IVR or to a leg which is not ZRTP-capable, there's no way for us to make an intelligent decision about whether this flag should be set. For a client to consider the SAS as verified, however, both sides need to set this flag. By always setting this flag on our side, we leave the decision completely in the hands of the client where we hope there is a careful human. Signed-off-by: Travis Cross --- src/switch_rtp.c | 26 +------------------------- 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/src/switch_rtp.c b/src/switch_rtp.c index 60ba0010e1..27e6e83a26 100644 --- a/src/switch_rtp.c +++ b/src/switch_rtp.c @@ -772,9 +772,7 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event) switch_channel_set_variable_name_printf(channel, "true", "zrtp_secure_media_confirmed_%s", type); switch_channel_set_variable_name_printf(channel, stream->session->sas1.buffer, "zrtp_sas1_string_%s", type); switch_channel_set_variable_name_printf(channel, stream->session->sas2.buffer, "zrtp_sas2_string", type); - - zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1)); - + zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)1); } } @@ -832,12 +830,6 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event) { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "User already enrolled!\n"); switch_channel_set_variable_name_printf(channel, "true", "zrtp_already_enrolled_%s", type); - - if (zrtp_status_ok == zrtp_session_get(stream->session, &zrtp_session_info)) { - if (zrtp_session_info.sas_is_ready) { - zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1)); - } - } } break; @@ -845,12 +837,6 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event) { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "New user enrolled!\n"); switch_channel_set_variable_name_printf(channel, "true", "zrtp_new_user_enrolled_%s", type); - - if (zrtp_status_ok == zrtp_session_get(stream->session, &zrtp_session_info)) { - if (zrtp_session_info.sas_is_ready) { - zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1)); - } - } } break; @@ -858,12 +844,6 @@ static void zrtp_event_callback(zrtp_stream_t *stream, unsigned event) { switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "User unenrolled!\n"); switch_channel_set_variable_name_printf(channel, "true", "zrtp_user_unenrolled_%s", type); - - if (zrtp_status_ok == zrtp_session_get(stream->session, &zrtp_session_info)) { - if (zrtp_session_info.sas_is_ready) { - zrtp_verified_set(zrtp_global, &stream->session->zid, &stream->session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1)); - } - } } break; @@ -3939,8 +3919,6 @@ SWITCH_DECLARE(switch_status_t) switch_rtp_zerocopy_read_frame(switch_rtp_t *rtp switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND); switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV); switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND); - zrtp_verified_set(zrtp_global, &rtp_session->zrtp_session->zid, - &rtp_session->zrtp_session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1)); rtp_session->zrtp_mitm_tries++; } } @@ -4509,8 +4487,6 @@ SWITCH_DECLARE(int) switch_rtp_write_frame(switch_rtp_t *rtp_session, switch_fra switch_clear_flag(rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND); switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_RECV); switch_clear_flag(other_rtp_session, SWITCH_ZRTP_FLAG_SECURE_MITM_SEND); - zrtp_verified_set(zrtp_global, &rtp_session->zrtp_session->zid, - &rtp_session->zrtp_session->peer_zid, (uint8_t)(zrtp_session_info.sas_is_verified ^ 1)); rtp_session->zrtp_mitm_tries++; } rtp_session->zrtp_mitm_tries++;