Skip to content
Snippets Groups Projects
Select Git revision
  • 26365c938f1868e8a034ef8d38eb81be39f09c7b
  • master default protected
2 results

peer_connection.cpp

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    peer_connection.cpp 13.80 KiB
    /*
     *  Copyright (C) 2004-2023 Savoir-faire Linux Inc.
     *
     *  This program is free software: you can redistribute it and/or modify
     *  it under the terms of the GNU General Public License as published by
     *  the Free Software Foundation, either version 3 of the License, or
     *  (at your option) any later version.
     *
     *  This program is distributed in the hope that it will be useful,
     *  but WITHOUT ANY WARRANTY; without even the implied warranty of
     *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
     *  GNU General Public License for more details.
     *
     *  You should have received a copy of the GNU General Public License
     *  along with this program. If not, see <https://www.gnu.org/licenses/>.
     */
    #include "peer_connection.h"
    #include "tls_session.h"
    
    #include <opendht/thread_pool.h>
    #include <opendht/logger.h>
    
    #include <algorithm>
    #include <chrono>
    #include <future>
    #include <vector>
    #include <atomic>
    #include <stdexcept>
    #include <istream>
    #include <ostream>
    #include <unistd.h>
    #include <cstdio>
    
    #ifdef _WIN32
    #include <winsock2.h>
    #include <ws2tcpip.h>
    #else
    #include <sys/select.h>
    #endif
    
    #ifndef _MSC_VER
    #include <sys/time.h>
    #endif
    
    static constexpr int ICE_COMP_ID_SIP_TRANSPORT {1};
    
    namespace dhtnet {
    
    int
    init_crt(gnutls_session_t session, dht::crypto::Certificate& crt)
    {
        // Support only x509 format
        if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) {
            return GNUTLS_E_CERTIFICATE_ERROR;
        }
    
        // Store verification status
        unsigned int status = 0;
        auto ret = gnutls_certificate_verify_peers2(session, &status);
        if (ret < 0 or (status & GNUTLS_CERT_SIGNATURE_FAILURE) != 0) {
            return GNUTLS_E_CERTIFICATE_ERROR;
        }
    
        unsigned int cert_list_size = 0;
        auto cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
        if (cert_list == nullptr) {
            return GNUTLS_E_CERTIFICATE_ERROR;
        }
    
        // Check if received peer certificate is awaited