Commit e22087db authored by Adrien Béraud's avatar Adrien Béraud Committed by Guillaume Roguez

security: add daemon certificate store

WARNING: this patch breaks dhtcall backward compatibility!

* add certificates storing and various handling API
* bump opendht (ac492aaa7b)
* allows public incoming calls by default (new preference)

Refs #68196

Change-Id: I9f69f680135af26fce2b6a0ca115823686f4c7a9
Signed-off-by: Guillaume Roguez's avatarGuillaume Roguez <guillaume.roguez@savoirfairelinux.com>
parent 42b5e68c
......@@ -702,6 +702,251 @@
</arg>
</method>
<method name="getPinnedCertificates" tp:name-for-bindings="getPinnedCertificates">
<tp:added version="2.2.0"/>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="VectorString"/>
<arg type="as" name="certIds" direction="out">
<tp:docstring>
<p>A list of all known certificate IDs</p>
</tp:docstring>
</arg>
</method>
<method name="pinCertificate" tp:name-for-bindings="pinCertificate">
<tp:added version="2.2.0"/>
<arg type="ay" name="certificateRaw" direction="in">
<tp:docstring>
<p>A raw certificate (PEM or DER encoded) to be pinned.</p>
</tp:docstring>
</arg>
<arg type="b" name="local" direction="in">
<tp:docstring>
<p>True to save the certificate in the daemon local store.</p>
</tp:docstring>
</arg>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="String"/>
<arg type="s" name="certId" direction="out">
<tp:docstring>
<p>ID of the pinned certificate or empty string on failure.</p>
</tp:docstring>
</arg>
</method>
<method name="unpinCertificate" tp:name-for-bindings="unpinCertificate">
<tp:added version="2.2.0"/>
<arg type="s" name="certId" direction="in">
<tp:docstring>
<p>A certificate ID to unpin.</p>
</tp:docstring>
</arg>
<arg type="b" name="success" direction="out">
<tp:docstring>
<p>True if a certificate was unpinned.</p>
</tp:docstring>
</arg>
</method>
<method name="pinCertificatePath" tp:name-for-bindings="pinCertificatePath">
<tp:added version="2.2.0"/>
<arg type="s" name="certPath" direction="in">
<tp:docstring>
<p>A certificate path to be pinned (assumed non-local).</p>
</tp:docstring>
</arg>
</method>
<method name="unpinCertificatePath" tp:name-for-bindings="unpinCertificatePath">
<tp:added version="2.2.0"/>
<arg type="s" name="certPath" direction="in">
<tp:docstring>
<p>Certificates path.</p>
</tp:docstring>
</arg>
<arg type="u" name="unpinned" direction="out">
<tp:docstring>
<p>Number of unpinned certificates.</p>
</tp:docstring>
</arg>
</method>
<method name="pinRemoteCertificate" tp:name-for-bindings="pinRemoteCertificate">
<tp:added version="2.2.0"/>
<arg type="s" name="accountId" direction="in">
<tp:docstring>
<p>An account ID</p>
</tp:docstring>
</arg>
<arg type="s" name="certId" direction="in">
<tp:docstring>
<p>A certificate public key ID</p>
</tp:docstring>
</arg>
<arg type="b" name="success" direction="out">
<tp:docstring>
<p>True if the search started</p>
</tp:docstring>
</arg>
</method>
<method name="setCertificateStatus" tp:name-for-bindings="setCertificateStatus">
<tp:added version="2.2.0"/>
<arg type="s" name="accountId" direction="in">
<tp:docstring>
<p>An account ID</p>
</tp:docstring>
</arg>
<arg type="s" name="certId" direction="in">
<tp:docstring>
<p>A certificate ID</p>
</tp:docstring>
</arg>
<arg type="s" name="status" direction="in">
<tp:docstring>
The new status of the certificate for the specified account.
UNDEFINED : forget any previous certificate state for this account.
ALLOWED : consider the certificate as trusted for this account.
BANNED : consider the certificate as banned for this account.
</tp:docstring>
</arg>
<arg type="b" name="success" direction="out">
<tp:docstring>
<p>True if the certificate state was succesfully set.</p>
</tp:docstring>
</arg>
</method>
<method name="getCertificatesByStatus" tp:name-for-bindings="getCertificatesByStatus">
<tp:added version="2.2.0"/>
<arg type="s" name="accountId" direction="in">
<tp:docstring>
<p>An account ID</p>
</tp:docstring>
</arg>
<arg type="s" name="status" direction="in">
<tp:docstring>
The queried certificate status.
ALLOWED : trusted certificate for this account.
BANNED : banned certificate for this account.
</tp:docstring>
</arg>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="VectorString"/>
<arg type="as" name="list" direction="out">
<tp:docstring>
A list of certificate ids with the provided status
</tp:docstring>
</arg>
</method>
<signal name="certificateStateChanged" tp:name-for-bindings="certificateStateChanged">
<tp:added version="2.2.0"/>
<tp:docstring>
Notify clients that a certificate status have changed.
</tp:docstring>
<arg type="s" name="accountId">
</arg>
<arg type="s" name="certId">
</arg>
<arg type="s" name="state">
</arg>
</signal>
<signal name="certificatePinned" tp:name-for-bindings="certificatePinned">
<tp:added version="2.2.0"/>
<tp:docstring>
Notify clients that a certificate have been added to the store.
</tp:docstring>
<arg type="s" name="certId">
</arg>
</signal>
<signal name="certificatePathPinned" tp:name-for-bindings="certificatePathPinned">
<tp:added version="2.2.0"/>
<tp:docstring>
Notify clients that a certificate path have been added to the store.
</tp:docstring>
<arg type="s" name="path">
<tp:docstring>
Pinned path.
</tp:docstring>
</arg>
<arg type="as" name="certIds">
<tp:docstring>
A list of certificate ids.
</tp:docstring>
</arg>
</signal>
<signal name="certificateExpired" tp:name-for-bindings="certificateExpired">
<tp:added version="2.2.0"/>
<tp:docstring>
Notify clients that a certificate expired.
</tp:docstring>
<arg type="s" name="certId">
<tp:docstring>
A certificate id.
</tp:docstring>
</arg>
</signal>
<method name="getTrustRequests" tp:name-for-bindings="getTrustRequests">
<tp:added version="2.2.0"/>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="MapStringString"/>
<arg type="s" name="accountID" direction="in">
</arg>
<arg type="a{ss}" name="details" direction="out" tp:type="String_String_Map">
<tp:docstring>
A list of contact request details.
</tp:docstring>
</arg>
</method>
<method name="acceptTrustRequest" tp:name-for-bindings="acceptTrustRequest">
<tp:added version="2.2.0"/>
<arg type="s" name="accountID" direction="in">
</arg>
<arg type="s" name="from" direction="in">
</arg>
<arg type="b" name="success" direction="out" tp:type="Boolean">
<tp:docstring>
True if the operation succeeded.
</tp:docstring>
</arg>
</method>
<method name="discardTrustRequest" tp:name-for-bindings="discardTrustRequest">
<tp:added version="2.2.0"/>
<arg type="s" name="accountID" direction="in">
</arg>
<arg type="s" name="from" direction="in">
</arg>
<arg type="b" name="success" direction="out" tp:type="Boolean">
<tp:docstring>
True if the operation succeeded.
</tp:docstring>
</arg>
</method>
<signal name="incomingTrustRequest" tp:name-for-bindings="incomingTrustRequest">
<tp:added version="2.2.0"/>
<tp:docstring>
Notify clients that a new contact request has been received.
</tp:docstring>
<arg type="s" name="accountID">
</arg>
<arg type="s" name="from">
</arg>
<arg type="t" name="receiveTime">
</arg>
</signal>
<method name="sendTrustRequest" tp:name-for-bindings="sendTrustRequest">
<tp:added version="2.2.0"/>
<arg type="s" name="accountID" direction="in">
</arg>
<arg type="s" name="to" direction="in">
</arg>
</method>
<method name="getAddrFromInterfaceName" tp:name-for-bindings="getAddrFromInterfaceName">
<arg type="s" name="interface" direction="in">
</arg>
......
......@@ -184,6 +184,11 @@ DBusClient::initLibrary(int flags)
exportable_callback<ConfigurationSignal::RegistrationStateChanged>(bind(&DBusConfigurationManager::registrationStateChanged, confM, _1, _2, _3, _4)),
exportable_callback<ConfigurationSignal::VolatileDetailsChanged>(bind(&DBusConfigurationManager::volatileAccountDetailsChanged, confM, _1, _2)),
exportable_callback<ConfigurationSignal::Error>(bind(&DBusConfigurationManager::errorAlert, confM, _1)),
exportable_callback<ConfigurationSignal::IncomingTrustRequest>(bind(&DBusConfigurationManager::incomingTrustRequest, confM, _1, _2, _3 )),
exportable_callback<ConfigurationSignal::CertificatePinned>(bind(&DBusConfigurationManager::certificatePinned, confM, _1 )),
exportable_callback<ConfigurationSignal::CertificatePathPinned>(bind(&DBusConfigurationManager::certificatePathPinned, confM, _1, _2 )),
exportable_callback<ConfigurationSignal::CertificateExpired>(bind(&DBusConfigurationManager::certificateExpired, confM, _1 )),
exportable_callback<ConfigurationSignal::CertificateStateChanged>(bind(&DBusConfigurationManager::certificateStateChanged, confM, _1, _2, _3 )),
};
// Presence event handlers
......
......@@ -388,6 +388,78 @@ DBusConfigurationManager::getCertificateDetailsRaw(const std::vector<uint8_t>& c
return DRing::getCertificateDetailsRaw(certificate);
}
auto
DBusConfigurationManager::getPinnedCertificates() -> decltype(DRing::getPinnedCertificates())
{
return DRing::getPinnedCertificates();
}
auto
DBusConfigurationManager::pinCertificate(const std::vector<uint8_t>& certificate, const bool& local) -> decltype(DRing::pinCertificate(certificate, local))
{
return DRing::pinCertificate(certificate, local);
}
void
DBusConfigurationManager::pinCertificatePath(const std::string& certPath)
{
return DRing::pinCertificatePath(certPath);
}
auto
DBusConfigurationManager::unpinCertificate(const std::string& certId) -> decltype(DRing::unpinCertificate(certId))
{
return DRing::unpinCertificate(certId);
}
auto
DBusConfigurationManager::unpinCertificatePath(const std::string& p) -> decltype(DRing::unpinCertificatePath(p))
{
return DRing::unpinCertificatePath(p);
}
auto
DBusConfigurationManager::pinRemoteCertificate(const std::string& accountId, const std::string& certId) -> decltype(DRing::pinRemoteCertificate(accountId, certId))
{
return DRing::pinRemoteCertificate(accountId, certId);
}
auto
DBusConfigurationManager::setCertificateStatus(const std::string& accountId, const std::string& certId, const std::string& status) -> decltype(DRing::setCertificateStatus(accountId, certId, status))
{
return DRing::setCertificateStatus(accountId, certId, status);
}
auto
DBusConfigurationManager::getCertificatesByStatus(const std::string& accountId, const std::string& status) -> decltype(DRing::getCertificatesByStatus(accountId, status))
{
return DRing::getCertificatesByStatus(accountId, status);
}
auto
DBusConfigurationManager::getTrustRequests(const std::string& accountId) -> decltype(DRing::getTrustRequests(accountId))
{
return DRing::getTrustRequests(accountId);
}
auto
DBusConfigurationManager::acceptTrustRequest(const std::string& accountId, const std::string& from) -> decltype(DRing::acceptTrustRequest(accountId, from))
{
return DRing::acceptTrustRequest(accountId, from);
}
auto
DBusConfigurationManager::discardTrustRequest(const std::string& accountId, const std::string& from) -> decltype(DRing::discardTrustRequest(accountId, from))
{
return DRing::discardTrustRequest(accountId, from);
}
void
DBusConfigurationManager::sendTrustRequest(const std::string& accountId, const std::string& to)
{
DRing::sendTrustRequest(accountId, to);
}
auto
DBusConfigurationManager::getIp2IpDetails() -> decltype(DRing::getIp2IpDetails())
{
......
......@@ -4,6 +4,7 @@
* Author: Alexandre Bourget <alexandre.bourget@savoirfairelinux.com>
* Author: Emmanuel Milou <emmanuel.milou@savoirfairelinux.com>
* Author: Guillaume Carmel-Archambault <guillaume.carmel-archambault@savoirfairelinux.com>
* Author: Adrien Béraud <adrien.beraud@savoirfairelinux.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
......@@ -131,6 +132,18 @@ class DBusConfigurationManager :
std::map<std::string, std::string> validateCertificateRaw(const std::string& accountId, const std::vector<uint8_t>& certificate);
std::map<std::string, std::string> getCertificateDetails(const std::string& certificate);
std::map<std::string, std::string> getCertificateDetailsRaw(const std::vector<uint8_t>& certificate);
std::vector<std::string> getPinnedCertificates();
std::string pinCertificate(const std::vector<uint8_t>& certificate, const bool& local);
bool unpinCertificate(const std::string& certId);
void pinCertificatePath(const std::string& path);
unsigned unpinCertificatePath(const std::string& path);
bool pinRemoteCertificate(const std::string& accountId, const std::string& certId);
bool setCertificateStatus(const std::string& account, const std::string& certId, const std::string& status);
std::vector<std::string> getCertificatesByStatus(const std::string& account, const std::string& status);
std::map<std::string, std::string> getTrustRequests(const std::string& accountId);
bool acceptTrustRequest(const std::string& accountId, const std::string& from);
bool discardTrustRequest(const std::string& accountId, const std::string& from);
void sendTrustRequest(const std::string& accountId, const std::string& to);
};
#endif // __RING_DBUSCONFIGURATIONMANAGER_H__
......@@ -618,6 +618,7 @@ AC_CONFIG_FILES([Makefile \
src/media/video/osxvideo/Makefile \
src/media/video/winvideo/Makefile \
src/media/video/test/Makefile \
src/security/Makefile \
src/upnp/Makefile \
test/Makefile \
ringtones/Makefile \
......
# OPENDHT
OPENDHT_VERSION := 6c42df6c8adc2958b979299d423f51b4a64fe3c4
OPENDHT_VERSION := ac492aaa7bd71504c6856d0a7a1f86bf30fdf795
OPENDHT_URL := https://github.com/savoirfairelinux/opendht/archive/$(OPENDHT_VERSION).tar.gz
PKGS += opendht
......
......@@ -43,7 +43,7 @@ TLS_LIB = @GNUTLS_LIBS@
TLS_CFLAGS = @GNUTLS_CFLAGS@
endif
SUBDIRS = client media config hooks sip upnp $(IAX_SUBDIR) $(RINGACC_SUBDIR) $(INSTANT_MESSAGING_SUBDIR) $(RING_VIDEO_SUBDIR)
SUBDIRS = client media config hooks sip upnp security $(IAX_SUBDIR) $(RINGACC_SUBDIR) $(INSTANT_MESSAGING_SUBDIR) $(RING_VIDEO_SUBDIR)
# libring
......@@ -55,6 +55,7 @@ libring_la_LIBADD = \
./client/libclient.la \
./config/libconfig.la \
./hooks/libhooks.la \
./security/libsecurity.la \
./upnp/libupnpcontrol.la \
$(RINGACC_LIBA) \
$(IAX_LIBA) \
......
......@@ -39,7 +39,8 @@
#include "account_schema.h"
#include "manager.h"
#if HAVE_TLS && HAVE_DHT
#include "sip/tlsvalidator.h"
#include "security/tlsvalidator.h"
#include "security/certstore.h"
#endif
#include "logger.h"
#include "fileutils.h"
......@@ -49,7 +50,6 @@
#if HAVE_IAX
#include "iax/iaxaccount.h"
#endif
#include "security_const.h"
#include "audio/audiolayer.h"
#include "system_codec_container.h"
#include "account_const.h"
......@@ -66,7 +66,8 @@ namespace DRing {
constexpr unsigned CODECS_NOT_LOADED = 0x1000; /** Codecs not found */
using ring::SIPAccount;
using ring::TlsValidator;
using ring::tls::TlsValidator;
using ring::tls::CertificateStore;
using ring::DeviceType;
using ring::HookPreference;
......@@ -170,7 +171,7 @@ getCertificateDetails(const std::string& certificate)
{
#if HAVE_TLS && HAVE_DHT
try {
return TlsValidator{certificate,""}.getSerializedDetails();
return TlsValidator{CertificateStore::instance().getCertificate(certificate)}.getSerializedDetails();
} catch(const std::runtime_error& e) {
RING_WARN("Certificate loading failed");
}
......@@ -195,6 +196,67 @@ getCertificateDetailsRaw(const std::vector<uint8_t>& certificate_raw)
return {{}};
}
std::vector<std::string>
getPinnedCertificates()
{
#if HAVE_TLS && HAVE_DHT
return ring::tls::CertificateStore::instance().getPinnedCertificates();
#else
RING_WARN("TLS not supported");
#endif
return {};
}
std::string
pinCertificate(const std::vector<uint8_t>& certificate, bool local)
{
return ring::tls::CertificateStore::instance().pinCertificate(certificate, local);
}
void
pinCertificatePath(const std::string& path)
{
ring::tls::CertificateStore::instance().pinCertificatePath(path);
}
bool
unpinCertificate(const std::string& certId)
{
return ring::tls::CertificateStore::instance().unpinCertificate(certId);
}
unsigned
unpinCertificatePath(const std::string& path)
{
return ring::tls::CertificateStore::instance().unpinCertificatePath(path);
}
bool
pinRemoteCertificate(const std::string& accountId, const std::string& certId)
{
if (auto acc = ring::Manager::instance().getAccount<ring::RingAccount>(accountId))
return acc->findCertificate(certId);
return false;
}
bool
setCertificateStatus(const std::string& accountId, const std::string& certId, const std::string& ststr)
{
auto status = ring::tls::TrustStore::statusFromStr(ststr.c_str());
if (auto acc = ring::Manager::instance().getAccount<ring::RingAccount>(accountId))
return acc->setCertificateStatus(certId, status);
return false;
}
std::vector<std::string>
getCertificatesByStatus(const std::string& accountId, const std::string& ststr)
{
auto status = ring::tls::TrustStore::statusFromStr(ststr.c_str());
if (auto acc = ring::Manager::instance().getAccount<ring::RingAccount>(accountId))
return acc->getCertificatesByStatus(status);
return {};
}
void
setAccountDetails(const std::string& accountID, const std::map<std::string, std::string>& details)
{
......@@ -219,6 +281,38 @@ sendAccountTextMessage(const std::string& accountID, const std::string& to, cons
ring::Manager::instance().sendTextMessage(accountID, to, message);
}
/* contact requests */
std::map<std::string, std::string>
getTrustRequests(const std::string& accountId)
{
if (auto acc = ring::Manager::instance().getAccount<ring::RingAccount>(accountId))
return acc->getTrustRequests();
return {{}};
}
bool
acceptTrustRequest(const std::string& accountId, const std::string& from)
{
if (auto acc = ring::Manager::instance().getAccount<ring::RingAccount>(accountId))
return acc->acceptTrustRequest(from);
return false;
}
bool
discardTrustRequest(const std::string& accountId, const std::string& from)
{
if (auto acc = ring::Manager::instance().getAccount<ring::RingAccount>(accountId))
return acc->discardTrustRequest(from);
return false;
}
void
sendTrustRequest(const std::string& accountId, const std::string& to)
{
if (auto acc = ring::Manager::instance().getAccount<ring::RingAccount>(accountId))
acc->sendTrustRequest(to);
}
///This function is used as a base for new accounts for clients that support it
std::map<std::string, std::string>
getAccountTemplate(const std::string& accountType)
......
......@@ -70,6 +70,11 @@ getSignalHandlers()
exported_callback<DRing::ConfigurationSignal::StunStatusFailed>(),
exported_callback<DRing::ConfigurationSignal::RegistrationStateChanged>(),
exported_callback<DRing::ConfigurationSignal::VolatileDetailsChanged>(),
exported_callback<DRing::ConfigurationSignal::CertificatePinned>(),
exported_callback<DRing::ConfigurationSignal::CertificatePathPinned>(),
exported_callback<DRing::ConfigurationSignal::CertificateExpired>(),
exported_callback<DRing::ConfigurationSignal::CertificateStateChanged>(),
exported_callback<DRing::ConfigurationSignal::IncomingTrustRequest>(),
exported_callback<DRing::ConfigurationSignal::Error>(),
/* Presence */
......
......@@ -58,8 +58,6 @@ constexpr static char CONF_ID [] = "CONF_ID" ;
constexpr static char TIMESTAMP_START [] = "TIMESTAMP_START" ;
constexpr static char ACCOUNTID [] = "ACCOUNTID" ;
constexpr static char PEER_HOLDING [] = "PEER_HOLDING" ;
constexpr static char TLS_PEER_CERT [] = "TLS_PEER_CERT" ;
constexpr static char TLS_CIPHER [] = "TLS_CIPHER" ;
constexpr static char AUDIO_MUTED [] = "AUDIO_MUTED" ;
constexpr static char VIDEO_MUTED [] = "VIDEO_MUTED" ;
......
......@@ -42,6 +42,7 @@
#include <cstdint>
#include "dring.h"
#include "security_const.h"
namespace DRing {
......@@ -137,6 +138,25 @@ std::map<std::string, std::string> validateCertificateRaw(const std::string& acc
std::map<std::string, std::string> getCertificateDetails(const std::string& certificate);
std::map<std::string, std::string> getCertificateDetailsRaw(const std::vector<uint8_t>& certificate);
std::vector<std::string> getPinnedCertificates();
std::string pinCertificate(const std::vector<uint8_t>& certificate, bool local);
bool unpinCertificate(const std::string& certId);
void pinCertificatePath(const std::string& path);
unsigned unpinCertificatePath(const std::string& path);
bool pinRemoteCertificate(const std::string& accountId, const std::string& certId);
bool setCertificateStatus(const std::string& account, const std::string& certId, const std::string& status);
std::vector<std::string> getCertificatesByStatus(const std::string& account, const std::string& status);
/* contact requests */
std::map<std::string, std::string> getTrustRequests(const std::string& accountId);
bool acceptTrustRequest(const std::string& accountId, const std::string& from);
bool discardTrustRequest(const std::string& accountId, const std::string& from);
void sendTrustRequest(const std::string& accountId, const std::string& to);
// Configuration signal type definitions
struct ConfigurationSignal {
struct VolumeChanged {
......@@ -169,6 +189,26 @@ struct ConfigurationSignal {
constexpr static const char* name = "IncomingMessage";
using cb_type = void(const std::string& /*account_id*/, const std::string& /*from*/, const std::string& /*message*/);
};
struct IncomingTrustRequest {
constexpr static const char* name = "IncomingTrustRequest";
using cb_type = void(const std::string& /*account_id*/, const std::string& /*from*/, time_t received);
};
struct CertificatePinned {
constexpr static const char* name = "CertificatePinned";
using cb_type = void(const std::string& /*certId*/);
};
struct CertificatePathPinned {
constexpr static const char* name = "CertificatePathPinned";
using cb_type = void(const std::string& /*path*/, const std::vector<std::string>& /*certId*/);
};
struct CertificateExpired {
constexpr static const char* name = "CertificateExpired";
using cb_type = void(const std::string& /*certId*/);
};
struct CertificateStateChanged {
constexpr static const char* name = "CertificateStateChanged";
using cb_type = void(const std::string& /*account_id*/, const std::string& /*certId*/, const std::string& /*state*/);
};
};
} // namespace DRing
......
......@@ -34,6 +34,12 @@ namespace DRing {
namespace Certificate {
namespace Status {
constexpr static char UNDEFINED [] = "UNDEFINED";
constexpr static char ALLOWED [] = "ALLOWED";
constexpr static char BANNED [] = "BANNED";
} //namespace Dring::Certificate::Status
/**
* Those constantes are used by the ConfigurationManager.validateCertificate method
*/
......@@ -110,6 +116,13 @@ namespace CheckValuesNames {
} //namespace DRing::Certificate
namespace TlsTransport {
constexpr static char TLS_PEER_CERT [] = "TLS_PEER_CERT";
constexpr static char TLS_PEER_CA_NUM [] = "TLS_PEER_CA_NUM";
constexpr static char TLS_PEER_CA_ [] = "TLS_PEER_CA_";
constexpr static char TLS_CIPHER [] = "TLS_CIPHER";
} //namespace DRing::TlsTransport
} //namespace DRing
#endif
......@@ -81,7 +81,7 @@
#include "dring/call_const.h"
#if HAVE_TLS
#include "gnutls_support.h"
#include "security/gnutls_support.h"
#endif
#include "libav_utils.h"
......
This diff is collapsed.
......@@ -43,6 +43,7 @@
#include "ring_types.h" // enable_if_base_of
#include <opendht/dhtrunner.h>
#include <opendht/default_types.h>
#include <pjsip/sip_types.h>
......@@ -65,8 +66,11 @@ class Emitter;
namespace ring {
namespace Conf {
const char *const DHT_PORT_KEY = "dhtPort";
const char *const DHT_VALUES_PATH_KEY = "dhtValuesPath";
const char *const DHT_PORT_KEY = "dhtPort";
const char *const DHT_VALUES_PATH_KEY = "dhtValuesPath";
const char *const DHT_CONTACTS = "dhtContacts";
const char *const DHT_PUBLIC_PROFILE = "dhtPublicProfile";
const char *const DHT_PUBLIC_IN_CALLS = "dhtPublicInCalls";
}
namespace tls {
......@@ -80,6 +84,8 @@ class RingAccount : public SIPAccountBase {
constexpr static const char * const ACCOUNT_TYPE = "RING";
constexpr static const in_port_t DHT_DEFAULT_PORT = 4222;
constexpr static const char * const DHT_DEFAULT_BOOTSTRAP = "bootstrap.ring.cx";
constexpr static const char* const DHT_TYPE_NS = "cx.ring";
/* constexpr */ static const std::pair<uint16_t, uint16_t> DHT_PORT_RANGE;
const char* getAccountType() const {
......@@ -239,13 +245,23 @@ class RingAccount : public SIPAccountBase {
return false;
}
void registerCA(const dht::crypto::Certificate&);