Added connection parameter "ignore-tls-errors"

The client should be able to circumvent the newly strict behavior, if they don't care about the security of their connection.
author: Mikhail Zabaluev <mikhail.zabaluev@nokia.com> 2011-05-20 16:25:42 +0300
committer: Mikhail Zabaluev <mikhail.zabaluev@nokia.com> 2011-05-20 16:25:42 +0300
commit: 01d10bf1deca680b64592314a009ecccacdb1d9d (patch)
tree: 1d77f59ff14cbe719338bed28685fa926746a286 /src
parent: c63db60141b7330cca797e601e2f1d39343191fd (diff)
3 files changed, 26 insertions, 1 deletions
diff --git a/src/sip-connection-manager.c b/src/sip-connection-manager.c
index 34ca30f..2da4fe0 100644
--- a/src/sip-connection-manager.c
+++ b/src/sip-connection-manager.c
@@ -71,6 +71,7 @@ typedef struct {
     guint local_port;
     gchar *extra_auth_user;
     gchar *extra_auth_password;
+    gboolean ignore_tls_errors;
 } TpsipConnParams;
 
 static void *
@@ -121,6 +122,7 @@ enum {
     TPSIP_CONN_PARAM_LOCAL_PORT,
     TPSIP_CONN_PARAM_EXTRA_AUTH_USER,
     TPSIP_CONN_PARAM_EXTRA_AUTH_PASSWORD,
+    TPSIP_CONN_PARAM_IGNORE_TLS_ERRORS,
     N_TPSIP_CONN_PARAMS
 };
 
@@ -200,6 +202,10 @@ static const TpCMParamSpec tpsip_params[] = {
     { "extra-auth-password", DBUS_TYPE_STRING_AS_STRING, G_TYPE_STRING,
       TP_CONN_MGR_PARAM_FLAG_SECRET,
       NULL, G_STRUCT_OFFSET (TpsipConnParams, extra_auth_password) },
+      /* If true, TLS validation errors will be ignored */
+      { "ignore-tls-errors", DBUS_TYPE_BOOLEAN_AS_STRING, G_TYPE_BOOLEAN,
+        TP_CONN_MGR_PARAM_FLAG_HAS_DEFAULT, GUINT_TO_POINTER(FALSE),
+        G_STRUCT_OFFSET (TpsipConnParams, ignore_tls_errors) },
     { NULL, NULL, 0, 0, NULL, 0 }
 };
 
@@ -549,5 +555,9 @@ tpsip_connection_manager_new_connection (TpBaseConnectionManager *base,
   SET_PROPERTY_IF_PARAM_SET ("extra-auth-password", TPSIP_CONN_PARAM_EXTRA_AUTH_PASSWORD,
       params->extra_auth_password);
 
+  SET_PROPERTY_IF_PARAM_SET ("ignore-tls-errors",
+      TPSIP_CONN_PARAM_IGNORE_TLS_ERRORS,
+      params->ignore_tls_errors);
+
   return connection;
 }
diff --git a/src/sip-connection-private.h b/src/sip-connection-private.h
index 6a7efcf..f79fa93 100644
--- a/src/sip-connection-private.h
+++ b/src/sip-connection-private.h
@@ -69,6 +69,7 @@ struct _TpsipConnectionPrivate
   gboolean loose_routing;
   gboolean discover_binding;
   gboolean immutable_streams;
+  gboolean ignore_tls_errors;
 
   gboolean keepalive_interval_specified;
 
diff --git a/src/sip-connection.c b/src/sip-connection.c
index 3651f13..9ad8fff 100644
--- a/src/sip-connection.c
+++ b/src/sip-connection.c
@@ -103,6 +103,7 @@ enum
   PROP_LOCAL_PORT,         /**< Local port for SIP (normally not needed, chosen by stack) */
   PROP_EXTRA_AUTH_USER,	   /**< User name to use for extra authentication challenges */
   PROP_EXTRA_AUTH_PASSWORD,/**< Password to use for extra authentication challenges */
+  PROP_IGNORE_TLS_ERRORS,  /**< If true, TLS errors will be ignored */
   PROP_SOFIA_ROOT,         /**< Event root pointer from the Sofia-SIP stack */
   LAST_PROPERTY
 };
@@ -304,6 +305,9 @@ tpsip_connection_set_property (GObject      *object,
     priv->extra_auth_password =  g_value_dup_string (value);
     break;
   }
+  case PROP_IGNORE_TLS_ERRORS:
+    priv->ignore_tls_errors = g_value_get_boolean (value);
+    break;
   case PROP_SOFIA_ROOT: {
     priv->sofia_root = g_value_get_pointer (value);
     break;
@@ -393,6 +397,9 @@ tpsip_connection_get_property (GObject      *object,
     g_value_set_uint (value, priv->local_port);
     break;
   }
+  case PROP_IGNORE_TLS_ERRORS:
+    g_value_set_boolean (value, priv->ignore_tls_errors);
+    break;
   case PROP_SOFIA_ROOT: {
     g_value_set_pointer (value, priv->sofia_root);
     break;
@@ -585,6 +592,12 @@ tpsip_connection_class_init (TpsipConnectionClass *klass)
       G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
   INST_PROP(PROP_EXTRA_AUTH_PASSWORD);
 
+  param_spec = g_param_spec_boolean ("ignore-tls-errors", "Ignore TLS errors",
+      "If true, the TLS verification errors will be ignored",
+      FALSE,
+      G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS);
+  INST_PROP(PROP_IGNORE_TLS_ERRORS);
+
 #undef INST_PROP
 
   tp_dbus_properties_mixin_class_init (object_class,
@@ -930,7 +943,8 @@ tpsip_connection_start_connecting (TpBaseConnection *base,
       NUTAG_AUTOANSWER(0),
       NUTAG_APPL_METHOD("MESSAGE"),
       SIPTAG_ALLOW_STR("INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, UPDATE"),
-      TPTAG_TLS_VERIFY_POLICY(TPTLS_VERIFY_ALL),
+      TAG_IF(!priv->ignore_tls_errors,
+             TPTAG_TLS_VERIFY_POLICY(TPTLS_VERIFY_ALL)),
       TAG_NULL());
   if (priv->sofia_nua == NULL)
     {
author	Mikhail Zabaluev <mikhail.zabaluev@nokia.com>	2011-05-20 16:25:42 +0300
committer	Mikhail Zabaluev <mikhail.zabaluev@nokia.com>	2011-05-20 16:25:42 +0300
commit	01d10bf1deca680b64592314a009ecccacdb1d9d (patch)
tree	1d77f59ff14cbe719338bed28685fa926746a286 /src
parent	c63db60141b7330cca797e601e2f1d39343191fd (diff)