aboutsummaryrefslogtreecommitdiff
path: root/plugins/ice/src/transport_parameters.vala
diff options
context:
space:
mode:
authorMarvin W <git@larma.de>2022-02-09 23:52:47 +0100
committerMarvin W <git@larma.de>2022-02-09 23:58:54 +0100
commit28248607f03bfd3e5fc6b29e0528edfd4f04a601 (patch)
treeda8b17bdf223758306fc300e9b98d6b48218ceb7 /plugins/ice/src/transport_parameters.vala
parent7718def74d46ee29c64d0fd2c0e84f9776012043 (diff)
downloaddino-28248607f03bfd3e5fc6b29e0528edfd4f04a601.tar.gz
dino-28248607f03bfd3e5fc6b29e0528edfd4f04a601.zip
DTLS: Handle DTLS fingerprint in transport-info before session-accept
Diffstat (limited to 'plugins/ice/src/transport_parameters.vala')
-rw-r--r--plugins/ice/src/transport_parameters.vala29
1 files changed, 27 insertions, 2 deletions
diff --git a/plugins/ice/src/transport_parameters.vala b/plugins/ice/src/transport_parameters.vala
index fdeebb82..66dde8b1 100644
--- a/plugins/ice/src/transport_parameters.vala
+++ b/plugins/ice/src/transport_parameters.vala
@@ -160,13 +160,25 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
}
}
+ private bool bytes_equal(uint8[] a1, uint8[] a2) {
+ return a1.length == a2.length && Memory.cmp(a1, a2, a1.length) == 0;
+ }
+
public override void handle_transport_accept(StanzaNode transport) throws Jingle.IqError {
debug("on_transport_accept from %s", peer_full_jid.to_string());
base.handle_transport_accept(transport);
if (dtls_srtp_handler != null && peer_fingerprint != null) {
- dtls_srtp_handler.peer_fingerprint = peer_fingerprint;
- dtls_srtp_handler.peer_fp_algo = peer_fp_algo;
+ if (dtls_srtp_handler.peer_fingerprint != null) {
+ if (!bytes_equal(dtls_srtp_handler.peer_fingerprint, peer_fingerprint)) {
+ warning("Tried to replace certificate fingerprint mid use. We don't allow that.");
+ peer_fingerprint = dtls_srtp_handler.peer_fingerprint;
+ peer_fp_algo = dtls_srtp_handler.peer_fp_algo;
+ }
+ } else {
+ dtls_srtp_handler.peer_fingerprint = peer_fingerprint;
+ dtls_srtp_handler.peer_fp_algo = peer_fp_algo;
+ }
if (peer_setup == "passive") {
dtls_srtp_handler.mode = DtlsSrtp.Mode.CLIENT;
dtls_srtp_handler.stop_dtls_connection();
@@ -186,6 +198,19 @@ public class Dino.Plugins.Ice.TransportParameters : JingleIceUdp.IceUdpTransport
debug("on_transport_info from %s", peer_full_jid.to_string());
base.handle_transport_info(transport);
+ if (dtls_srtp_handler != null && peer_fingerprint != null) {
+ if (dtls_srtp_handler.peer_fingerprint != null) {
+ if (!bytes_equal(dtls_srtp_handler.peer_fingerprint, peer_fingerprint)) {
+ warning("Tried to replace certificate fingerprint mid use. We don't allow that.");
+ peer_fingerprint = dtls_srtp_handler.peer_fingerprint;
+ peer_fp_algo = dtls_srtp_handler.peer_fp_algo;
+ }
+ } else {
+ dtls_srtp_handler.peer_fingerprint = peer_fingerprint;
+ dtls_srtp_handler.peer_fp_algo = peer_fp_algo;
+ }
+ }
+
if (!we_want_connection) return;
if (remote_ufrag != null && remote_pwd != null && !remote_credentials_set) {