FS-3071 Small fix on default value, and renaming the no-verify-date to verify-date.

1ddd29bf · Marc Olivier Chouinard · 9574ba27 · 1ddd29bf · 1ddd29bf · 1ddd29bf
--- a/conf/sip_profiles/external.xml
+++ b/conf/sip_profiles/external.xml
@@ -79,8 +79,8 @@
    <param name="tls-cert-dir" value="$${external_ssl_dir}"/>
    <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
    <param name="tls-passphrase" value=""/>
-    <!-- Don't verify the date on TLS certificates -->
+    <!-- Verify the date on TLS certificates -->
-    <param name="tls-no-verify-date" value="false"/>
+    <param name="tls-verify-date" value="true"/>
    <!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
    <!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
    <param name="tls-verify-policy" value="none"/>

--- a/conf/sip_profiles/internal.xml
+++ b/conf/sip_profiles/internal.xml
@@ -187,7 +187,7 @@
    <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
    <param name="tls-passphrase" value=""/>
    <!-- Don't verify the date on TLS certificates -->
-    <param name="tls-no-verify-date" value="false"/>
+    <param name="tls-verify-date" value="true"/>
    <!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
    <!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
    <param name="tls-verify-policy" value="none"/>

--- a/src/mod/endpoints/mod_sofia/mod_sofia.h
+++ b/src/mod/endpoints/mod_sofia/mod_sofia.h
@@ -641,7 +641,7 @@ struct sofia_profile {
 	uint32_t queued_events;
 	uint32_t cseq_base;
 	int tls_only;
-	int tls_no_verify_date;
+	int tls_verify_date;
 	enum tport_tls_verify_policy tls_verify_policy;
 	int tls_verify_depth;
 	char *tls_passphrase;

--- a/src/mod/endpoints/mod_sofia/sofia.c
+++ b/src/mod/endpoints/mod_sofia/sofia.c
@@ -1882,7 +1882,7 @@ void *SWITCH_THREAD_FUNC sofia_profile_thread_run(switch_thread_t *thread, void
 							  TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
 									 TPTAG_TLS_VERIFY_DEPTH(profile->tls_verify_depth)),
 							  TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
-									 TPTAG_TLS_VERIFY_DATE(! profile->tls_no_verify_date)),
+									 TPTAG_TLS_VERIFY_DATE(profile->tls_verify_date)),
 							  TAG_IF(sofia_test_pflag(profile, PFLAG_TLS) && profile->tls_verify_in_subjects,
 									  TPTAG_TLS_VERIFY_SUBJECTS(profile->tls_verify_in_subjects)),
 							  TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
@@ -3478,9 +3478,6 @@ switch_status_t reconfig_sofia(sofia_profile_t *profile)
 						}
 					}
 				}
-				profile->tls_verify_policy = TPTLS_VERIFY_NONE;
-				/* lib default */
-				profile->tls_verify_depth = 2;
 				switch_event_destroy(&xml_params);
 			}
@@ -3687,6 +3684,11 @@ switch_status_t config_sofia(int reload, char *profile_name)
 				profile->ndlb |= PFLAG_NDLB_ALLOW_NONDUP_SDP;
 				profile->te = 101;
+                                profile->tls_verify_policy = TPTLS_VERIFY_NONE;
+                                /* lib default */
+                                profile->tls_verify_depth = 2;
+				profile->tls_verify_date = SWITCH_TRUE;
 				for (param = switch_xml_child(settings, "param"); param; param = param->next) {
 					char *var = (char *) switch_xml_attr_soft(param, "name");
 					char *val = (char *) switch_xml_attr_soft(param, "value");
@@ -4422,8 +4424,8 @@ switch_status_t config_sofia(int reload, char *profile_name)
 						profile->tls_bind_params = switch_core_strdup(profile->pool, val);
 					} else if (!strcasecmp(var, "tls-only")) {
 						profile->tls_only = switch_true(val);
-					} else if (!strcasecmp(var, "tls-no-verify-date")) {
+					} else if (!strcasecmp(var, "tls-verify-date")) {
-						profile->tls_no_verify_date = switch_true(val);
+						profile->tls_verify_date = switch_true(val);
 					} else if (!strcasecmp(var, "tls-verify-depth")) {
 						profile->tls_verify_depth = atoi(val);
 					} else if (!strcasecmp(var, "tls-verify-policy")) {