mirror of
https://github.com/servalproject/serval-dna.git
synced 2025-03-10 22:43:54 +00:00
39fc4ce6de
Replace the main-loop scheduled periodic alarm with an "activate" alarm that is scheduled whenever a fetch candidate is added to any queue, unless the alarm is already scheduled. Replace the "rhizome.fetch_interval_ms" config item with "rhizome.fetch_delay_ms" [default 50], which is the number of milliseconds between adding a fetch candidate and firing the "activate" alarm. This allows time for a few more Rhizome advertisment packets to arrive after the first one, before deciding which fetches to start first. Add new `is_scheduled()` alarm primitive.
When we were looking at implementing secure calls for OpenBTS it was suggested that we configure Asterisk to use SIPS/ZRTP. This would have been relatively easy to setup, however there are a few problems. Number one is that when Asterisk checks the certificates it will either validate the certificate (checking the chain of trust and so on) and then check that the common name attribute on the certificate matches the hostname of the peer, or it will do none of these checks. This code is in main/tcptls.c line 206 (in version 1.8.14.1). This is undesirable in a setup where there is limited or no infrastructure as there is not likely to be a DNS server setup, or even rigid IP assignments that would allow a static hosts file based setup. This situation would force the administrator to disable the checks completely which would allow a trivial man in the middle attack. It would be possible to modify Asterisk to have a third way where it validates the certificate and checks the chain of trust but does not look at the common name. We decided against this approach as the VOMP channel driver was written in time to avoid it.