mirror of
https://github.com/servalproject/serval-dna.git
synced 2025-02-22 10:10:54 +00:00
6954325b04
Fixes #21. The problem was caused when the double-fork logic used in "servald start" was clobbered in 5103176. This meant that the servald daemon process on Android no longer had a PPID=1, but the PID of the long-lived "org.servalproject" parent process which called the JNI entry point. Killing the servald process then caused it to become a zombie process, since the org.servalproject does not habitually call wait(2). That caused the "servald stop" logic to send five SIGHUPs to the zombie without any error, making it appear that the process was not dying. Reinstated the double-fork logic and added a new test case to ensure that the daemon process does not become a zombie on being killed prematurely.
When we were looking at implementing secure calls for OpenBTS it was suggested that we configure Asterisk to use SIPS/ZRTP. This would have been relatively easy to setup, however there are a few problems. Number one is that when Asterisk checks the certificates it will either validate the certificate (checking the chain of trust and so on) and then check that the common name attribute on the certificate matches the hostname of the peer, or it will do none of these checks. This code is in main/tcptls.c line 206 (in version 1.8.14.1). This is undesirable in a setup where there is limited or no infrastructure as there is not likely to be a DNS server setup, or even rigid IP assignments that would allow a static hosts file based setup. This situation would force the administrator to disable the checks completely which would allow a trivial man in the middle attack. It would be possible to modify Asterisk to have a third way where it validates the certificate and checks the chain of trust but does not look at the common name. We decided against this approach as the VOMP channel driver was written in time to avoid it.