More ticket #1032:

 - Updated transport state notification callback to return void.
 - Updated transport state enum to only contain connected and disconnected, no more bitmask value.
 - Added direction field to SIP transport.
 - Removed remote hostname hash from transport key.
 - Updated cert info dump to return -1 when buffer is insufficient.
 - Added new error code PJSIP_TLS_ECERTVERIF.
 - Updated get_cert_name() in ssl_sock_symbian.c to use heap buffer instead of stack.
 - Minors, e.g: added prefix PJ in cipher types, docs.




git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@3110 74dad513-b988-da41-8d7b-12977e46ad98

17 files changed, 384 insertions, 386 deletions

diff --git a/pjlib/include/pj/ssl_sock.h b/pjlib/include/pj/ssl_sock.h
index f9fc69b0..c14c85c4 100644
--- a/pjlib/include/pj/ssl_sock.h
+++ b/pjlib/include/pj/ssl_sock.h
@@ -154,7 +154,8 @@ typedef struct pj_ssl_cert_info {
     struct {
         pj_str_t	cn;	    /**< Common name		*/
         pj_str_t	info;	    /**< One line subject, fields
-					 are separated by slash */
+					 are separated by slash, e.g:
+					 "CN=sample.org/OU=HRD" */
     } subject;			    /**< Subject		*/
 
     struct {
@@ -206,16 +207,17 @@ PJ_DECL(pj_status_t) pj_ssl_cert_load_from_files(pj_pool_t *pool,
  * Dump SSL certificate info.
  *
  * @param ci		The certificate info.
- * @param prefix	Prefix string for each line.
+ * @param indent	String for left indentation.
  * @param buf		The buffer where certificate info will be printed on.
  * @param buf_size	The buffer size.
  *
- * @return		PJ_SUCCESS when successful.
+ * @return		The length of the dump result, or -1 when buffer size
+ *			is not sufficient.
  */
-PJ_DECL(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
-					   const char *prefix,
-					   char *buf,
-					   pj_size_t buf_size);
+PJ_DECL(pj_ssize_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
+					  const char *indent,
+					  char *buf,
+					  pj_size_t buf_size);
 
 
 /**
@@ -230,7 +232,8 @@ PJ_DECL(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
  *
  * @return		PJ_SUCCESS when successful.
  */
-PJ_DECL(pj_status_t) pj_ssl_cert_verify_error_st(pj_uint32_t verify_status, 
+PJ_DECL(pj_status_t) pj_ssl_cert_get_verify_status_strings(
+						 pj_uint32_t verify_status, 
 						 const char *error_strings[],
 						 unsigned *count);
 
@@ -241,77 +244,77 @@ PJ_DECL(pj_status_t) pj_ssl_cert_verify_error_st(pj_uint32_t verify_status,
 typedef enum pj_ssl_cipher {
 
     /* NULL */
-    TLS_NULL_WITH_NULL_NULL               = 0x00000000,
+    PJ_TLS_NULL_WITH_NULL_NULL               	= 0x00000000,
 
     /* TLS/SSLv3 */
-    TLS_RSA_WITH_NULL_MD5                 = 0x00000001,
-    TLS_RSA_WITH_NULL_SHA                 = 0x00000002,
-    TLS_RSA_WITH_NULL_SHA256              = 0x0000003B,
-    TLS_RSA_WITH_RC4_128_MD5              = 0x00000004,
-    TLS_RSA_WITH_RC4_128_SHA              = 0x00000005,
-    TLS_RSA_WITH_3DES_EDE_CBC_SHA         = 0x0000000A,
-    TLS_RSA_WITH_AES_128_CBC_SHA          = 0x0000002F,
-    TLS_RSA_WITH_AES_256_CBC_SHA          = 0x00000035,
-    TLS_RSA_WITH_AES_128_CBC_SHA256       = 0x0000003C,
-    TLS_RSA_WITH_AES_256_CBC_SHA256       = 0x0000003D,
-    TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA      = 0x0000000D,
-    TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA      = 0x00000010,
-    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA     = 0x00000013,
-    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA     = 0x00000016,
-    TLS_DH_DSS_WITH_AES_128_CBC_SHA       = 0x00000030,
-    TLS_DH_RSA_WITH_AES_128_CBC_SHA       = 0x00000031,
-    TLS_DHE_DSS_WITH_AES_128_CBC_SHA      = 0x00000032,
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA      = 0x00000033,
-    TLS_DH_DSS_WITH_AES_256_CBC_SHA       = 0x00000036,
-    TLS_DH_RSA_WITH_AES_256_CBC_SHA       = 0x00000037,
-    TLS_DHE_DSS_WITH_AES_256_CBC_SHA      = 0x00000038,
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA      = 0x00000039,
-    TLS_DH_DSS_WITH_AES_128_CBC_SHA256    = 0x0000003E,
-    TLS_DH_RSA_WITH_AES_128_CBC_SHA256    = 0x0000003F,
-    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256   = 0x00000040,
-    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256   = 0x00000067,
-    TLS_DH_DSS_WITH_AES_256_CBC_SHA256    = 0x00000068,
-    TLS_DH_RSA_WITH_AES_256_CBC_SHA256    = 0x00000069,
-    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256   = 0x0000006A,
-    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   = 0x0000006B,
-    TLS_DH_anon_WITH_RC4_128_MD5          = 0x00000018,
-    TLS_DH_anon_WITH_3DES_EDE_CBC_SHA     = 0x0000001B,
-    TLS_DH_anon_WITH_AES_128_CBC_SHA      = 0x00000034,
-    TLS_DH_anon_WITH_AES_256_CBC_SHA      = 0x0000003A,
-    TLS_DH_anon_WITH_AES_128_CBC_SHA256   = 0x0000006C,
-    TLS_DH_anon_WITH_AES_256_CBC_SHA256   = 0x0000006D,
+    PJ_TLS_RSA_WITH_NULL_MD5                 	= 0x00000001,
+    PJ_TLS_RSA_WITH_NULL_SHA                 	= 0x00000002,
+    PJ_TLS_RSA_WITH_NULL_SHA256              	= 0x0000003B,
+    PJ_TLS_RSA_WITH_RC4_128_MD5              	= 0x00000004,
+    PJ_TLS_RSA_WITH_RC4_128_SHA              	= 0x00000005,
+    PJ_TLS_RSA_WITH_3DES_EDE_CBC_SHA         	= 0x0000000A,
+    PJ_TLS_RSA_WITH_AES_128_CBC_SHA          	= 0x0000002F,
+    PJ_TLS_RSA_WITH_AES_256_CBC_SHA          	= 0x00000035,
+    PJ_TLS_RSA_WITH_AES_128_CBC_SHA256       	= 0x0000003C,
+    PJ_TLS_RSA_WITH_AES_256_CBC_SHA256       	= 0x0000003D,
+    PJ_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA      	= 0x0000000D,
+    PJ_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA      	= 0x00000010,
+    PJ_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA     	= 0x00000013,
+    PJ_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA     	= 0x00000016,
+    PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA       	= 0x00000030,
+    PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA       	= 0x00000031,
+    PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA      	= 0x00000032,
+    PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA      	= 0x00000033,
+    PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA       	= 0x00000036,
+    PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA       	= 0x00000037,
+    PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA      	= 0x00000038,
+    PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA      	= 0x00000039,
+    PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA256    	= 0x0000003E,
+    PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA256    	= 0x0000003F,
+    PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256   	= 0x00000040,
+    PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256   	= 0x00000067,
+    PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA256    	= 0x00000068,
+    PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA256    	= 0x00000069,
+    PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256   	= 0x0000006A,
+    PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   	= 0x0000006B,
+    PJ_TLS_DH_anon_WITH_RC4_128_MD5          	= 0x00000018,
+    PJ_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA     	= 0x0000001B,
+    PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA      	= 0x00000034,
+    PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA      	= 0x0000003A,
+    PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA256   	= 0x0000006C,
+    PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA256   	= 0x0000006D,
 
     /* TLS (deprecated) */
-    TLS_RSA_EXPORT_WITH_RC4_40_MD5        = 0x00000003,
-    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    = 0x00000006,
-    TLS_RSA_WITH_IDEA_CBC_SHA             = 0x00000007,
-    TLS_RSA_EXPORT_WITH_DES40_CBC_SHA     = 0x00000008,
-    TLS_RSA_WITH_DES_CBC_SHA              = 0x00000009,
-    TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA  = 0x0000000B,
-    TLS_DH_DSS_WITH_DES_CBC_SHA           = 0x0000000C,
-    TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA  = 0x0000000E,
-    TLS_DH_RSA_WITH_DES_CBC_SHA           = 0x0000000F,
-    TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x00000011,
-    TLS_DHE_DSS_WITH_DES_CBC_SHA          = 0x00000012,
-    TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000014,
-    TLS_DHE_RSA_WITH_DES_CBC_SHA          = 0x00000015,
-    TLS_DH_anon_EXPORT_WITH_RC4_40_MD5    = 0x00000017,
-    TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x00000019,
-    TLS_DH_anon_WITH_DES_CBC_SHA          = 0x0000001A,
+    PJ_TLS_RSA_EXPORT_WITH_RC4_40_MD5        	= 0x00000003,
+    PJ_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5    	= 0x00000006,
+    PJ_TLS_RSA_WITH_IDEA_CBC_SHA             	= 0x00000007,
+    PJ_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA     	= 0x00000008,
+    PJ_TLS_RSA_WITH_DES_CBC_SHA              	= 0x00000009,
+    PJ_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA  	= 0x0000000B,
+    PJ_TLS_DH_DSS_WITH_DES_CBC_SHA           	= 0x0000000C,
+    PJ_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA  	= 0x0000000E,
+    PJ_TLS_DH_RSA_WITH_DES_CBC_SHA           	= 0x0000000F,
+    PJ_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 	= 0x00000011,
+    PJ_TLS_DHE_DSS_WITH_DES_CBC_SHA          	= 0x00000012,
+    PJ_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 	= 0x00000014,
+    PJ_TLS_DHE_RSA_WITH_DES_CBC_SHA          	= 0x00000015,
+    PJ_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5    	= 0x00000017,
+    PJ_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 	= 0x00000019,
+    PJ_TLS_DH_anon_WITH_DES_CBC_SHA          	= 0x0000001A,
 
     /* SSLv3 */
-    SSL_FORTEZZA_KEA_WITH_NULL_SHA        = 0x0000001C,
-    SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA= 0x0000001D,
-    SSL_FORTEZZA_KEA_WITH_RC4_128_SHA     = 0x0000001E,
+    PJ_SSL_FORTEZZA_KEA_WITH_NULL_SHA        	= 0x0000001C,
+    PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA	= 0x0000001D,
+    PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA     	= 0x0000001E,
     
     /* SSLv2 */
-    SSL_CK_RC4_128_WITH_MD5               = 0x00010080,
-    SSL_CK_RC4_128_EXPORT40_WITH_MD5      = 0x00020080,
-    SSL_CK_RC2_128_CBC_WITH_MD5           = 0x00030080,
-    SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5  = 0x00040080,
-    SSL_CK_IDEA_128_CBC_WITH_MD5          = 0x00050080,
-    SSL_CK_DES_64_CBC_WITH_MD5            = 0x00060040,
-    SSL_CK_DES_192_EDE3_CBC_WITH_MD5      = 0x000700C0
+    PJ_SSL_CK_RC4_128_WITH_MD5               	= 0x00010080,
+    PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5      	= 0x00020080,
+    PJ_SSL_CK_RC2_128_CBC_WITH_MD5           	= 0x00030080,
+    PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5  	= 0x00040080,
+    PJ_SSL_CK_IDEA_128_CBC_WITH_MD5          	= 0x00050080,
+    PJ_SSL_CK_DES_64_CBC_WITH_MD5            	= 0x00060040,
+    PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5      	= 0x000700C0
 
 } pj_ssl_cipher;
 
diff --git a/pjlib/src/pj/ssl_sock_common.c b/pjlib/src/pj/ssl_sock_common.c
index 988a8b2a..31b0b1e6 100644
--- a/pjlib/src/pj/ssl_sock_common.c
+++ b/pjlib/src/pj/ssl_sock_common.c
@@ -30,77 +30,77 @@ typedef struct cipher_name_t {
 /* Cipher name constants */
 static cipher_name_t cipher_names[] =
 {
-    {TLS_NULL_WITH_NULL_NULL,               "NULL"},
+    {PJ_TLS_NULL_WITH_NULL_NULL,               "NULL"},
 
     /* TLS/SSLv3 */
-    {TLS_RSA_WITH_NULL_MD5,                 "TLS_RSA_WITH_NULL_MD5"},
-    {TLS_RSA_WITH_NULL_SHA,                 "TLS_RSA_WITH_NULL_SHA"},
-    {TLS_RSA_WITH_NULL_SHA256,              "TLS_RSA_WITH_NULL_SHA256"},
-    {TLS_RSA_WITH_RC4_128_MD5,              "TLS_RSA_WITH_RC4_128_MD5"},
-    {TLS_RSA_WITH_RC4_128_SHA,              "TLS_RSA_WITH_RC4_128_SHA"},
-    {TLS_RSA_WITH_3DES_EDE_CBC_SHA,         "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
-    {TLS_RSA_WITH_AES_128_CBC_SHA,          "TLS_RSA_WITH_AES_128_CBC_SHA"},
-    {TLS_RSA_WITH_AES_256_CBC_SHA,          "TLS_RSA_WITH_AES_256_CBC_SHA"},
-    {TLS_RSA_WITH_AES_128_CBC_SHA256,       "TLS_RSA_WITH_AES_128_CBC_SHA256"},
-    {TLS_RSA_WITH_AES_256_CBC_SHA256,       "TLS_RSA_WITH_AES_256_CBC_SHA256"},
-    {TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,      "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
-    {TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,      "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
-    {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,     "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
-    {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,     "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
-    {TLS_DH_DSS_WITH_AES_128_CBC_SHA,       "TLS_DH_DSS_WITH_AES_128_CBC_SHA"},
-    {TLS_DH_RSA_WITH_AES_128_CBC_SHA,       "TLS_DH_RSA_WITH_AES_128_CBC_SHA"},
-    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA,      "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"},
-    {TLS_DHE_RSA_WITH_AES_128_CBC_SHA,      "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
-    {TLS_DH_DSS_WITH_AES_256_CBC_SHA,       "TLS_DH_DSS_WITH_AES_256_CBC_SHA"},
-    {TLS_DH_RSA_WITH_AES_256_CBC_SHA,       "TLS_DH_RSA_WITH_AES_256_CBC_SHA"},
-    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA,      "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"},
-    {TLS_DHE_RSA_WITH_AES_256_CBC_SHA,      "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
-    {TLS_DH_DSS_WITH_AES_128_CBC_SHA256,    "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"},
-    {TLS_DH_RSA_WITH_AES_128_CBC_SHA256,    "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"},
-    {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,   "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"},
-    {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,   "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
-    {TLS_DH_DSS_WITH_AES_256_CBC_SHA256,    "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"},
-    {TLS_DH_RSA_WITH_AES_256_CBC_SHA256,    "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"},
-    {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,   "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"},
-    {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,   "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
-    {TLS_DH_anon_WITH_RC4_128_MD5,          "TLS_DH_anon_WITH_RC4_128_MD5"},
-    {TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,     "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"},
-    {TLS_DH_anon_WITH_AES_128_CBC_SHA,      "TLS_DH_anon_WITH_AES_128_CBC_SHA"},
-    {TLS_DH_anon_WITH_AES_256_CBC_SHA,      "TLS_DH_anon_WITH_AES_256_CBC_SHA"},
-    {TLS_DH_anon_WITH_AES_128_CBC_SHA256,   "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
-    {TLS_DH_anon_WITH_AES_256_CBC_SHA256,   "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
+    {PJ_TLS_RSA_WITH_NULL_MD5,                 "TLS_RSA_WITH_NULL_MD5"},
+    {PJ_TLS_RSA_WITH_NULL_SHA,                 "TLS_RSA_WITH_NULL_SHA"},
+    {PJ_TLS_RSA_WITH_NULL_SHA256,              "TLS_RSA_WITH_NULL_SHA256"},
+    {PJ_TLS_RSA_WITH_RC4_128_MD5,              "TLS_RSA_WITH_RC4_128_MD5"},
+    {PJ_TLS_RSA_WITH_RC4_128_SHA,              "TLS_RSA_WITH_RC4_128_SHA"},
+    {PJ_TLS_RSA_WITH_3DES_EDE_CBC_SHA,         "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {PJ_TLS_RSA_WITH_AES_128_CBC_SHA,          "TLS_RSA_WITH_AES_128_CBC_SHA"},
+    {PJ_TLS_RSA_WITH_AES_256_CBC_SHA,          "TLS_RSA_WITH_AES_256_CBC_SHA"},
+    {PJ_TLS_RSA_WITH_AES_128_CBC_SHA256,       "TLS_RSA_WITH_AES_128_CBC_SHA256"},
+    {PJ_TLS_RSA_WITH_AES_256_CBC_SHA256,       "TLS_RSA_WITH_AES_256_CBC_SHA256"},
+    {PJ_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,      "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {PJ_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,      "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {PJ_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,     "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {PJ_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,     "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA,       "TLS_DH_DSS_WITH_AES_128_CBC_SHA"},
+    {PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA,       "TLS_DH_RSA_WITH_AES_128_CBC_SHA"},
+    {PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA,      "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"},
+    {PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,      "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
+    {PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA,       "TLS_DH_DSS_WITH_AES_256_CBC_SHA"},
+    {PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA,       "TLS_DH_RSA_WITH_AES_256_CBC_SHA"},
+    {PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA,      "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"},
+    {PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,      "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
+    {PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA256,    "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"},
+    {PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA256,    "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"},
+    {PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,   "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"},
+    {PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,   "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
+    {PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA256,    "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"},
+    {PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA256,    "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"},
+    {PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,   "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"},
+    {PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,   "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
+    {PJ_TLS_DH_anon_WITH_RC4_128_MD5,          "TLS_DH_anon_WITH_RC4_128_MD5"},
+    {PJ_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,     "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"},
+    {PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA,      "TLS_DH_anon_WITH_AES_128_CBC_SHA"},
+    {PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA,      "TLS_DH_anon_WITH_AES_256_CBC_SHA"},
+    {PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA256,   "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
+    {PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA256,   "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
 
     /* TLS (deprecated) */
-    {TLS_RSA_EXPORT_WITH_RC4_40_MD5,        "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},
-    {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,    "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
-    {TLS_RSA_WITH_IDEA_CBC_SHA,             "TLS_RSA_WITH_IDEA_CBC_SHA"},
-    {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,     "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"},
-    {TLS_RSA_WITH_DES_CBC_SHA,              "TLS_RSA_WITH_DES_CBC_SHA"},
-    {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,  "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
-    {TLS_DH_DSS_WITH_DES_CBC_SHA,           "TLS_DH_DSS_WITH_DES_CBC_SHA"},
-    {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,  "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
-    {TLS_DH_RSA_WITH_DES_CBC_SHA,           "TLS_DH_RSA_WITH_DES_CBC_SHA"},
-    {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
-    {TLS_DHE_DSS_WITH_DES_CBC_SHA,          "TLS_DHE_DSS_WITH_DES_CBC_SHA"},
-    {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
-    {TLS_DHE_RSA_WITH_DES_CBC_SHA,          "TLS_DHE_RSA_WITH_DES_CBC_SHA"},
-    {TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,    "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"},
-    {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
-    {TLS_DH_anon_WITH_DES_CBC_SHA,          "TLS_DH_anon_WITH_DES_CBC_SHA"},
+    {PJ_TLS_RSA_EXPORT_WITH_RC4_40_MD5,        "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},
+    {PJ_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,    "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
+    {PJ_TLS_RSA_WITH_IDEA_CBC_SHA,             "TLS_RSA_WITH_IDEA_CBC_SHA"},
+    {PJ_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,     "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {PJ_TLS_RSA_WITH_DES_CBC_SHA,              "TLS_RSA_WITH_DES_CBC_SHA"},
+    {PJ_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,  "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {PJ_TLS_DH_DSS_WITH_DES_CBC_SHA,           "TLS_DH_DSS_WITH_DES_CBC_SHA"},
+    {PJ_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,  "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {PJ_TLS_DH_RSA_WITH_DES_CBC_SHA,           "TLS_DH_RSA_WITH_DES_CBC_SHA"},
+    {PJ_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {PJ_TLS_DHE_DSS_WITH_DES_CBC_SHA,          "TLS_DHE_DSS_WITH_DES_CBC_SHA"},
+    {PJ_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {PJ_TLS_DHE_RSA_WITH_DES_CBC_SHA,          "TLS_DHE_RSA_WITH_DES_CBC_SHA"},
+    {PJ_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,    "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"},
+    {PJ_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
+    {PJ_TLS_DH_anon_WITH_DES_CBC_SHA,          "TLS_DH_anon_WITH_DES_CBC_SHA"},
 
     /* SSLv3 */
-    {SSL_FORTEZZA_KEA_WITH_NULL_SHA,        "SSL_FORTEZZA_KEA_WITH_NULL_SHA"},
-    {SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA,"SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
-    {SSL_FORTEZZA_KEA_WITH_RC4_128_SHA,     "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
+    {PJ_SSL_FORTEZZA_KEA_WITH_NULL_SHA,        "SSL_FORTEZZA_KEA_WITH_NULL_SHA"},
+    {PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA,"SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
+    {PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA,     "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
 
     /* SSLv2 */
-    {SSL_CK_RC4_128_WITH_MD5,               "SSL_CK_RC4_128_WITH_MD5"},
-    {SSL_CK_RC4_128_EXPORT40_WITH_MD5,      "SSL_CK_RC4_128_EXPORT40_WITH_MD5"},
-    {SSL_CK_RC2_128_CBC_WITH_MD5,           "SSL_CK_RC2_128_CBC_WITH_MD5"},
-    {SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5,  "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5"},
-    {SSL_CK_IDEA_128_CBC_WITH_MD5,          "SSL_CK_IDEA_128_CBC_WITH_MD5"},
-    {SSL_CK_DES_64_CBC_WITH_MD5,            "SSL_CK_DES_64_CBC_WITH_MD5"},
-    {SSL_CK_DES_192_EDE3_CBC_WITH_MD5,      "SSL_CK_DES_192_EDE3_CBC_WITH_MD5"}
+    {PJ_SSL_CK_RC4_128_WITH_MD5,               "SSL_CK_RC4_128_WITH_MD5"},
+    {PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5,      "SSL_CK_RC4_128_EXPORT40_WITH_MD5"},
+    {PJ_SSL_CK_RC2_128_CBC_WITH_MD5,           "SSL_CK_RC2_128_CBC_WITH_MD5"},
+    {PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5,  "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5"},
+    {PJ_SSL_CK_IDEA_128_CBC_WITH_MD5,          "SSL_CK_IDEA_128_CBC_WITH_MD5"},
+    {PJ_SSL_CK_DES_64_CBC_WITH_MD5,            "SSL_CK_DES_64_CBC_WITH_MD5"},
+    {PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5,      "SSL_CK_DES_192_EDE3_CBC_WITH_MD5"}
 };
 
 
@@ -146,7 +146,8 @@ PJ_DEF(const char*) pj_ssl_cipher_name(pj_ssl_cipher cipher)
 
 
 
-PJ_DEF(pj_status_t) pj_ssl_cert_verify_error_st(pj_uint32_t verify_status, 
+PJ_DEF(pj_status_t) pj_ssl_cert_get_verify_status_strings(
+						pj_uint32_t verify_status, 
 						const char *error_strings[],
 						unsigned *count)
 {
diff --git a/pjlib/src/pj/ssl_sock_dump.c b/pjlib/src/pj/ssl_sock_dump.c
index 45a6f7ee..225897ff 100644
--- a/pjlib/src/pj/ssl_sock_dump.c
+++ b/pjlib/src/pj/ssl_sock_dump.c
@@ -27,16 +27,17 @@
 
 #define THIS_FILE	"ssl_sock_dump.c"
 
-#define CHECK_BUF_LEN()							\
-    if ((len < 0) || ((p+=len) >= end)) {				\
-	*(p-1) = '\0';							\
-	return PJ_ETOOSMALL;						\
-    }
-
-PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
-					  const char *prefix,
-					  char *buf,
-					  pj_size_t buf_size)
+#define CHECK_BUF_LEN()						\
+    if ((len < 0) || (len >= end-p)) {				\
+	*p = '\0';						\
+	return -1;						\
+    }								\
+    p += len;
+
+PJ_DEF(pj_ssize_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
+					 const char *indent,
+					 char *buf,
+					 pj_size_t buf_size)
 {
     const char *wdays[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
     pj_parsed_time pt1;
@@ -53,11 +54,11 @@ PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
 
     /* Version */
     len = pj_ansi_snprintf(p, end-p, "%sVersion    : v%d\n", 
-			   prefix, ci->version);
+			   indent, ci->version);
     CHECK_BUF_LEN();
     
     /* Serial number */
-    len = pj_ansi_snprintf(p, end-p, "%sSerial     : ", prefix);
+    len = pj_ansi_snprintf(p, end-p, "%sSerial     : ", indent);
     CHECK_BUF_LEN();
 
     for (i = 0; i < sizeof(ci->serial_no) && !ci->serial_no[i]; ++i);
@@ -68,35 +69,35 @@ PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
     *(p-1) = '\n';
     
     /* Subject */
-    len = pj_ansi_snprintf( p, end-p, "%sSubject    : %.*s\n", prefix,
+    len = pj_ansi_snprintf( p, end-p, "%sSubject    : %.*s\n", indent,
 			    ci->subject.cn.slen, 
 			    ci->subject.cn.ptr);
     CHECK_BUF_LEN();
-    len = pj_ansi_snprintf( p, end-p, "%s             %.*s\n", prefix,
+    len = pj_ansi_snprintf( p, end-p, "%s             %.*s\n", indent,
 			    ci->subject.info.slen,
 			    ci->subject.info.ptr);
     CHECK_BUF_LEN();
 
     /* Issuer */
-    len = pj_ansi_snprintf( p, end-p, "%sIssuer     : %.*s\n", prefix,
+    len = pj_ansi_snprintf( p, end-p, "%sIssuer     : %.*s\n", indent,
 			    ci->issuer.cn.slen,
 			    ci->issuer.cn.ptr);
     CHECK_BUF_LEN();
-    len = pj_ansi_snprintf( p, end-p, "%s             %.*s\n", prefix,
+    len = pj_ansi_snprintf( p, end-p, "%s             %.*s\n", indent,
 			    ci->issuer.info.slen,
 			    ci->issuer.info.ptr);
     CHECK_BUF_LEN();
 
     /* Validity period */
     len = pj_ansi_snprintf( p, end-p, "%sValid from : %s %4d-%02d-%02d "
-			    "%02d:%02d:%02d.%03d %s\n", prefix,
+			    "%02d:%02d:%02d.%03d %s\n", indent,
 			    wdays[pt1.wday], pt1.year, pt1.mon+1, pt1.day,
 			    pt1.hour, pt1.min, pt1.sec, pt1.msec,
 			    (ci->validity.gmt? "GMT":""));
     CHECK_BUF_LEN();
 
     len = pj_ansi_snprintf( p, end-p, "%sValid to   : %s %4d-%02d-%02d "
-			    "%02d:%02d:%02d.%03d %s\n", prefix,
+			    "%02d:%02d:%02d.%03d %s\n", indent,
 			    wdays[pt2.wday], pt2.year, pt2.mon+1, pt2.day,
 			    pt2.hour, pt2.min, pt2.sec, pt2.msec,
 			    (ci->validity.gmt? "GMT":""));
@@ -107,7 +108,7 @@ PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
 	unsigned i;
 
 	len = pj_ansi_snprintf(p, end-p, "%ssubjectAltName extension\n", 
-			       prefix);
+			       indent);
 	CHECK_BUF_LEN();
 
 	for (i = 0; i < ci->subj_alt_name.cnt; ++i) {
@@ -130,7 +131,7 @@ PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
 		break;
 	    }
 	    if (type) {
-		len = pj_ansi_snprintf( p, end-p, "%s      %s : %.*s\n", prefix, 
+		len = pj_ansi_snprintf( p, end-p, "%s      %s : %.*s\n", indent, 
 					type, 
 					ci->subj_alt_name.entry[i].name.slen, 
 					ci->subj_alt_name.entry[i].name.ptr);
@@ -139,7 +140,7 @@ PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci,
 	}
     }
 
-    return PJ_SUCCESS;
+    return (p-buf);
 }
 
 
diff --git a/pjlib/src/pj/ssl_sock_symbian.cpp b/pjlib/src/pj/ssl_sock_symbian.cpp
index ab808f62..65916d73 100644
--- a/pjlib/src/pj/ssl_sock_symbian.cpp
+++ b/pjlib/src/pj/ssl_sock_symbian.cpp
@@ -444,13 +444,12 @@ struct pj_ssl_sock_t
 };
 
 
-static pj_str_t get_cert_name(pj_pool_t *pool,
+static pj_str_t get_cert_name(char *buf, unsigned buf_len,
                               const CX500DistinguishedName &name)
 {
     TInt i;
-    char buf[1024];
     TUint8 *p;
-    TInt l = sizeof(buf);
+    TInt l = buf_len;
     
     p = (TUint8*)buf;
     for(i = 0; i < name.Count(); ++i) {
@@ -479,11 +478,10 @@ static pj_str_t get_cert_name(pj_pool_t *pool,
 	if (0 >= --l) break;
     }
     
-    pj_str_t src, res;
-    pj_strset(&src, buf, sizeof(buf) - l);
-    pj_strdup(pool, &res, &src);
+    pj_str_t src;
+    pj_strset(&src, buf, buf_len - l);
     
-    return res;
+    return src;
 }
                             
 /* Get certificate info from CX509Certificate.
@@ -491,10 +489,14 @@ static pj_str_t get_cert_name(pj_pool_t *pool,
 static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci,
                           const CX509Certificate *x)
 {
+    enum { tmp_buf_len = 512 };
+    char *tmp_buf;
     unsigned len;
     
     pj_assert(pool && ci && x);
     
+    /* Init */
+    tmp_buf = new char[tmp_buf_len];
     pj_bzero(ci, sizeof(*ci));
     
     /* Version */
@@ -518,7 +520,9 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci,
 	    ptr8.Copy(ptr16);
 	    pj_strset(&ci->subject.cn, (char*)ptr8.Ptr(), ptr8.Length());
 	}
-	ci->subject.info = get_cert_name(pool, x->SubjectName());
+	pj_str_t tmp = get_cert_name(tmp_buf, tmp_buf_len,
+				     x->SubjectName());
+	pj_strdup(pool, &ci->subject.info, &tmp);
     }
 
     /* Issuer */
@@ -532,7 +536,9 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci,
 	    ptr8.Copy(ptr16);
 	    pj_strset(&ci->issuer.cn, (char*)ptr8.Ptr(), ptr8.Length());
 	}
-	ci->issuer.info = get_cert_name(pool, x->IssuerName());
+	pj_str_t tmp = get_cert_name(tmp_buf, tmp_buf_len,
+				     x->IssuerName());
+	pj_strdup(pool, &ci->issuer.info, &tmp);
     }
     
     /* Validity */
@@ -543,6 +549,9 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci,
     ci->validity.start.sec = tmp_sec.Int(); 
     valid_period.Finish().SecondsFrom(base_time, tmp_sec);
     ci->validity.end.sec = tmp_sec.Int();
+    
+    /* Deinit */
+    delete [] tmp_buf;
 }
 
 
diff --git a/pjlib/src/pjlib-test/ssl_sock.c b/pjlib/src/pjlib-test/ssl_sock.c
index 6e0d4515..68769501 100644
--- a/pjlib/src/pjlib-test/ssl_sock.c
+++ b/pjlib/src/pjlib-test/ssl_sock.c
@@ -107,8 +107,8 @@ static void dump_ssl_info(const pj_ssl_sock_info *si)
 
 	/* Dump remote TLS certificate verification result */
 	verif_msg_cnt = PJ_ARRAY_SIZE(verif_msgs);
-	pj_ssl_cert_verify_error_st(si->verify_status,
-				    verif_msgs, &verif_msg_cnt);
+	pj_ssl_cert_get_verify_status_strings(si->verify_status,
+					      verif_msgs, &verif_msg_cnt);
 	PJ_LOG(3,("", ".....Remote certificate verification result: %s",
 		  (verif_msg_cnt == 1? verif_msgs[0]:"")));
 	if (verif_msg_cnt > 1) {
@@ -1153,44 +1153,44 @@ int ssl_sock_test(void)
 
 #ifndef PJ_SYMBIAN
 
-    PJ_LOG(3,("", "..echo test w/ TLSv1 and TLS_RSA_WITH_DES_CBC_SHA cipher"));
+    PJ_LOG(3,("", "..echo test w/ TLSv1 and PJ_TLS_RSA_WITH_DES_CBC_SHA cipher"));
     ret = echo_test(PJ_SSL_SOCK_PROTO_TLS1, PJ_SSL_SOCK_PROTO_TLS1, 
-		    TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, 
+		    PJ_TLS_RSA_WITH_DES_CBC_SHA, PJ_TLS_RSA_WITH_DES_CBC_SHA, 
 		    PJ_FALSE, PJ_FALSE);
     if (ret != 0)
 	return ret;
 
-    PJ_LOG(3,("", "..echo test w/ SSLv23 and TLS_RSA_WITH_AES_256_CBC_SHA cipher"));
+    PJ_LOG(3,("", "..echo test w/ SSLv23 and PJ_TLS_RSA_WITH_AES_256_CBC_SHA cipher"));
     ret = echo_test(PJ_SSL_SOCK_PROTO_SSL23, PJ_SSL_SOCK_PROTO_SSL23, 
-		    TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
+		    PJ_TLS_RSA_WITH_AES_256_CBC_SHA, PJ_TLS_RSA_WITH_AES_256_CBC_SHA,
 		    PJ_FALSE, PJ_FALSE);
     if (ret != 0)
 	return ret;
 
     PJ_LOG(3,("", "..echo test w/ incompatible proto"));
     ret = echo_test(PJ_SSL_SOCK_PROTO_TLS1, PJ_SSL_SOCK_PROTO_SSL3, 
-		    TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA,
+		    PJ_TLS_RSA_WITH_DES_CBC_SHA, PJ_TLS_RSA_WITH_DES_CBC_SHA,
 		    PJ_FALSE, PJ_FALSE);
     if (ret == 0)
 	return PJ_EBUG;
 
     PJ_LOG(3,("", "..echo test w/ incompatible ciphers"));
     ret = echo_test(PJ_SSL_SOCK_PROTO_DEFAULT, PJ_SSL_SOCK_PROTO_DEFAULT, 
-		    TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
+		    PJ_TLS_RSA_WITH_DES_CBC_SHA, PJ_TLS_RSA_WITH_AES_256_CBC_SHA,
 		    PJ_FALSE, PJ_FALSE);
     if (ret == 0)
 	return PJ_EBUG;
 
     PJ_LOG(3,("", "..echo test w/ client cert required but not provided"));
     ret = echo_test(PJ_SSL_SOCK_PROTO_DEFAULT, PJ_SSL_SOCK_PROTO_DEFAULT, 
-		    TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
+		    PJ_TLS_RSA_WITH_AES_256_CBC_SHA, PJ_TLS_RSA_WITH_AES_256_CBC_SHA,
 		    PJ_TRUE, PJ_FALSE);
     if (ret == 0)
 	return PJ_EBUG;
 
     PJ_LOG(3,("", "..echo test w/ client cert required and provided"));
     ret = echo_test(PJ_SSL_SOCK_PROTO_DEFAULT, PJ_SSL_SOCK_PROTO_DEFAULT, 
-		    TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA,
+		    PJ_TLS_RSA_WITH_AES_256_CBC_SHA, PJ_TLS_RSA_WITH_AES_256_CBC_SHA,
 		    PJ_TRUE, PJ_TRUE);
     if (ret != 0)
 	return ret;
diff --git a/pjsip-apps/src/pjsua/pjsua_app.c b/pjsip-apps/src/pjsua/pjsua_app.c
index d3cb8c82..083453a2 100644
--- a/pjsip-apps/src/pjsua/pjsua_app.c
+++ b/pjsip-apps/src/pjsua/pjsua_app.c
@@ -2790,8 +2790,9 @@ static void on_mwi_info(pjsua_acc_id acc_id, pjsua_mwi_info *mwi_info)
 /*
  * Transport status notification
  */
-static pj_bool_t on_transport_state(pjsip_transport *tp, pj_uint32_t state,
-				    const pjsip_transport_state_info *info)
+static void on_transport_state(pjsip_transport *tp, 
+			       pjsip_transport_state state,
+			       const pjsip_transport_state_info *info)
 {
     char host_port[128];
 
@@ -2800,38 +2801,37 @@ static pj_bool_t on_transport_state(pjsip_transport *tp, pj_uint32_t state,
 		     tp->remote_name.host.ptr,
 		     tp->remote_name.port);
 
-    if (state & PJSIP_TP_STATE_CONNECTED) {
-	PJ_LOG(3,(THIS_FILE, "SIP transport %s is connected to %s", 
-		 tp->type_name, host_port));
-    } 
-    else if (state & PJSIP_TP_STATE_ACCEPTED) {
-	PJ_LOG(3,(THIS_FILE, "SIP transport %s accepted %s",
-		 tp->type_name, host_port));
-    } 
-    else if (state & PJSIP_TP_STATE_DISCONNECTED) {
-	char buf[100];
+    switch (state) {
+    case PJSIP_TP_STATE_CONNECTED:
+	{
+	    PJ_LOG(3,(THIS_FILE, "SIP transport %s is connected to %s", 
+		     tp->type_name, host_port));
+	}
+	break;
 
-	snprintf(buf, sizeof(buf), "SIP transport %s is disconnected from %s",
-		 tp->type_name, host_port);
-	pjsua_perror(THIS_FILE, buf, info->status);
-    }
-    else if (state & PJSIP_TP_STATE_REJECTED) {
-	char buf[100];
+    case PJSIP_TP_STATE_DISCONNECTED:
+	{
+	    char buf[100];
 
-	snprintf(buf, sizeof(buf), "SIP transport %s rejected %s",
-		 tp->type_name, host_port);
-	pjsua_perror(THIS_FILE, buf, info->status);
+	    snprintf(buf, sizeof(buf), "SIP transport %s is disconnected from %s",
+		     tp->type_name, host_port);
+	    pjsua_perror(THIS_FILE, buf, info->status);
+	}
+	break;
+
+    default:
+	break;
     }
 
 #if defined(PJSIP_HAS_TLS_TRANSPORT) && PJSIP_HAS_TLS_TRANSPORT!=0
 
     if (!pj_ansi_stricmp(tp->type_name, "tls") && info->ext_info &&
 	(state == PJSIP_TP_STATE_CONNECTED || 
-	 (state & PJSIP_TP_STATE_TLS_VERIF_ERROR)))
+	 ((pjsip_tls_state_info*)info->ext_info)->
+			         ssl_sock_info->verify_status != PJ_SUCCESS))
     {
 	pjsip_tls_state_info *tls_info = (pjsip_tls_state_info*)info->ext_info;
-	pj_ssl_sock_info *ssl_sock_info = (pj_ssl_sock_info*)
-					  tls_info->ssl_sock_info;
+	pj_ssl_sock_info *ssl_sock_info = tls_info->ssl_sock_info;
 	char buf[2048];
 	const char *verif_msgs[32];
 	unsigned verif_msg_cnt;
@@ -2843,8 +2843,8 @@ static pj_bool_t on_transport_state(pjsip_transport *tp, pj_uint32_t state,
 
 	/* Dump server TLS certificate verification result */
 	verif_msg_cnt = PJ_ARRAY_SIZE(verif_msgs);
-	pj_ssl_cert_verify_error_st(ssl_sock_info->verify_status,
-				    verif_msgs, &verif_msg_cnt);
+	pj_ssl_cert_get_verify_status_strings(ssl_sock_info->verify_status,
+					      verif_msgs, &verif_msg_cnt);
 	PJ_LOG(3,(THIS_FILE, "TLS cert verification result of %s : %s",
 			     host_port,
 			     (verif_msg_cnt == 1? verif_msgs[0]:"")));
@@ -2854,7 +2854,7 @@ static pj_bool_t on_transport_state(pjsip_transport *tp, pj_uint32_t state,
 		PJ_LOG(3,(THIS_FILE, "- %s", verif_msgs[i]));
 	}
 
-	if (state & PJSIP_TP_STATE_TLS_VERIF_ERROR && 
+	if (ssl_sock_info->verify_status &&
 	    !app_config.udp_cfg.tls_setting.verify_server) 
 	{
 	    PJ_LOG(3,(THIS_FILE, "PJSUA is configured to ignore TLS cert "
@@ -2863,7 +2863,7 @@ static pj_bool_t on_transport_state(pjsip_transport *tp, pj_uint32_t state,
     }
 
 #endif
-    return PJ_TRUE;
+
 }
 
 /*
diff --git a/pjsip-apps/src/symbian_ua/ua.cpp b/pjsip-apps/src/symbian_ua/ua.cpp
index 620e75a7..fb4b3c92 100644
--- a/pjsip-apps/src/symbian_ua/ua.cpp
+++ b/pjsip-apps/src/symbian_ua/ua.cpp
@@ -273,8 +273,9 @@ static void on_call_replaced(pjsua_call_id old_call_id,
 /*
  * Transport status notification
  */
-static pj_bool_t on_transport_state(pjsip_transport *tp, pj_uint32_t state,
-				    const pjsip_transport_state_info *info)
+static void on_transport_state(pjsip_transport *tp, 
+                               pjsip_transport_state state,
+                               const pjsip_transport_state_info *info)
 {
     char host_port[128];
 
@@ -283,34 +284,32 @@ static pj_bool_t on_transport_state(pjsip_transport *tp, pj_uint32_t state,
 		     tp->remote_name.host.ptr,
 		     tp->remote_name.port);
 
-    if (state & PJSIP_TP_STATE_CONNECTED) {
-	PJ_LOG(3,(THIS_FILE, "SIP transport %s is connected to %s", 
-		 tp->type_name, host_port));
-    } 
-    else if (state & PJSIP_TP_STATE_ACCEPTED) {
-	PJ_LOG(3,(THIS_FILE, "SIP transport %s accepted %s",
-		 tp->type_name, host_port));
-    } 
-    else if (state & PJSIP_TP_STATE_DISCONNECTED) {
-	char buf[100];
-
-	snprintf(buf, sizeof(buf), "SIP transport %s is disconnected from %s",
-		 tp->type_name, host_port);
-	pjsua_perror(THIS_FILE, buf, info->status);
-    }
-    else if (state & PJSIP_TP_STATE_REJECTED) {
-	char buf[100];
+    switch (state) {
+    case PJSIP_TP_STATE_CONNECTED:
+	{
+	    PJ_LOG(3,(THIS_FILE, "SIP transport %s is connected to %s", 
+		     tp->type_name, host_port));
+	}
+	break;
+
+    case PJSIP_TP_STATE_DISCONNECTED:
+	{
+	    char buf[100];
 
-	snprintf(buf, sizeof(buf), "SIP transport %s rejected %s",
-		 tp->type_name, host_port);
-	pjsua_perror(THIS_FILE, buf, info->status);
+	    snprintf(buf, sizeof(buf), "SIP transport %s is disconnected from %s",
+		     tp->type_name, host_port);
+	    pjsua_perror(THIS_FILE, buf, info->status);
+	}
+	break;
+
+    default:
+	break;
     }
 
 #if defined(PJSIP_HAS_TLS_TRANSPORT) && PJSIP_HAS_TLS_TRANSPORT!=0
 
     if (!pj_ansi_stricmp(tp->type_name, "tls") && info->ext_info &&
-	(state == PJSIP_TP_STATE_CONNECTED || 
-	 (state & PJSIP_TP_STATE_TLS_VERIF_ERROR)))
+	state == PJSIP_TP_STATE_CONNECTED) 
     {
 	pjsip_tls_state_info *tls_info = (pjsip_tls_state_info*)info->ext_info;
 	pj_ssl_sock_info *ssl_sock_info = (pj_ssl_sock_info*)
@@ -324,7 +323,6 @@ static pj_bool_t on_transport_state(pjsip_transport *tp, pj_uint32_t state,
     }
 
 #endif
-    return PJ_TRUE;
 }
 
 
diff --git a/pjsip/include/pjsip/sip_errno.h b/pjsip/include/pjsip/sip_errno.h
index 802ab4a2..15f842a9 100644
--- a/pjsip/include/pjsip/sip_errno.h
+++ b/pjsip/include/pjsip/sip_errno.h
@@ -504,6 +504,11 @@ PJ_BEGIN_DECL
  * SSL negotiation has exceeded the maximum configured timeout.
  */
 #define PJSIP_TLS_ETIMEDOUT	(PJSIP_ERRNO_START_PJSIP+172)	/* 171172 */
+/**
+ * @hideinitializer
+ * SSL certificate verification error.
+ */
+#define PJSIP_TLS_ECERTVERIF	(PJSIP_ERRNO_START_PJSIP+173)	/* 171173 */
 
 
 /**
diff --git a/pjsip/include/pjsip/sip_transport.h b/pjsip/include/pjsip/sip_transport.h
index 9f6534cd..8da4d561 100644
--- a/pjsip/include/pjsip/sip_transport.h
+++ b/pjsip/include/pjsip/sip_transport.h
@@ -693,17 +693,30 @@ typedef struct pjsip_transport_key
     long		    type;
 
     /**
-     * Hash of host name.
-     */
-    pj_uint32_t		    hname;
-
-    /**
      * Destination address.
      */
     pj_sockaddr		    rem_addr;
 
 } pjsip_transport_key;
 
+
+/**
+ * Enumeration of transport direction types.
+ */
+typedef enum pjsip_transport_dir
+{
+    PJSIP_TP_DIR_NONE,		    /**< Direction not set, normally used by
+				         connectionless transports such as 
+					 UDP transport.			    */
+    PJSIP_TP_DIR_OUTGOING,	    /**< Outgoing connection or client mode,
+				         this is only for connection-oriented 
+					 transports.			    */
+    PJSIP_TP_DIR_INCOMING,	    /**< Incoming connection or server mode,
+					 this is only for connection-oriented
+					 transports.			    */
+} pjsip_transport_dir;
+
+
 /**
  * This structure represent the "public" interface of a SIP transport.
  * Applications normally extend this structure to include transport
@@ -731,6 +744,7 @@ struct pjsip_transport
     pj_sockaddr		    local_addr;	    /**< Bound address.		    */
     pjsip_host_port	    local_name;	    /**< Published name (eg. STUN). */
     pjsip_host_port	    remote_name;    /**< Remote address name.	    */
+    pjsip_transport_dir	    dir;	    /**< Connection direction.	    */
     
     pjsip_endpoint	   *endpt;	    /**< Endpoint instance.	    */
     pjsip_tpmgr		   *tpmgr;	    /**< Transport manager.	    */
@@ -1130,7 +1144,7 @@ PJ_DECL(pj_status_t) pjsip_tpmgr_acquire_transport(pjsip_tpmgr *mgr,
  * transport is found, a new one will be created.
  *
  * This is an internal function since normally application doesn't have access
- * to transport manager. Application should use pjsip_endpt_acquire_transport()
+ * to transport manager. Application should use pjsip_endpt_acquire_transport2()
  * instead.
  *
  * @param mgr	    The transport manager instance.
@@ -1244,35 +1258,26 @@ PJ_DECL(pj_status_t) pjsip_tpmgr_send_raw(pjsip_tpmgr *mgr,
 /**
  * Enumeration of transport state types.
  */
-typedef enum pjsip_transport_state_type {
-
-    /** Transport connected.	*/
-    PJSIP_TP_STATE_CONNECTED	    = (1 << 0),
-
-    /** Transport accepted.	*/
-    PJSIP_TP_STATE_ACCEPTED	    = (1 << 1),
-
-    /** Transport disconnected.	*/
-    PJSIP_TP_STATE_DISCONNECTED	    = (1 << 2),
-
-    /** Incoming connection rejected.	*/
-    PJSIP_TP_STATE_REJECTED	    = (1 << 3),
-
-    /** TLS verification error.	*/
-    PJSIP_TP_STATE_TLS_VERIF_ERROR  = (1 << 8)
-
-} pjsip_transport_state_type;
+typedef enum pjsip_transport_state
+{
+    PJSIP_TP_STATE_CONNECTED,	    /**< Transport connected, applicable only
+					 to connection-oriented transports
+					 such as TCP and TLS.		    */
+    PJSIP_TP_STATE_DISCONNECTED	    /**< Transport disconnected, applicable
+					 only to connection-oriented 
+					 transports such as TCP and TLS.    */
+} pjsip_transport_state;
 
 
 /**
- * Structure of transport state info.
+ * Structure of transport state info passed by #pjsip_tp_state_callback.
  */
 typedef struct pjsip_transport_state_info {
     /**
      * The last error code related to the transport state.
      */
     pj_status_t		 status;
-    
+
     /**
      * Optional extended info, the content is specific for each transport type.
      */
@@ -1282,30 +1287,23 @@ typedef struct pjsip_transport_state_info {
 
 /**
  * Type of callback to receive transport state notifications, such as
- * transport connected, disconnected or TLS verification error.
+ * transport connected/disconnected. Application may shutdown the transport
+ * in this callback.
  *
  * @param tp		The transport instance.
- * @param state		The transport state, this may contain single or 
- *			combination of transport state types defined in
- *			#pjsip_transport_state_type.
+ * @param state		The transport state.
  * @param info		The transport state info.
- *
- * @return		When TLS verification fails and peer verification in
- *			#pjsip_tls_setting is not set, application may return
- *			PJ_TRUE to ignore the verification result and continue
- *			using the transport. On other cases, this return value
- *			is currently not used and will be ignored.
  */
-typedef pj_bool_t (*pjsip_tp_state_callback)(
+typedef void (*pjsip_tp_state_callback)(
 				    pjsip_transport *tp,
-				    pj_uint32_t state,
+				    pjsip_transport_state state,
 				    const pjsip_transport_state_info *info);
 
 
 /**
  * Setting callback of transport state notification. The caller will be
  * notified whenever the state of transport is changed. The type of
- * events are defined in #pjsip_transport_state_type.
+ * events are defined in #pjsip_transport_state.
  * 
  * @param mgr	    Transport manager.
  * @param cb	    Callback to be called to notify caller about transport 
diff --git a/pjsip/include/pjsip/sip_transport_tls.h b/pjsip/include/pjsip/sip_transport_tls.h
index f97414b3..ddee2bc2 100644
--- a/pjsip/include/pjsip/sip_transport_tls.h
+++ b/pjsip/include/pjsip/sip_transport_tls.h
@@ -122,42 +122,36 @@ typedef struct pjsip_tls_setting
     pj_str_t	server_name;
 
     /**
-     * Specifies the action when verification of server TLS certificate
-     * resulting errors:
+     * Specifies TLS transport behavior on the server TLS certificate 
+     * verification result:
      * - If \a verify_server is disabled (set to PJ_FALSE), TLS transport 
      *   will just notify the application via #pjsip_tp_state_callback with
-     *   state (PJSIP_TP_STATE_CONNECTED | PJSIP_TP_STATE_TLS_VERIF_ERROR)
-     *   whenever there is any TLS verification error, the return value of 
-     *   the callback will be used to decide whether transport should be 
-     *   shutdown.
+     *   state PJSIP_TP_STATE_CONNECTED regardless TLS verification result.
      * - If \a verify_server is enabled (set to PJ_TRUE), TLS transport 
      *   will be shutdown and application will be notified with state
-     *   (PJSIP_TP_STATE_DISCONNECTED | PJSIP_TP_STATE_TLS_VERIF_ERROR)
-     *   whenever there is any TLS verification error.
+     *   PJSIP_TP_STATE_DISCONNECTED whenever there is any TLS verification
+     *   error, otherwise PJSIP_TP_STATE_CONNECTED will be notified.
      *
-     * When the verification resulting success, application will be notified
-     * via #pjsip_tp_state_callback with state PJSIP_TP_STATE_CONNECTED.
+     * In any cases, application can inspect #pjsip_tls_state_info in the
+     * callback to see the verification detail.
      *
      * Default value is PJ_FALSE.
      */
     pj_bool_t	verify_server;
 
     /**
-     * Specifies the action when verification of server TLS certificate
-     * resulting errors:
+     * Specifies TLS transport behavior on the client TLS certificate 
+     * verification result:
      * - If \a verify_client is disabled (set to PJ_FALSE), TLS transport 
      *   will just notify the application via #pjsip_tp_state_callback with
-     *   state (PJSIP_TP_STATE_ACCEPTED | PJSIP_TP_STATE_TLS_VERIF_ERROR)
-     *   whenever there is any TLS verification error, the return value of 
-     *   the callback will be used to decide whether transport should be 
-     *   shutdown.
+     *   state PJSIP_TP_STATE_CONNECTED regardless TLS verification result.
      * - If \a verify_client is enabled (set to PJ_TRUE), TLS transport 
      *   will be shutdown and application will be notified with state
-     *   (PJSIP_TP_STATE_REJECTED | PJSIP_TP_STATE_TLS_VERIF_ERROR)
-     *   whenever there is any TLS verification error.
+     *   PJSIP_TP_STATE_DISCONNECTED whenever there is any TLS verification
+     *   error, otherwise PJSIP_TP_STATE_CONNECTED will be notified.
      *
-     * When the verification resulting success, application will be notified
-     * via #pjsip_tp_state_callback with state PJSIP_TP_STATE_ACCEPTED.
+     * In any cases, application can inspect #pjsip_tls_state_info in the
+     * callback to see the verification detail.
      *
      * Default value is PJ_FALSE.
      */
@@ -165,7 +159,7 @@ typedef struct pjsip_tls_setting
 
     /**
      * When acting as server (incoming TLS connections), reject inocming
-     * connection if client doesn't have a valid certificate.
+     * connection if client doesn't supply a TLS certificate.
      *
      * This setting corresponds to SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag.
      * Default value is PJ_FALSE.
@@ -209,8 +203,9 @@ typedef struct pjsip_tls_setting
 
 
 /**
- * This structure defines transport state extended info specifically for
- * TLS transport.
+ * This structure defines TLS transport extended info in <tt>ext_info</tt>
+ * field of #pjsip_transport_state_info for the transport state notification
+ * callback #pjsip_tp_state_callback.
  */
 typedef struct pjsip_tls_state_info
 {
diff --git a/pjsip/include/pjsua-lib/pjsua.h b/pjsip/include/pjsua-lib/pjsua.h
index 45f07d90..451b8c9c 100644
--- a/pjsip/include/pjsua-lib/pjsua.h
+++ b/pjsip/include/pjsua-lib/pjsua.h
@@ -846,21 +846,8 @@ typedef struct pjsua_callback
     /**
      * This callback is called when transport state is changed. See also
      * #pjsip_tp_state_callback.
-     *
-     * @param tp	The transport instance.
-     * @param state	The transport state, this may contain single or 
-     *			combination of transport state types defined in
-     *			#pjsip_transport_state_type.
-     * @param info	The transport state info.
-     *
-     * @return		When TLS verification fails and peer verification in
-     *			#pjsip_tls_setting is not set, application may return
-     *			PJ_TRUE to ignore the verification result and continue
-     *			using the transport. On other cases, this return value
-     *			is currently not used and will be ignored.
-     */
-    pj_bool_t (*on_transport_state)(pjsip_transport *tp, pj_uint32_t state,
-				    const pjsip_transport_state_info *info);
+     */
+    pjsip_tp_state_callback on_transport_state;
 
 } pjsua_callback;
 
diff --git a/pjsip/src/pjsip/sip_errno.c b/pjsip/src/pjsip/sip_errno.c
index 1225dd99..0c15206a 100644
--- a/pjsip/src/pjsip/sip_errno.c
+++ b/pjsip/src/pjsip/sip_errno.c
@@ -131,6 +131,7 @@ static const struct
     PJ_BUILD_ERR( PJSIP_TLS_ESEND,	"Unknown error when sending SSL data"),
     PJ_BUILD_ERR( PJSIP_TLS_EREAD,	"Unknown error when reading SSL data"),
     PJ_BUILD_ERR( PJSIP_TLS_ETIMEDOUT,	"SSL negotiation has timed out"),
+    PJ_BUILD_ERR( PJSIP_TLS_ECERTVERIF,	"SSL certificate verification error"),
 };
 
 
diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
index 92fbaf4d..ecfba2c9 100644
--- a/pjsip/src/pjsip/sip_transport.c
+++ b/pjsip/src/pjsip/sip_transport.c
@@ -866,7 +866,7 @@ PJ_DEF(pj_status_t) pjsip_transport_register( pjsip_tpmgr *mgr,
     /* 
      * Register to hash table (see Trac ticket #42).
      */
-    key_len = sizeof(tp->key.type) + sizeof(tp->key.hname) + tp->addr_len;
+    key_len = sizeof(tp->key.type) + tp->addr_len;
     pj_lock_acquire(mgr->lock);
 
     /* If entry already occupied, unregister previous entry */
@@ -916,7 +916,7 @@ static pj_status_t destroy_transport( pjsip_tpmgr *mgr,
     /*
      * Unregister from hash table (see Trac ticket #42).
      */
-    key_len = sizeof(tp->key.type) + sizeof(tp->key.hname) + tp->addr_len;
+    key_len = sizeof(tp->key.type) + tp->addr_len;
     hval = 0;
     entry = pj_hash_get(mgr->table, &tp->key, key_len, &hval);
     if (entry == (void*)tp)
@@ -1591,34 +1591,12 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
 	int key_len;
 	pjsip_transport *transport;
 
-	/*
-	 * Find factory that can create such transport.
-	 */
-	factory = mgr->factory_list.next;
-	while (factory != &mgr->factory_list) {
-	    if (factory->type == type)
-		break;
-	    factory = factory->next;
-	}
-	if (factory == &mgr->factory_list)
-	    factory = NULL;
-
 	pj_bzero(&key, sizeof(key));
-	key_len = sizeof(key.type) + sizeof(key.hname) + addr_len;
+	key_len = sizeof(key.type) + addr_len;
 
 	/* First try to get exact destination. */
 	key.type = type;
 	pj_memcpy(&key.rem_addr, remote, addr_len);
-	if (factory && factory->create_transport2 && 
-	    tdata && tdata->dest_info.name.slen)
-	{
-	    /* Only include hostname hash in the key when the factory support
-	     * create_transport2() and tdata is supplied.
-	     */
-	    key.hname = pj_hash_calc_tolower(0, 
-				    (char*)tdata->dest_info.name.ptr,
-				    &tdata->dest_info.name);
-	}
 
 	transport = (pjsip_transport*)
 		    pj_hash_get(mgr->table, &key, key_len, NULL);
@@ -1635,7 +1613,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
 		pj_sockaddr *addr = &key.rem_addr;
 
 		pj_bzero(addr, addr_len);
-		key_len = sizeof(key.type) + sizeof(key.hname) + addr_len;
+		key_len = sizeof(key.type) + addr_len;
 		transport = (pjsip_transport*) 
 			    pj_hash_get(mgr->table, &key, key_len, NULL);
 	    }
@@ -1648,7 +1626,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
 		pj_bzero(addr, addr_len);
 		addr->addr.sa_family = remote_addr->addr.sa_family;
 
-		key_len = sizeof(key.type) + sizeof(key.hname) + addr_len;
+		key_len = sizeof(key.type) + addr_len;
 		transport = (pjsip_transport*)
 			    pj_hash_get(mgr->table, &key, key_len, NULL);
 	    }
@@ -1668,8 +1646,16 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
 
 	/*
 	 * Transport not found!
+	 * Find factory that can create such transport.
 	 */
-	if (NULL == factory) {
+	factory = mgr->factory_list.next;
+	while (factory != &mgr->factory_list) {
+	    if (factory->type == type)
+		break;
+	    factory = factory->next;
+	}
+
+	if (factory == &mgr->factory_list) {
 	    /* No factory can create the transport! */
 	    pj_lock_release(mgr->lock);
 	    TRACE_((THIS_FILE, "No suitable factory was found either"));
@@ -1677,7 +1663,6 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
 	}
     }
 
-    
     TRACE_((THIS_FILE, "Creating new transport from factory"));
 
     /* Request factory to create transport. */
diff --git a/pjsip/src/pjsip/sip_transport_loop.c b/pjsip/src/pjsip/sip_transport_loop.c
index 490a7bb3..f754f7fe 100644
--- a/pjsip/src/pjsip/sip_transport_loop.c
+++ b/pjsip/src/pjsip/sip_transport_loop.c
@@ -381,6 +381,7 @@ PJ_DEF(pj_status_t) pjsip_loop_start( pjsip_endpoint *endpt,
 	pjsip_transport_get_default_port_for_type((pjsip_transport_type_e)
 						  loop->base.key.type);
     loop->base.addr_len = sizeof(pj_sockaddr_in);
+    loop->base.dir = PJSIP_TP_DIR_NONE;
     loop->base.endpt = endpt;
     loop->base.tpmgr = pjsip_endpt_get_tpmgr(endpt);
     loop->base.send_msg = &loop_send_msg;
diff --git a/pjsip/src/pjsip/sip_transport_tcp.c b/pjsip/src/pjsip/sip_transport_tcp.c
index a7c7eeba..58e0ba41 100644
--- a/pjsip/src/pjsip/sip_transport_tcp.c
+++ b/pjsip/src/pjsip/sip_transport_tcp.c
@@ -584,6 +584,7 @@ static pj_status_t tcp_create( struct tcp_listener *listener,
     pj_memcpy(&tcp->base.local_addr, local, sizeof(pj_sockaddr_in));
     sockaddr_to_host_port(pool, &tcp->base.local_name, local);
     sockaddr_to_host_port(pool, &tcp->base.remote_name, remote);
+    tcp->base.dir = is_server? PJSIP_TP_DIR_INCOMING : PJSIP_TP_DIR_OUTGOING;
 
     tcp->base.endpt = listener->endpt;
     tcp->base.tpmgr = listener->tpmgr;
@@ -1004,7 +1005,7 @@ static pj_bool_t on_accept_complete(pj_activesock_t *asock,
 		pjsip_transport_state_info state_info;
             
 		pj_bzero(&state_info, sizeof(state_info));
-		(*state_cb)(&tcp->base, PJSIP_TP_STATE_ACCEPTED, &state_info);
+		(*state_cb)(&tcp->base, PJSIP_TP_STATE_CONNECTED, &state_info);
 	    }
 	}
     }
diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
index a135c43f..0d4ef882 100644
--- a/pjsip/src/pjsip/sip_transport_tls.c
+++ b/pjsip/src/pjsip/sip_transport_tls.c
@@ -557,8 +557,6 @@ static pj_status_t tls_create( struct tls_listener *listener,
 
     tls->base.key.type = PJSIP_TRANSPORT_TLS;
     pj_memcpy(&tls->base.key.rem_addr, remote, sizeof(pj_sockaddr_in));
-    tls->base.key.hname = pj_hash_calc_tolower(0, (char*)tls->remote_name.ptr,
-					       &tls->remote_name);
     tls->base.type_name = "tls";
     tls->base.flag = pjsip_transport_get_flag_from_type(PJSIP_TRANSPORT_TLS);
 
@@ -568,6 +566,7 @@ static pj_status_t tls_create( struct tls_listener *listener,
 		     (int)pj_ntohs(remote->sin_port));
 
     tls->base.addr_len = sizeof(pj_sockaddr_in);
+    tls->base.dir = is_server? PJSIP_TP_DIR_INCOMING : PJSIP_TP_DIR_OUTGOING;
     
     /* Set initial local address */
     if (!pj_sockaddr_has_addr(local)) {
@@ -978,10 +977,9 @@ static pj_bool_t on_accept_complete(pj_ssl_sock_t *ssock,
     struct tls_transport *tls;
     pj_ssl_sock_info ssl_info;
     char addr[PJ_INET6_ADDRSTRLEN+10];
-    pj_status_t status;
-
     pjsip_tp_state_callback *state_cb;
-    pj_bool_t tls_verif_ignored;
+    pj_bool_t is_shutdown;
+    pj_status_t status;
 
     PJ_UNUSED_ARG(src_addr_len);
 
@@ -1021,46 +1019,54 @@ static pj_bool_t on_accept_complete(pj_ssl_sock_t *ssock,
     /* Set the "pending" SSL socket user data */
     pj_ssl_sock_set_user_data(new_ssock, tls);
 
-    tls_verif_ignored = !listener->tls_setting.verify_client;
+    /* Prevent immediate transport destroy as application may access it 
+     * (getting info, etc) in transport state notification callback.
+     */
+    pjsip_transport_add_ref(&tls->base);
+
+    /* If there is verification error and verification is mandatory, shutdown
+     * and destroy the transport.
+     */
+    if (ssl_info.verify_status && listener->tls_setting.verify_client) {
+	if (tls->close_reason == PJ_SUCCESS) 
+	    tls->close_reason = PJSIP_TLS_ECERTVERIF;
+	pjsip_transport_shutdown(&tls->base);
+    }
 
     /* Notify transport state to application */
     state_cb = pjsip_tpmgr_get_status_cb(tls->base.tpmgr);
     if (state_cb) {
 	pjsip_transport_state_info state_info;
 	pjsip_tls_state_info tls_info;
-	pj_uint32_t tp_state = 0;
+	pjsip_transport_state tp_state;
 
-	/* Init transport state notification callback */
+	/* Init transport state info */
 	pj_bzero(&tls_info, sizeof(tls_info));
 	pj_bzero(&state_info, sizeof(state_info));
+	tls_info.ssl_sock_info = &ssl_info;
+	state_info.ext_info = &tls_info;
 
 	/* Set transport state based on verification status */
-	if (ssl_info.verify_status) {
-	    state_info.status = PJSIP_TLS_EACCEPT;
-	    tp_state |= PJSIP_TP_STATE_TLS_VERIF_ERROR;
-	    if (listener->tls_setting.verify_client)
-		tp_state |= PJSIP_TP_STATE_REJECTED;
-	    else
-		tp_state |= PJSIP_TP_STATE_ACCEPTED;
+	if (ssl_info.verify_status && listener->tls_setting.verify_client)
+	{
+	    tp_state = PJSIP_TP_STATE_DISCONNECTED;
+	    state_info.status = PJSIP_TLS_ECERTVERIF;
 	} else {
-	    tp_state |= PJSIP_TP_STATE_ACCEPTED;
+	    tp_state = PJSIP_TP_STATE_CONNECTED;
+	    state_info.status = PJ_SUCCESS;
 	}
 
-	tls_info.ssl_sock_info = &ssl_info;
-	state_info.ext_info = &tls_info;
-
-	tls_verif_ignored = (*state_cb)(&tls->base, tp_state, &state_info);
+	(*state_cb)(&tls->base, tp_state, &state_info);
     }
 
-    /* Transport should be destroyed when there is TLS verification error
-     * and application doesn't want to ignore it.
+    /* Release transport reference. If transport is shutting down, it may
+     * get destroyed here.
      */
-    if (ssl_info.verify_status && 
-	(listener->tls_setting.verify_client || !tls_verif_ignored))
-    {
-	tls_destroy(&tls->base, PJSIP_TLS_EACCEPT);
+    is_shutdown = tls->base.is_shutdown;
+    pjsip_transport_dec_ref(&tls->base);
+    if (is_shutdown)
 	return PJ_TRUE;
-    }
+
 
     status = tls_start_read(tls);
     if (status != PJ_SUCCESS) {
@@ -1331,9 +1337,8 @@ static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock,
     struct tls_transport *tls;
     pj_ssl_sock_info ssl_info;
     pj_sockaddr_in addr, *tp_addr;
-
     pjsip_tp_state_callback *state_cb;
-    pj_bool_t tls_verif_ignored;
+    pj_bool_t is_shutdown;
 
     tls = (struct tls_transport*) pj_ssl_sock_get_user_data(ssock);
 
@@ -1432,7 +1437,19 @@ static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock,
 	    ssl_info.verify_status |= PJ_SSL_CERT_EIDENTITY_NOT_MATCH;
     }
 
-    tls_verif_ignored = !tls->verify_server;
+    /* Prevent immediate transport destroy as application may access it 
+     * (getting info, etc) in transport state notification callback.
+     */
+    pjsip_transport_add_ref(&tls->base);
+
+    /* If there is verification error and verification is mandatory, shutdown
+     * and destroy the transport.
+     */
+    if (ssl_info.verify_status && tls->verify_server) {
+	if (tls->close_reason == PJ_SUCCESS) 
+	    tls->close_reason = PJSIP_TLS_ECERTVERIF;
+	pjsip_transport_shutdown(&tls->base);
+    }
 
     /* Notify transport state to application */
     state_cb = pjsip_tpmgr_get_status_cb(tls->base.tpmgr);
@@ -1441,40 +1458,33 @@ static pj_bool_t on_connect_complete(pj_ssl_sock_t *ssock,
 	pjsip_tls_state_info tls_info;
 	pj_uint32_t tp_state = 0;
 
-	/* Init transport state notification callback */
+	/* Init transport state info */
 	pj_bzero(&state_info, sizeof(state_info));
 	pj_bzero(&tls_info, sizeof(tls_info));
-
-	/* Set transport state info */
 	state_info.ext_info = &tls_info;
 	tls_info.ssl_sock_info = &ssl_info;
 
 	/* Set transport state based on verification status */
-	if (ssl_info.verify_status) {
-	    state_info.status = PJSIP_TLS_ECONNECT;
-	    tp_state |= PJSIP_TP_STATE_TLS_VERIF_ERROR;
-	    if (tls->verify_server)
-		tp_state |= PJSIP_TP_STATE_DISCONNECTED;
-	    else
-		tp_state |= PJSIP_TP_STATE_CONNECTED;
+	if (ssl_info.verify_status && tls->verify_server)
+	{
+	    tp_state = PJSIP_TP_STATE_DISCONNECTED;
+	    state_info.status = PJSIP_TLS_ECERTVERIF;
 	} else {
-	    tp_state |= PJSIP_TP_STATE_CONNECTED;
+	    tp_state = PJSIP_TP_STATE_CONNECTED;
+	    state_info.status = PJ_SUCCESS;
 	}
 
-	tls_verif_ignored = (*state_cb)(&tls->base, tp_state, &state_info);
+	(*state_cb)(&tls->base, tp_state, &state_info);
     }
 
-    /* Transport should be shutdown when there is TLS verification error
-     * and application doesn't want to ignore it.
+    /* Release transport reference. If transport is shutting down, it may
+     * get destroyed here.
      */
-    if (ssl_info.verify_status && 
-	(tls->verify_server || !tls_verif_ignored))
-    {
-	if (tls->close_reason == PJ_SUCCESS) 
-	    tls->close_reason = PJSIP_TLS_ECONNECT;
-	pjsip_transport_shutdown(&tls->base);
+    is_shutdown = tls->base.is_shutdown;
+    pjsip_transport_dec_ref(&tls->base);
+    if (is_shutdown)
 	return PJ_FALSE;
-    }
+
 
     /* Mark that pending connect() operation has completed. */
     tls->has_pending_connect = PJ_FALSE;
diff --git a/pjsip/src/pjsip/sip_transport_udp.c b/pjsip/src/pjsip/sip_transport_udp.c
index 24e22945..20b15b91 100644
--- a/pjsip/src/pjsip/sip_transport_udp.c
+++ b/pjsip/src/pjsip/sip_transport_udp.c
@@ -736,6 +736,9 @@ static pj_status_t transport_attach( pjsip_endpoint *endpt,
 	tp->base.remote_name.host = pj_str("::0");
     tp->base.remote_name.port = 0;
 
+    /* Init direction */
+    tp->base.dir = PJSIP_TP_DIR_NONE;
+
     /* Set endpoint. */
     tp->base.endpt = endpt;