Fixed #1740: TLS will be used whenever request URI uses "sips" scheme regardless the target-URI scheme/transport. This behavior is configurable via 'PJSIP_DONT_SWITCH_TO_TLS' in compile-time, or 'pjsip_cfg()->disable_tls_switch' in run-time.

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4770 74dad513-b988-da41-8d7b-12977e46ad98

3 files changed, 46 insertions, 4 deletions

diff --git a/pjsip/include/pjsip/sip_config.h b/pjsip/include/pjsip/sip_config.h
index 95f75383..fc7604cb 100644
--- a/pjsip/include/pjsip/sip_config.h
+++ b/pjsip/include/pjsip/sip_config.h
@@ -112,6 +112,15 @@ typedef struct pjsip_cfg_t
 	pj_bool_t disable_tcp_switch;
 
 	/**
+	 * Disable automatic switching to TLS if target-URI does not use
+	 * "sips" scheme nor TLS transport, even when request-URI uses
+	 * "sips" scheme.
+	 *
+	 * Default is PJSIP_DONT_SWITCH_TO_TLS.
+	 */
+	pj_bool_t disable_tls_switch;
+
+	/**
 	 * Enable call media session to always be updated to the latest
 	 * received early media SDP when receiving forked early media
 	 * (multiple 183 responses with different To tag).
@@ -309,6 +318,24 @@ PJ_INLINE(pjsip_cfg_t*) pjsip_cfg(void)
 
 
 /**
+ * As specified RFC 3261 section 8.1.2, when request-URI uses "sips" scheme,
+ * TLS must always be used regardless of the target-URI scheme or transport
+ * type.
+ *
+ * This option will specify whether the behavior of automatic switching to TLS
+ * should be disabled, i.e: regard the target-URI scheme or transport type.
+ *
+ * This option can also be controlled at run-time by the \a disable_tls_switch
+ * setting in pjsip_cfg_t.
+ *
+ * Default is 0 (no).
+ */
+#ifndef PJSIP_DONT_SWITCH_TO_TLS
+#   define PJSIP_DONT_SWITCH_TO_TLS	0
+#endif
+
+
+/**
  * Specify whether the call media session should be updated to the latest
  * received early media SDP when receiving forked early media (multiple 183
  * responses with different To tag).
diff --git a/pjsip/src/pjsip/sip_config.c b/pjsip/src/pjsip/sip_config.c
index dacc2f82..a72aeea2 100644
--- a/pjsip/src/pjsip/sip_config.c
+++ b/pjsip/src/pjsip/sip_config.c
@@ -30,6 +30,7 @@ pjsip_cfg_t pjsip_sip_cfg_var =
        0,
        0,
        PJSIP_DONT_SWITCH_TO_TCP,
+       PJSIP_DONT_SWITCH_TO_TLS,
        PJSIP_FOLLOW_EARLY_MEDIA_FORK,
        PJSIP_REQ_HAS_VIA_ALIAS
     },
diff --git a/pjsip/src/pjsip/sip_util.c b/pjsip/src/pjsip/sip_util.c
index 520d8732..d7cde6fe 100644
--- a/pjsip/src/pjsip/sip_util.c
+++ b/pjsip/src/pjsip/sip_util.c
@@ -802,6 +802,7 @@ on_missing_hdr:
 
 /* Fill-up destination information from a target URI */
 static pj_status_t get_dest_info(const pjsip_uri *target_uri, 
+				 const pjsip_uri *request_uri, 
 				 pj_pool_t *pool,
 				 pjsip_host_info *dest_info)
 {
@@ -810,11 +811,22 @@ static pj_status_t get_dest_info(const pjsip_uri *target_uri,
      */
     pj_bzero(dest_info, sizeof(*dest_info));
 
-    if (PJSIP_URI_SCHEME_IS_SIPS(target_uri)) {
+    /* When request URI uses sips scheme, TLS must always be used regardless
+     * of the target scheme or transport type (see ticket #1740).
+     */
+    if (PJSIP_URI_SCHEME_IS_SIPS(target_uri) || 
+	(pjsip_cfg()->endpt.disable_tls_switch == 0 && request_uri &&
+	 PJSIP_URI_SCHEME_IS_SIPS(request_uri)))
+    {
 	pjsip_uri *uri = (pjsip_uri*) target_uri;
 	const pjsip_sip_uri *url=(const pjsip_sip_uri*)pjsip_uri_get_uri(uri);
 	unsigned flag;
 
+	if (!PJSIP_URI_SCHEME_IS_SIPS(target_uri)) {
+	    PJ_LOG(4,(THIS_FILE, "Automatic switch to TLS transport as "
+				 "request-URI uses ""sips"" scheme."));
+	}
+
 	dest_info->flag |= (PJSIP_TRANSPORT_SECURE | PJSIP_TRANSPORT_RELIABLE);
 	if (url->maddr_param.slen)
 	    pj_strdup(pool, &dest_info->addr.host, &url->maddr_param);
@@ -895,7 +907,8 @@ PJ_DEF(pj_status_t) pjsip_get_request_dest(const pjsip_tx_data *tdata,
 	target_uri = tdata->msg->line.req.uri;
     }
 
-    return get_dest_info(target_uri, (pj_pool_t*)tdata->pool, dest_info);
+    return get_dest_info(target_uri, tdata->msg->line.req.uri,
+			 (pj_pool_t*)tdata->pool, dest_info);
 }
 
 
@@ -998,7 +1011,8 @@ PJ_DEF(pj_status_t) pjsip_process_route_set(pjsip_tx_data *tdata,
     }
 
     /* Fill up the destination host/port from the URI. */
-    status = get_dest_info(target_uri, tdata->pool, dest_info);
+    status = get_dest_info(target_uri, new_request_uri, tdata->pool,
+			   dest_info);
     if (status != PJ_SUCCESS)
 	return status;
 
@@ -1495,7 +1509,7 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_raw_to_uri(pjsip_endpoint *endpt,
     }
 
     /* Build destination info. */
-    status = get_dest_info(uri, tdata->pool, &dest_info);
+    status = get_dest_info(uri, NULL, tdata->pool, &dest_info);
     if (status != PJ_SUCCESS) {
 	pjsip_tx_data_dec_ref(tdata);
 	return status;