diff options
author | Nanang Izzuddin <nanang@teluu.com> | 2009-10-26 15:47:52 +0000 |
---|---|---|
committer | Nanang Izzuddin <nanang@teluu.com> | 2009-10-26 15:47:52 +0000 |
commit | c7b5a2411a316bff3e3bda9e5fdac72db66f6269 (patch) | |
tree | 21fd37a2f1f9d1750187213ecf2700d6215257ca /pjlib/include | |
parent | dfe07c8f8d65d6045e1003c6c11dca75495f7b38 (diff) |
Ticket #957:
- Added features in secure socket: handshake timeout timer, certificate info, renegotiation API.
- Added unit test for secure socket, along with testing purpose certificate & private key.
- Updated build configs for secure socket.
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@2970 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjlib/include')
-rw-r--r-- | pjlib/include/pj/compat/os_auto.h.in | 6 | ||||
-rw-r--r-- | pjlib/include/pj/config.h | 12 | ||||
-rw-r--r-- | pjlib/include/pj/ssl_sock.h | 76 | ||||
-rw-r--r-- | pjlib/include/pjlib.h | 1 |
4 files changed, 83 insertions, 12 deletions
diff --git a/pjlib/include/pj/compat/os_auto.h.in b/pjlib/include/pj/compat/os_auto.h.in index 2e8562eb..f474d60f 100644 --- a/pjlib/include/pj/compat/os_auto.h.in +++ b/pjlib/include/pj/compat/os_auto.h.in @@ -181,5 +181,11 @@ */ #undef PJ_THREAD_ALLOCATE_STACK +/* SSL socket availability. */ +#ifndef PJ_HAS_SSL_SOCK +#undef PJ_HAS_SSL_SOCK +#endif + + #endif /* __PJ_COMPAT_OS_AUTO_H__ */ diff --git a/pjlib/include/pj/config.h b/pjlib/include/pj/config.h index 71ca8a04..ab37d2df 100644 --- a/pjlib/include/pj/config.h +++ b/pjlib/include/pj/config.h @@ -779,6 +779,18 @@ #endif +/** + * Enable secure socket. For most platforms, this is implemented using + * OpenSSL, so this will require OpenSSL to be installed. For Symbian + * platform, this is implemented natively using CSecureSocket. + * + * Default: 0 (for now) + */ +#ifndef PJ_HAS_SSL_SOCK +# define PJ_HAS_SSL_SOCK 0 +#endif + + /** @} */ /******************************************************************** diff --git a/pjlib/include/pj/ssl_sock.h b/pjlib/include/pj/ssl_sock.h index ce319d4d..ad4556e4 100644 --- a/pjlib/include/pj/ssl_sock.h +++ b/pjlib/include/pj/ssl_sock.h @@ -60,12 +60,27 @@ typedef struct pj_ssl_cert_t pj_ssl_cert_t; /** + * Describe structure of certificate info. + */ +typedef struct pj_ssl_cert_info { + pj_str_t subject; /**< Subject. */ + pj_str_t issuer; /**< Issuer. */ + unsigned version; /**< Certificate version. */ + pj_time_val validity_start; /**< Validity start. */ + pj_time_val validity_end; /**< Validity end. */ + pj_bool_t validity_use_gmt; /**< Flag if validity date/time + use GMT. */ +} pj_ssl_cert_info; + + +/** * Create credential from files. * * @param CA_file The file of trusted CA list. * @param cert_file The file of certificate. * @param privkey_file The file of private key. * @param privkey_pass The password of private key, if any. + * @param p_cert Pointer to credential instance to be created. * * @return PJ_SUCCESS when successful. */ @@ -322,24 +337,38 @@ typedef struct pj_ssl_sock_info * handshaking has been done successfully. */ pj_bool_t established; + /** * Describes secure socket protocol being used. */ pj_ssl_sock_proto proto; + /** * Describes cipher suite being used, this will only be set when connection * is established. */ pj_ssl_cipher cipher; + /** * Describes local address. */ pj_sockaddr local_addr; + /** * Describes remote address. */ pj_sockaddr remote_addr; + /** + * Describes active local certificate info. + */ + pj_ssl_cert_info local_cert_info; + + /** + * Describes active remote certificate info. + */ + pj_ssl_cert_info remote_cert_info; + } pj_ssl_sock_info; @@ -369,6 +398,13 @@ typedef struct pj_ssl_sock_param pj_ioqueue_t *ioqueue; /** + * Specify the timer heap to use. Secure socket uses the timer to provide + * auto cancelation on asynchronous operation when it takes longer time + * than specified timeout period, e.g: security negotiation timeout. + */ + pj_timer_heap_t *timer_heap; + + /** * Specify secure socket callbacks, see #pj_ssl_sock_cb. */ pj_ssl_sock_cb cb; @@ -430,13 +466,12 @@ typedef struct pj_ssl_sock_param pj_bool_t whole_data; /** - * Specify buffer size for delayed send operation. This setting is only - * applied for some platforms that restrict more than one outstanding - * send operation at a time, e.g: Symbian. So delaying/buffering send - * mechanism is used to allow application to send data anytime without - * worrying about current outstanding send operations. + * Specify buffer size for sending operation. Buffering sending data + * is used for allowing application to perform multiple outstanding + * send operations. Whenever application specifies this setting too + * small, sending operation may return PJ_ENOMEM. * - * Default value is 0, except for Symbian 8192 bytes. + * Default value is 8192 bytes. */ pj_size_t send_buffer_size; @@ -495,7 +530,7 @@ typedef struct pj_ssl_sock_param * * Default value is zero/not-set. */ - pj_str_t servername; + pj_str_t server_name; } pj_ssl_sock_param; @@ -691,12 +726,12 @@ PJ_DECL(pj_status_t) pj_ssl_sock_start_recvfrom2(pj_ssl_sock_t *ssock, * @param size The size of the data. * @param flags Flags to be given to pj_ioqueue_send(). * - * * @return PJ_SUCCESS if data has been sent immediately, or - * PJ_EPENDING if data cannot be sent immediately. In - * this case the \a on_data_sent() callback will be - * called when data is actually sent. Any other return - * value indicates error condition. + * PJ_EPENDING if data cannot be sent immediately or + * PJ_ENOMEM when sending buffer could not handle all + * queued data, see \a send_buffer_size. The callback + * \a on_data_sent() will be called when data is actually + * sent. Any other return value indicates error condition. */ PJ_DECL(pj_status_t) pj_ssl_sock_send(pj_ssl_sock_t *ssock, pj_ioqueue_op_key_t *send_key, @@ -786,6 +821,23 @@ PJ_DECL(pj_status_t) pj_ssl_sock_start_connect(pj_ssl_sock_t *ssock, /** + * Starts SSL/TLS renegotiation over an already established SSL connection + * for this socket. This operation is performed transparently, no callback + * will be called once the renegotiation completed successfully. However, + * when the renegotiation fails, the connection will be closed and callback + * \a on_data_read() will be invoked with non-PJ_SUCCESS status code. + * + * @param ssock The secure socket. + * + * @return PJ_SUCCESS if renegotiation is completed immediately, + * or PJ_EPENDING if renegotiation has been started and + * waiting for completion, or the appropriate error code + * on failure. + */ +PJ_DECL(pj_status_t) pj_ssl_sock_renegotiate(pj_ssl_sock_t *ssock); + + +/** * @} */ diff --git a/pjlib/include/pjlib.h b/pjlib/include/pjlib.h index 648c594a..0709a09c 100644 --- a/pjlib/include/pjlib.h +++ b/pjlib/include/pjlib.h @@ -52,6 +52,7 @@ #include <pj/sock.h> #include <pj/sock_qos.h> #include <pj/sock_select.h> +#include <pj/ssl_sock.h> #include <pj/string.h> #include <pj/timer.h> #include <pj/unicode.h> |