diff options
| author | Nanang Izzuddin <nanang@teluu.com> | 2010-02-25 11:58:19 +0000 |
|---|---|---|
| committer | Nanang Izzuddin <nanang@teluu.com> | 2010-02-25 11:58:19 +0000 |
| commit | cd0277b8c369c89206409d767d47600d3ed38786 (patch) | |
| tree | 4ea90a5de7fb5a5842fff3685ac600c93246050b /pjlib | |
| parent | c80dd76f236e41c653a6e6e95c9fa44c586c6a34 (diff) | |
More ticket #1032:
- Updated transport state notification callback to return void.
- Updated transport state enum to only contain connected and disconnected, no more bitmask value.
- Added direction field to SIP transport.
- Removed remote hostname hash from transport key.
- Updated cert info dump to return -1 when buffer is insufficient.
- Added new error code PJSIP_TLS_ECERTVERIF.
- Updated get_cert_name() in ssl_sock_symbian.c to use heap buffer instead of stack.
- Minors, e.g: added prefix PJ in cipher types, docs.
git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@3110 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjlib')
| -rw-r--r-- | pjlib/include/pj/ssl_sock.h | 145 | ||||
| -rw-r--r-- | pjlib/src/pj/ssl_sock_common.c | 129 | ||||
| -rw-r--r-- | pjlib/src/pj/ssl_sock_dump.c | 43 | ||||
| -rw-r--r-- | pjlib/src/pj/ssl_sock_symbian.cpp | 27 | ||||
| -rw-r--r-- | pjlib/src/pjlib-test/ssl_sock.c | 20 |
5 files changed, 189 insertions, 175 deletions
diff --git a/pjlib/include/pj/ssl_sock.h b/pjlib/include/pj/ssl_sock.h index f9fc69b0..c14c85c4 100644 --- a/pjlib/include/pj/ssl_sock.h +++ b/pjlib/include/pj/ssl_sock.h @@ -154,7 +154,8 @@ typedef struct pj_ssl_cert_info { struct { pj_str_t cn; /**< Common name */ pj_str_t info; /**< One line subject, fields - are separated by slash */ + are separated by slash, e.g: + "CN=sample.org/OU=HRD" */ } subject; /**< Subject */ struct { @@ -206,16 +207,17 @@ PJ_DECL(pj_status_t) pj_ssl_cert_load_from_files(pj_pool_t *pool, * Dump SSL certificate info. * * @param ci The certificate info. - * @param prefix Prefix string for each line. + * @param indent String for left indentation. * @param buf The buffer where certificate info will be printed on. * @param buf_size The buffer size. * - * @return PJ_SUCCESS when successful. + * @return The length of the dump result, or -1 when buffer size + * is not sufficient. */ -PJ_DECL(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, - const char *prefix, - char *buf, - pj_size_t buf_size); +PJ_DECL(pj_ssize_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, + const char *indent, + char *buf, + pj_size_t buf_size); /** @@ -230,7 +232,8 @@ PJ_DECL(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, * * @return PJ_SUCCESS when successful. */ -PJ_DECL(pj_status_t) pj_ssl_cert_verify_error_st(pj_uint32_t verify_status, +PJ_DECL(pj_status_t) pj_ssl_cert_get_verify_status_strings( + pj_uint32_t verify_status, const char *error_strings[], unsigned *count); @@ -241,77 +244,77 @@ PJ_DECL(pj_status_t) pj_ssl_cert_verify_error_st(pj_uint32_t verify_status, typedef enum pj_ssl_cipher { /* NULL */ - TLS_NULL_WITH_NULL_NULL = 0x00000000, + PJ_TLS_NULL_WITH_NULL_NULL = 0x00000000, /* TLS/SSLv3 */ - TLS_RSA_WITH_NULL_MD5 = 0x00000001, - TLS_RSA_WITH_NULL_SHA = 0x00000002, - TLS_RSA_WITH_NULL_SHA256 = 0x0000003B, - TLS_RSA_WITH_RC4_128_MD5 = 0x00000004, - TLS_RSA_WITH_RC4_128_SHA = 0x00000005, - TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x0000000A, - TLS_RSA_WITH_AES_128_CBC_SHA = 0x0000002F, - TLS_RSA_WITH_AES_256_CBC_SHA = 0x00000035, - TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003C, - TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x0000003D, - TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x0000000D, - TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000010, - TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x00000013, - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000016, - TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x00000030, - TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x00000031, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x00000032, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x00000033, - TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x00000036, - TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x00000037, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x00000038, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x00000039, - TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x0000003E, - TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003F, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x00000040, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x00000067, - TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x00000068, - TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x00000069, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x0000006A, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x0000006B, - TLS_DH_anon_WITH_RC4_128_MD5 = 0x00000018, - TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x0000001B, - TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x00000034, - TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x0000003A, - TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x0000006C, - TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x0000006D, + PJ_TLS_RSA_WITH_NULL_MD5 = 0x00000001, + PJ_TLS_RSA_WITH_NULL_SHA = 0x00000002, + PJ_TLS_RSA_WITH_NULL_SHA256 = 0x0000003B, + PJ_TLS_RSA_WITH_RC4_128_MD5 = 0x00000004, + PJ_TLS_RSA_WITH_RC4_128_SHA = 0x00000005, + PJ_TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x0000000A, + PJ_TLS_RSA_WITH_AES_128_CBC_SHA = 0x0000002F, + PJ_TLS_RSA_WITH_AES_256_CBC_SHA = 0x00000035, + PJ_TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003C, + PJ_TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x0000003D, + PJ_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x0000000D, + PJ_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000010, + PJ_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x00000013, + PJ_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x00000016, + PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x00000030, + PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x00000031, + PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x00000032, + PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x00000033, + PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x00000036, + PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x00000037, + PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x00000038, + PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x00000039, + PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x0000003E, + PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x0000003F, + PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x00000040, + PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x00000067, + PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x00000068, + PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x00000069, + PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x0000006A, + PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x0000006B, + PJ_TLS_DH_anon_WITH_RC4_128_MD5 = 0x00000018, + PJ_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = 0x0000001B, + PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x00000034, + PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA = 0x0000003A, + PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA256 = 0x0000006C, + PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA256 = 0x0000006D, /* TLS (deprecated) */ - TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x00000003, - TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x00000006, - TLS_RSA_WITH_IDEA_CBC_SHA = 0x00000007, - TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000008, - TLS_RSA_WITH_DES_CBC_SHA = 0x00000009, - TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0000000B, - TLS_DH_DSS_WITH_DES_CBC_SHA = 0x0000000C, - TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0000000E, - TLS_DH_RSA_WITH_DES_CBC_SHA = 0x0000000F, - TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x00000011, - TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x00000012, - TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000014, - TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x00000015, - TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x00000017, - TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x00000019, - TLS_DH_anon_WITH_DES_CBC_SHA = 0x0000001A, + PJ_TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x00000003, + PJ_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x00000006, + PJ_TLS_RSA_WITH_IDEA_CBC_SHA = 0x00000007, + PJ_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000008, + PJ_TLS_RSA_WITH_DES_CBC_SHA = 0x00000009, + PJ_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0000000B, + PJ_TLS_DH_DSS_WITH_DES_CBC_SHA = 0x0000000C, + PJ_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0000000E, + PJ_TLS_DH_RSA_WITH_DES_CBC_SHA = 0x0000000F, + PJ_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x00000011, + PJ_TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x00000012, + PJ_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x00000014, + PJ_TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x00000015, + PJ_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = 0x00000017, + PJ_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 0x00000019, + PJ_TLS_DH_anon_WITH_DES_CBC_SHA = 0x0000001A, /* SSLv3 */ - SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x0000001C, - SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA= 0x0000001D, - SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x0000001E, + PJ_SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x0000001C, + PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x0000001D, + PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x0000001E, /* SSLv2 */ - SSL_CK_RC4_128_WITH_MD5 = 0x00010080, - SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x00020080, - SSL_CK_RC2_128_CBC_WITH_MD5 = 0x00030080, - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x00040080, - SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x00050080, - SSL_CK_DES_64_CBC_WITH_MD5 = 0x00060040, - SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x000700C0 + PJ_SSL_CK_RC4_128_WITH_MD5 = 0x00010080, + PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x00020080, + PJ_SSL_CK_RC2_128_CBC_WITH_MD5 = 0x00030080, + PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x00040080, + PJ_SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x00050080, + PJ_SSL_CK_DES_64_CBC_WITH_MD5 = 0x00060040, + PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x000700C0 } pj_ssl_cipher; diff --git a/pjlib/src/pj/ssl_sock_common.c b/pjlib/src/pj/ssl_sock_common.c index 988a8b2a..31b0b1e6 100644 --- a/pjlib/src/pj/ssl_sock_common.c +++ b/pjlib/src/pj/ssl_sock_common.c @@ -30,77 +30,77 @@ typedef struct cipher_name_t { /* Cipher name constants */ static cipher_name_t cipher_names[] = { - {TLS_NULL_WITH_NULL_NULL, "NULL"}, + {PJ_TLS_NULL_WITH_NULL_NULL, "NULL"}, /* TLS/SSLv3 */ - {TLS_RSA_WITH_NULL_MD5, "TLS_RSA_WITH_NULL_MD5"}, - {TLS_RSA_WITH_NULL_SHA, "TLS_RSA_WITH_NULL_SHA"}, - {TLS_RSA_WITH_NULL_SHA256, "TLS_RSA_WITH_NULL_SHA256"}, - {TLS_RSA_WITH_RC4_128_MD5, "TLS_RSA_WITH_RC4_128_MD5"}, - {TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_RC4_128_SHA"}, - {TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, - {TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"}, - {TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA"}, - {TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256"}, - {TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS_RSA_WITH_AES_256_CBC_SHA256"}, - {TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, - {TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, - {TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, - {TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, - {TLS_DH_DSS_WITH_AES_128_CBC_SHA, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"}, - {TLS_DH_RSA_WITH_AES_128_CBC_SHA, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"}, - {TLS_DHE_DSS_WITH_AES_128_CBC_SHA, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"}, - {TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}, - {TLS_DH_DSS_WITH_AES_256_CBC_SHA, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"}, - {TLS_DH_RSA_WITH_AES_256_CBC_SHA, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"}, - {TLS_DHE_DSS_WITH_AES_256_CBC_SHA, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"}, - {TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"}, - {TLS_DH_DSS_WITH_AES_128_CBC_SHA256, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"}, - {TLS_DH_RSA_WITH_AES_128_CBC_SHA256, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"}, - {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"}, - {TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}, - {TLS_DH_DSS_WITH_AES_256_CBC_SHA256, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"}, - {TLS_DH_RSA_WITH_AES_256_CBC_SHA256, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"}, - {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"}, - {TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"}, - {TLS_DH_anon_WITH_RC4_128_MD5, "TLS_DH_anon_WITH_RC4_128_MD5"}, - {TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"}, - {TLS_DH_anon_WITH_AES_128_CBC_SHA, "TLS_DH_anon_WITH_AES_128_CBC_SHA"}, - {TLS_DH_anon_WITH_AES_256_CBC_SHA, "TLS_DH_anon_WITH_AES_256_CBC_SHA"}, - {TLS_DH_anon_WITH_AES_128_CBC_SHA256, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"}, - {TLS_DH_anon_WITH_AES_256_CBC_SHA256, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"}, + {PJ_TLS_RSA_WITH_NULL_MD5, "TLS_RSA_WITH_NULL_MD5"}, + {PJ_TLS_RSA_WITH_NULL_SHA, "TLS_RSA_WITH_NULL_SHA"}, + {PJ_TLS_RSA_WITH_NULL_SHA256, "TLS_RSA_WITH_NULL_SHA256"}, + {PJ_TLS_RSA_WITH_RC4_128_MD5, "TLS_RSA_WITH_RC4_128_MD5"}, + {PJ_TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_RC4_128_SHA"}, + {PJ_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, + {PJ_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"}, + {PJ_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA"}, + {PJ_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256"}, + {PJ_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS_RSA_WITH_AES_256_CBC_SHA256"}, + {PJ_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, + {PJ_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, + {PJ_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, + {PJ_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, + {PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"}, + {PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"}, + {PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"}, + {PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"}, + {PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"}, + {PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"}, + {PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"}, + {PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"}, + {PJ_TLS_DH_DSS_WITH_AES_128_CBC_SHA256, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"}, + {PJ_TLS_DH_RSA_WITH_AES_128_CBC_SHA256, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"}, + {PJ_TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"}, + {PJ_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"}, + {PJ_TLS_DH_DSS_WITH_AES_256_CBC_SHA256, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"}, + {PJ_TLS_DH_RSA_WITH_AES_256_CBC_SHA256, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"}, + {PJ_TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"}, + {PJ_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"}, + {PJ_TLS_DH_anon_WITH_RC4_128_MD5, "TLS_DH_anon_WITH_RC4_128_MD5"}, + {PJ_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"}, + {PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA, "TLS_DH_anon_WITH_AES_128_CBC_SHA"}, + {PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA, "TLS_DH_anon_WITH_AES_256_CBC_SHA"}, + {PJ_TLS_DH_anon_WITH_AES_128_CBC_SHA256, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"}, + {PJ_TLS_DH_anon_WITH_AES_256_CBC_SHA256, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"}, /* TLS (deprecated) */ - {TLS_RSA_EXPORT_WITH_RC4_40_MD5, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"}, - {TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, - {TLS_RSA_WITH_IDEA_CBC_SHA, "TLS_RSA_WITH_IDEA_CBC_SHA"}, - {TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {TLS_RSA_WITH_DES_CBC_SHA, "TLS_RSA_WITH_DES_CBC_SHA"}, - {TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {TLS_DH_DSS_WITH_DES_CBC_SHA, "TLS_DH_DSS_WITH_DES_CBC_SHA"}, - {TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {TLS_DH_RSA_WITH_DES_CBC_SHA, "TLS_DH_RSA_WITH_DES_CBC_SHA"}, - {TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {TLS_DHE_DSS_WITH_DES_CBC_SHA, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, - {TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, - {TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"}, - {TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, - {TLS_DH_anon_WITH_DES_CBC_SHA, "TLS_DH_anon_WITH_DES_CBC_SHA"}, + {PJ_TLS_RSA_EXPORT_WITH_RC4_40_MD5, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"}, + {PJ_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, + {PJ_TLS_RSA_WITH_IDEA_CBC_SHA, "TLS_RSA_WITH_IDEA_CBC_SHA"}, + {PJ_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {PJ_TLS_RSA_WITH_DES_CBC_SHA, "TLS_RSA_WITH_DES_CBC_SHA"}, + {PJ_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, + {PJ_TLS_DH_DSS_WITH_DES_CBC_SHA, "TLS_DH_DSS_WITH_DES_CBC_SHA"}, + {PJ_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {PJ_TLS_DH_RSA_WITH_DES_CBC_SHA, "TLS_DH_RSA_WITH_DES_CBC_SHA"}, + {PJ_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, + {PJ_TLS_DHE_DSS_WITH_DES_CBC_SHA, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, + {PJ_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {PJ_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, + {PJ_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"}, + {PJ_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, + {PJ_TLS_DH_anon_WITH_DES_CBC_SHA, "TLS_DH_anon_WITH_DES_CBC_SHA"}, /* SSLv3 */ - {SSL_FORTEZZA_KEA_WITH_NULL_SHA, "SSL_FORTEZZA_KEA_WITH_NULL_SHA"}, - {SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA,"SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, - {SSL_FORTEZZA_KEA_WITH_RC4_128_SHA, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, + {PJ_SSL_FORTEZZA_KEA_WITH_NULL_SHA, "SSL_FORTEZZA_KEA_WITH_NULL_SHA"}, + {PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA,"SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, + {PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, /* SSLv2 */ - {SSL_CK_RC4_128_WITH_MD5, "SSL_CK_RC4_128_WITH_MD5"}, - {SSL_CK_RC4_128_EXPORT40_WITH_MD5, "SSL_CK_RC4_128_EXPORT40_WITH_MD5"}, - {SSL_CK_RC2_128_CBC_WITH_MD5, "SSL_CK_RC2_128_CBC_WITH_MD5"}, - {SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5"}, - {SSL_CK_IDEA_128_CBC_WITH_MD5, "SSL_CK_IDEA_128_CBC_WITH_MD5"}, - {SSL_CK_DES_64_CBC_WITH_MD5, "SSL_CK_DES_64_CBC_WITH_MD5"}, - {SSL_CK_DES_192_EDE3_CBC_WITH_MD5, "SSL_CK_DES_192_EDE3_CBC_WITH_MD5"} + {PJ_SSL_CK_RC4_128_WITH_MD5, "SSL_CK_RC4_128_WITH_MD5"}, + {PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5, "SSL_CK_RC4_128_EXPORT40_WITH_MD5"}, + {PJ_SSL_CK_RC2_128_CBC_WITH_MD5, "SSL_CK_RC2_128_CBC_WITH_MD5"}, + {PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, "SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5"}, + {PJ_SSL_CK_IDEA_128_CBC_WITH_MD5, "SSL_CK_IDEA_128_CBC_WITH_MD5"}, + {PJ_SSL_CK_DES_64_CBC_WITH_MD5, "SSL_CK_DES_64_CBC_WITH_MD5"}, + {PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5, "SSL_CK_DES_192_EDE3_CBC_WITH_MD5"} }; @@ -146,7 +146,8 @@ PJ_DEF(const char*) pj_ssl_cipher_name(pj_ssl_cipher cipher) -PJ_DEF(pj_status_t) pj_ssl_cert_verify_error_st(pj_uint32_t verify_status, +PJ_DEF(pj_status_t) pj_ssl_cert_get_verify_status_strings( + pj_uint32_t verify_status, const char *error_strings[], unsigned *count) { diff --git a/pjlib/src/pj/ssl_sock_dump.c b/pjlib/src/pj/ssl_sock_dump.c index 45a6f7ee..225897ff 100644 --- a/pjlib/src/pj/ssl_sock_dump.c +++ b/pjlib/src/pj/ssl_sock_dump.c @@ -27,16 +27,17 @@ #define THIS_FILE "ssl_sock_dump.c" -#define CHECK_BUF_LEN() \ - if ((len < 0) || ((p+=len) >= end)) { \ - *(p-1) = '\0'; \ - return PJ_ETOOSMALL; \ - } - -PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, - const char *prefix, - char *buf, - pj_size_t buf_size) +#define CHECK_BUF_LEN() \ + if ((len < 0) || (len >= end-p)) { \ + *p = '\0'; \ + return -1; \ + } \ + p += len; + +PJ_DEF(pj_ssize_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, + const char *indent, + char *buf, + pj_size_t buf_size) { const char *wdays[] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"}; pj_parsed_time pt1; @@ -53,11 +54,11 @@ PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, /* Version */ len = pj_ansi_snprintf(p, end-p, "%sVersion : v%d\n", - prefix, ci->version); + indent, ci->version); CHECK_BUF_LEN(); /* Serial number */ - len = pj_ansi_snprintf(p, end-p, "%sSerial : ", prefix); + len = pj_ansi_snprintf(p, end-p, "%sSerial : ", indent); CHECK_BUF_LEN(); for (i = 0; i < sizeof(ci->serial_no) && !ci->serial_no[i]; ++i); @@ -68,35 +69,35 @@ PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, *(p-1) = '\n'; /* Subject */ - len = pj_ansi_snprintf( p, end-p, "%sSubject : %.*s\n", prefix, + len = pj_ansi_snprintf( p, end-p, "%sSubject : %.*s\n", indent, ci->subject.cn.slen, ci->subject.cn.ptr); CHECK_BUF_LEN(); - len = pj_ansi_snprintf( p, end-p, "%s %.*s\n", prefix, + len = pj_ansi_snprintf( p, end-p, "%s %.*s\n", indent, ci->subject.info.slen, ci->subject.info.ptr); CHECK_BUF_LEN(); /* Issuer */ - len = pj_ansi_snprintf( p, end-p, "%sIssuer : %.*s\n", prefix, + len = pj_ansi_snprintf( p, end-p, "%sIssuer : %.*s\n", indent, ci->issuer.cn.slen, ci->issuer.cn.ptr); CHECK_BUF_LEN(); - len = pj_ansi_snprintf( p, end-p, "%s %.*s\n", prefix, + len = pj_ansi_snprintf( p, end-p, "%s %.*s\n", indent, ci->issuer.info.slen, ci->issuer.info.ptr); CHECK_BUF_LEN(); /* Validity period */ len = pj_ansi_snprintf( p, end-p, "%sValid from : %s %4d-%02d-%02d " - "%02d:%02d:%02d.%03d %s\n", prefix, + "%02d:%02d:%02d.%03d %s\n", indent, wdays[pt1.wday], pt1.year, pt1.mon+1, pt1.day, pt1.hour, pt1.min, pt1.sec, pt1.msec, (ci->validity.gmt? "GMT":"")); CHECK_BUF_LEN(); len = pj_ansi_snprintf( p, end-p, "%sValid to : %s %4d-%02d-%02d " - "%02d:%02d:%02d.%03d %s\n", prefix, + "%02d:%02d:%02d.%03d %s\n", indent, wdays[pt2.wday], pt2.year, pt2.mon+1, pt2.day, pt2.hour, pt2.min, pt2.sec, pt2.msec, (ci->validity.gmt? "GMT":"")); @@ -107,7 +108,7 @@ PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, unsigned i; len = pj_ansi_snprintf(p, end-p, "%ssubjectAltName extension\n", - prefix); + indent); CHECK_BUF_LEN(); for (i = 0; i < ci->subj_alt_name.cnt; ++i) { @@ -130,7 +131,7 @@ PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, break; } if (type) { - len = pj_ansi_snprintf( p, end-p, "%s %s : %.*s\n", prefix, + len = pj_ansi_snprintf( p, end-p, "%s %s : %.*s\n", indent, type, ci->subj_alt_name.entry[i].name.slen, ci->subj_alt_name.entry[i].name.ptr); @@ -139,7 +140,7 @@ PJ_DEF(pj_status_t) pj_ssl_cert_info_dump(const pj_ssl_cert_info *ci, } } - return PJ_SUCCESS; + return (p-buf); } diff --git a/pjlib/src/pj/ssl_sock_symbian.cpp b/pjlib/src/pj/ssl_sock_symbian.cpp index ab808f62..65916d73 100644 --- a/pjlib/src/pj/ssl_sock_symbian.cpp +++ b/pjlib/src/pj/ssl_sock_symbian.cpp @@ -444,13 +444,12 @@ struct pj_ssl_sock_t }; -static pj_str_t get_cert_name(pj_pool_t *pool, +static pj_str_t get_cert_name(char *buf, unsigned buf_len, const CX500DistinguishedName &name) { TInt i; - char buf[1024]; TUint8 *p; - TInt l = sizeof(buf); + TInt l = buf_len; p = (TUint8*)buf; for(i = 0; i < name.Count(); ++i) { @@ -479,11 +478,10 @@ static pj_str_t get_cert_name(pj_pool_t *pool, if (0 >= --l) break; } - pj_str_t src, res; - pj_strset(&src, buf, sizeof(buf) - l); - pj_strdup(pool, &res, &src); + pj_str_t src; + pj_strset(&src, buf, buf_len - l); - return res; + return src; } /* Get certificate info from CX509Certificate. @@ -491,10 +489,14 @@ static pj_str_t get_cert_name(pj_pool_t *pool, static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, const CX509Certificate *x) { + enum { tmp_buf_len = 512 }; + char *tmp_buf; unsigned len; pj_assert(pool && ci && x); + /* Init */ + tmp_buf = new char[tmp_buf_len]; pj_bzero(ci, sizeof(*ci)); /* Version */ @@ -518,7 +520,9 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, ptr8.Copy(ptr16); pj_strset(&ci->subject.cn, (char*)ptr8.Ptr(), ptr8.Length()); } - ci->subject.info = get_cert_name(pool, x->SubjectName()); + pj_str_t tmp = get_cert_name(tmp_buf, tmp_buf_len, + x->SubjectName()); + pj_strdup(pool, &ci->subject.info, &tmp); } /* Issuer */ @@ -532,7 +536,9 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, ptr8.Copy(ptr16); pj_strset(&ci->issuer.cn, (char*)ptr8.Ptr(), ptr8.Length()); } - ci->issuer.info = get_cert_name(pool, x->IssuerName()); + pj_str_t tmp = get_cert_name(tmp_buf, tmp_buf_len, + x->IssuerName()); + pj_strdup(pool, &ci->issuer.info, &tmp); } /* Validity */ @@ -543,6 +549,9 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, ci->validity.start.sec = tmp_sec.Int(); valid_period.Finish().SecondsFrom(base_time, tmp_sec); ci->validity.end.sec = tmp_sec.Int(); + + /* Deinit */ + delete [] tmp_buf; } diff --git a/pjlib/src/pjlib-test/ssl_sock.c b/pjlib/src/pjlib-test/ssl_sock.c index 6e0d4515..68769501 100644 --- a/pjlib/src/pjlib-test/ssl_sock.c +++ b/pjlib/src/pjlib-test/ssl_sock.c @@ -107,8 +107,8 @@ static void dump_ssl_info(const pj_ssl_sock_info *si) /* Dump remote TLS certificate verification result */ verif_msg_cnt = PJ_ARRAY_SIZE(verif_msgs); - pj_ssl_cert_verify_error_st(si->verify_status, - verif_msgs, &verif_msg_cnt); + pj_ssl_cert_get_verify_status_strings(si->verify_status, + verif_msgs, &verif_msg_cnt); PJ_LOG(3,("", ".....Remote certificate verification result: %s", (verif_msg_cnt == 1? verif_msgs[0]:""))); if (verif_msg_cnt > 1) { @@ -1153,44 +1153,44 @@ int ssl_sock_test(void) #ifndef PJ_SYMBIAN - PJ_LOG(3,("", "..echo test w/ TLSv1 and TLS_RSA_WITH_DES_CBC_SHA cipher")); + PJ_LOG(3,("", "..echo test w/ TLSv1 and PJ_TLS_RSA_WITH_DES_CBC_SHA cipher")); ret = echo_test(PJ_SSL_SOCK_PROTO_TLS1, PJ_SSL_SOCK_PROTO_TLS1, - TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, + PJ_TLS_RSA_WITH_DES_CBC_SHA, PJ_TLS_RSA_WITH_DES_CBC_SHA, PJ_FALSE, PJ_FALSE); if (ret != 0) return ret; - PJ_LOG(3,("", "..echo test w/ SSLv23 and TLS_RSA_WITH_AES_256_CBC_SHA cipher")); + PJ_LOG(3,("", "..echo test w/ SSLv23 and PJ_TLS_RSA_WITH_AES_256_CBC_SHA cipher")); ret = echo_test(PJ_SSL_SOCK_PROTO_SSL23, PJ_SSL_SOCK_PROTO_SSL23, - TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, + PJ_TLS_RSA_WITH_AES_256_CBC_SHA, PJ_TLS_RSA_WITH_AES_256_CBC_SHA, PJ_FALSE, PJ_FALSE); if (ret != 0) return ret; PJ_LOG(3,("", "..echo test w/ incompatible proto")); ret = echo_test(PJ_SSL_SOCK_PROTO_TLS1, PJ_SSL_SOCK_PROTO_SSL3, - TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, + PJ_TLS_RSA_WITH_DES_CBC_SHA, PJ_TLS_RSA_WITH_DES_CBC_SHA, PJ_FALSE, PJ_FALSE); if (ret == 0) return PJ_EBUG; PJ_LOG(3,("", "..echo test w/ incompatible ciphers")); ret = echo_test(PJ_SSL_SOCK_PROTO_DEFAULT, PJ_SSL_SOCK_PROTO_DEFAULT, - TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, + PJ_TLS_RSA_WITH_DES_CBC_SHA, PJ_TLS_RSA_WITH_AES_256_CBC_SHA, PJ_FALSE, PJ_FALSE); if (ret == 0) return PJ_EBUG; PJ_LOG(3,("", "..echo test w/ client cert required but not provided")); ret = echo_test(PJ_SSL_SOCK_PROTO_DEFAULT, PJ_SSL_SOCK_PROTO_DEFAULT, - TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, + PJ_TLS_RSA_WITH_AES_256_CBC_SHA, PJ_TLS_RSA_WITH_AES_256_CBC_SHA, PJ_TRUE, PJ_FALSE); if (ret == 0) return PJ_EBUG; PJ_LOG(3,("", "..echo test w/ client cert required and provided")); ret = echo_test(PJ_SSL_SOCK_PROTO_DEFAULT, PJ_SSL_SOCK_PROTO_DEFAULT, - TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, + PJ_TLS_RSA_WITH_AES_256_CBC_SHA, PJ_TLS_RSA_WITH_AES_256_CBC_SHA, PJ_TRUE, PJ_TRUE); if (ret != 0) return ret; |